[PATCH] D78574: Do not map read-only data memory sections with EXECUTE flags.
David Turner via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Apr 21 10:14:52 PDT 2020
digit created this revision.
digit added reviewers: sanjoy, loladiro.
Herald added subscribers: llvm-commits, hiraditya.
Herald added a project: LLVM.
The code in SectionMemoryManager.cpp unnecessarily maps
read-only data sections with the READ+EXECUTE flags. This is
undesirable from a security stand-point.
Moreover, on the Fuchsia platform, which is now very strict
about mapping pages with the EXECUTE permission, this simply
fails, because the section's pages were initially allocated
with only the READ+WRITE flags.
A more detailed description of the issue can be found in this
public SwiftShader bug:
https://issuetracker.google.com/issues/154586551
This patch just restrict the mapping to the READ flag for ROData
sections. Code sections are still mapped with READ+EXECUTE as
expected.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D78574
Files:
llvm/lib/ExecutionEngine/SectionMemoryManager.cpp
Index: llvm/lib/ExecutionEngine/SectionMemoryManager.cpp
===================================================================
--- llvm/lib/ExecutionEngine/SectionMemoryManager.cpp
+++ llvm/lib/ExecutionEngine/SectionMemoryManager.cpp
@@ -152,8 +152,7 @@
}
// Make read-only data memory read-only.
- ec = applyMemoryGroupPermissions(RODataMem,
- sys::Memory::MF_READ | sys::Memory::MF_EXEC);
+ ec = applyMemoryGroupPermissions(RODataMem, sys::Memory::MF_READ);
if (ec) {
if (ErrMsg) {
*ErrMsg = ec.message();
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D78574.259038.patch
Type: text/x-patch
Size: 566 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200421/3423ee43/attachment.bin>
More information about the llvm-commits
mailing list