[LLVMdev] mmap and vm_protect on ARM+Apple systems
Kaylor, Andrew
andrew.kaylor at intel.com
Mon Nov 19 10:10:05 PST 2012
Thanks, David.
Is that what is being done in the Memory::AllocateRWX code (in lib/Support/Unix/Memory.inc)?
-Andy
-----Original Message-----
From: Dr D. Chisnall [mailto:dc552 at hermes.cam.ac.uk] On Behalf Of David Chisnall
Sent: Saturday, November 17, 2012 9:56 AM
To: Kaylor, Andrew
Cc: Jim Grosbach; llvmdev at cs.uiuc.edu List
Subject: Re: [LLVMdev] mmap and vm_protect on ARM+Apple systems
On 17 Nov 2012, at 00:12, Kaylor, Andrew wrote:
> My best guess is that this is trying to set up something that's actually backed by two pages where whatever is written to the RW page will be copied to the RX page, though if that's possible it would seem to defeat the purpose of not allowing RWX.
The correct way of implementing this is to have one physical page mapped to two locations in virtual memory. One is writeable, the other is read + execute. This does not defeat the point of W^X, because you must find both pointers to be able to exploit it, rather than just one. This is really how JIT'd memory maps should be created on all platforms, as it allows you to use the memory without significant fragmentation (i.e. you don't need a whole page per function) and it makes it much harder to exploit the JIT'd code.
David
More information about the llvm-dev
mailing list