| Message ID | 20230625231751.404120-2-bugaevc@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [1/5] htl: Let Mach place thread stacks | expand |
Applied, thanks! Sergey Bugaev via Libc-alpha, le lun. 26 juin 2023 02:17:48 +0300, a ecrit: > The rest of the heap (backed by individual pages) is already mapped RW. > Mapping these pages RWX presents a security hazard. > > Also, in another branch memory gets allocated using vm_allocate, which > sets memory protection to VM_PROT_DEFAULT (which is RW). The mismatch > between protections prevents Mach from coalescing the VM map entries. > > Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> > --- > sysdeps/mach/hurd/brk.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/sysdeps/mach/hurd/brk.c b/sysdeps/mach/hurd/brk.c > index f1349495..3a335194 100644 > --- a/sysdeps/mach/hurd/brk.c > +++ b/sysdeps/mach/hurd/brk.c > @@ -106,7 +106,7 @@ _hurd_set_brk (vm_address_t addr) > /* First finish allocation. */ > err = __vm_protect (__mach_task_self (), pagebrk, > alloc_start - pagebrk, 0, > - VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE); > + VM_PROT_READ|VM_PROT_WRITE); > if (! err) > _hurd_brk = alloc_start; > > @@ -120,7 +120,7 @@ _hurd_set_brk (vm_address_t addr) > else > /* Make the memory accessible. */ > err = __vm_protect (__mach_task_self (), pagebrk, pagend - pagebrk, > - 0, VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE); > + 0, VM_PROT_READ|VM_PROT_WRITE); > > if (err) > return __hurd_fail (err); > -- > 2.41.0 >
diff --git a/sysdeps/mach/hurd/brk.c b/sysdeps/mach/hurd/brk.c index f1349495..3a335194 100644 --- a/sysdeps/mach/hurd/brk.c +++ b/sysdeps/mach/hurd/brk.c @@ -106,7 +106,7 @@ _hurd_set_brk (vm_address_t addr) /* First finish allocation. */ err = __vm_protect (__mach_task_self (), pagebrk, alloc_start - pagebrk, 0, - VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE); + VM_PROT_READ|VM_PROT_WRITE); if (! err) _hurd_brk = alloc_start; @@ -120,7 +120,7 @@ _hurd_set_brk (vm_address_t addr) else /* Make the memory accessible. */ err = __vm_protect (__mach_task_self (), pagebrk, pagend - pagebrk, - 0, VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE); + 0, VM_PROT_READ|VM_PROT_WRITE); if (err) return __hurd_fail (err);
The rest of the heap (backed by individual pages) is already mapped RW. Mapping these pages RWX presents a security hazard. Also, in another branch memory gets allocated using vm_allocate, which sets memory protection to VM_PROT_DEFAULT (which is RW). The mismatch between protections prevents Mach from coalescing the VM map entries. Signed-off-by: Sergey Bugaev <bugaevc@gmail.com> --- sysdeps/mach/hurd/brk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)