[llvm] [llvm][Support][Memory] Add memfd based fallback for strict W^X Linux systems (PR #98538)
via llvm-commits
llvm-commits at lists.llvm.org
Thu Jul 25 09:01:46 PDT 2024
================
@@ -177,6 +181,78 @@ std::error_code Memory::protectMappedMemory(const MemoryBlock &M,
alignAddr((const uint8_t *)M.Address + M.AllocatedSize, PageSize);
bool InvalidateCache = (Flags & MF_EXEC);
+ bool SkipMprotect = false;
+
+#if defined(__linux__)
+ // Check for cases where the EXEC protection flag changes and a possible
+ // strict W^X policy cannot be bypassed via mprotect() alone, e.g. under
+ // PaX's MPROTECT or SELinux's deny_execmem.
+ //
+ // To support such systems, we need to create a fresh mapping with the
+ // target protection flags.
+ if ((M.Flags ^ Flags) & MF_EXEC && execProtChangeNeedsNewMapping()) {
+ static unsigned int flags = MFD_CLOEXEC | MFD_EXEC;
+ class FDWrapper {
----------------
minipli-oss wrote:
Hmm, `raw_fd_ostream` might be something. Albeit it still does a little bit too much (` lseek()` and `fstat()` in its constructor). But it's close, will look further. Thanks for making me look again!
https://github.com/llvm/llvm-project/pull/98538
More information about the llvm-commits
mailing list