Re: CVS commit: src/sys/arch/mips/include

To: Alexander Nasonov <alnsn%yandex.ru@localhost>
Subject: Re: CVS commit: src/sys/arch/mips/include
From: Matt Thomas <matt%3am-software.com@localhost>
Date: Tue, 22 Jul 2014 14:41:44 -0700

On Jul 22, 2014, at 2:40 PM, Alexander Nasonov <alnsn%yandex.ru@localhost> 
wrote:

> Matt Thomas wrote:
>> 
>> On Jul 22, 2014, at 2:27 PM, Alexander Nasonov <alnsn%yandex.ru@localhost> 
>> wrote:
>>> I allocate with the X flag and it seems to work:
>>> 
>>> /* in sljitExecAllocator.c */
>>>       return (void *)uvm_km_alloc(module_map, size,
>>>           PAGE_SIZE, UVM_KMF_WIRED | UVM_KMF_ZERO | UVM_KMF_EXEC);
>> 
>> ok.  Then you need don't a hook for cache flushing
>> 
>> pmap_protect(vm_map_pamp(module_map), va, size) will do that for you.
>> At least for arm/mips/ppc/vax.  (e.g. changing a writeable exec page
>> to read-only automatically causes it exec cleaned).
> 
> sljit allocates 64K exec chucks which are managed by a special allocator.
> You need to run pmap_protect for each chunk. I think it's cheaper to
> flush icache.

Maybe.  But I'd prefer executable code to be in read-only pages so that
malicious code can't be placed in them and executed.  I think trading
space for security is a valid tradeoff.

Follow-Ups:
- Re: CVS commit: src/sys/arch/mips/include
  - From: Alexander Nasonov

References:
- Re: CVS commit: src/sys/arch/mips/include
  - From: Matt Thomas
- Re: CVS commit: src/sys/arch/mips/include
  - From: Alexander Nasonov
- Re: CVS commit: src/sys/arch/mips/include
  - From: Matt Thomas
- Re: CVS commit: src/sys/arch/mips/include
  - From: Alexander Nasonov

Prev by Date: Re: CVS commit: src/sys/arch/mips/include
Next by Date: Re: CVS commit: src/sys/arch/mips/include
Previous by Thread: Re: CVS commit: src/sys/arch/mips/include
Next by Thread: Re: CVS commit: src/sys/arch/mips/include
Indexes:

Home | Main Index | Thread Index | Old Index