W^X in the PyPy JIT?
Hi! Recently OpenBSD has started enforcing W^X [1] for all programs, unless the program is on a file system with a special 'wxallowed' flag. Regardless of the flag, a message is emitted to the dmesg buffer. Starting PyPy will emit such a message: pypy(62301): mmap W^X violation I suppose the memory the JIT is using for traces has been mapped W+X? Assuming this is the case, the security of PyPy (on all platforms) could be improved by mapping the memory W during trace compilation, and then re-mapping the memory X once compilation is complete. Of course, it might not be the JIT at all... Cheers [1] https://en.wikipedia.org/wiki/W%5EX -- Best Regards Edd Barrett http://www.theunixzoo.co.uk
Hi Edd, On 9 June 2016 at 17:19, Edd Barrett <edd@theunixzoo.co.uk> wrote:
Recently OpenBSD has started enforcing W^X [1] for all programs, unless the program is on a file system with a special 'wxallowed' flag.
We already saw the "W^X" issue. A possible solution would be indeed for the JIT to map W when it compiles and then X "when it's done", except that it is never done, as there are various places that can be patched at various point (including jump targets, and now also some young GC pointers that are replaced with their old equivalent during the next minor collection). It's not completely easy to do. It's not impossible, though. Patches welcome. A bientôt, Armin.
participants (2)
-
Armin Rigo
-
Edd Barrett