From: Will Deacon <will.deacon@arm.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v2] mprotect04: Support execute-only page access permissions
Date: Thu, 21 Feb 2019 15:01:37 +0000 [thread overview]
Message-ID: <20190221150137.GA13320@fuggles.cambridge.arm.com> (raw)
In-Reply-To: <CAEemH2dx8q9u2bSwrGE3Li72shOMtsQQECRT_MftOdUqcOPQzA@mail.gmail.com>
On Wed, Feb 20, 2019 at 03:59:57PM +0800, Li Wang wrote:
> On Wed, Feb 20, 2019 at 8:21 AM Daniel Mentz <danielmentz@google.com> wrote:
> No, execute-only page access permissions don't need any special
> configuration. They have been introduced by the following commit:
>
> "arm64: Introduce execute-only page access permissions"
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?
> id=cab15ce604e550020bb7115b779013b91bcdbc21
>
> /proc//maps for my mprotect04 executable looks as follows:
>
> 6458f5e000-6458f62000 r--p 00000000 fd:06 11691 /
> data/local/tmp/mprotect04
> 6458f62000-6458f67000 --xp 00004000 fd:06 11691 /
> data/local/tmp/mprotect04
> 6458f67000-6458f6a000 rw-p 00009000 fd:06 11691 /
> data/local/tmp/mprotect04
> 6458f6a000-6458f6d000 rw-p 00000000 00:00 0
> 70c5cc0000-70c5d11000 ---p 00000000 00:00 0
>
> The notable difference are the access permissions of the second VMA which
> are "--xp". In your case, the permissions were "r-xp", hence reading was
> allowed in addition to execution. I should also note that most other
> binaries on my device like /system/bin/sh don't have the execute-only
> mapping "--xp". Instead, they only have an "r-xp" VMA like your mprotect04.
> In the end, I couldn't find out why there's a difference. Objdump and
> readelf both show that the respective segment is execute-only, but it's
> somehow still mapped readable and executable:
>
>
> Not sure if that's a issue or intentional in design, Cc'ing Deacon and Catalin
> to have look.
I suspect this depends on the flags that are emitted in the program header
by your compiler. What does objdump -p say for your binary?
Will
next prev parent reply other threads:[~2019-02-21 15:01 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-12 0:00 [LTP] [PATCH v2] mprotect04: Support execute-only page access permissions Daniel Mentz
2019-02-19 13:34 ` Li Wang
2019-02-20 0:21 ` Daniel Mentz
2019-02-20 7:59 ` Li Wang
2019-02-21 15:01 ` Will Deacon [this message]
2019-02-21 20:43 ` Daniel Mentz
2019-02-22 3:13 ` Li Wang
2019-02-22 11:16 ` Will Deacon
2019-02-25 7:39 ` Jan Stancek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190221150137.GA13320@fuggles.cambridge.arm.com \
--to=will.deacon@arm.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.