<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 7/17/12 10:07 PM, Josh Haberman
wrote:<br>
</div>
<blockquote
cite="mid:CAOM7maw+qfGzZ8miCy_kiJyiCDppgJC4PWGBEh3XjP3g+=QKAA@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
I noticed that JITMemoryManager allocates its slabs as rwx. Isn't
it a security problem to have memory mapped as both writable and
executable? I think JITs often avoid this by mapping their memory
as rw, then switching it to rx once the data has been written. I
was facing a similar problem in a JIT of my own and was curious to
see how LLVM addresses this issue.</blockquote>
<br>
I don't work on or with the LLVM JIT, but I do work on memory
safety, so I think I can comment.<br>
<br>
First, I suspect that the choice to leave rwx memory lying around is
for convenience and performance. Having to toggle page protections
takes time as it requires a system call and some TLB
flushes/changes, so I am not surprised that the JIT does not do it.
There are other designs that might mitigate this (e.g., running the
JIT in a separate process from the C code so that each have
different MMU mappings of the same physical memory), but these
designs may have other performance issues. I'll let someone more
familiar with JIT design discuss that.<br>
<br>
Second, if you're using the JIT to run memory-unsafe programs (such
as C programs), having writable and executable memory may not make
matters too much worse than they would be otherwise. Return-to-libc
and Return Oriented Programming attacks are effective and do not
require writable memory. If you're not using some mitigation
technique (e.g., SAFECode or a version of control-flow integrity
that doesn't depend on non-wx memory), you have no real security.<br>
<br>
-- John T.<br>
<br>
<blockquote
cite="mid:CAOM7maw+qfGzZ8miCy_kiJyiCDppgJC4PWGBEh3XjP3g+=QKAA@mail.gmail.com"
type="cite">
<div>
<br>
</div>
<div>Thanks,</div>
<div>Josh</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
LLVM Developers mailing list
<a class="moz-txt-link-abbreviated" href="mailto:LLVMdev@cs.uiuc.edu">LLVMdev@cs.uiuc.edu</a> <a class="moz-txt-link-freetext" href="http://llvm.cs.uiuc.edu">http://llvm.cs.uiuc.edu</a>
<a class="moz-txt-link-freetext" href="http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev">http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>