[Vm-dev] nuSqueak source
Eliot Miranda
eliot.miranda at gmail.com
Fri Oct 30 18:39:14 UTC 2020
> On Oct 30, 2020, at 4:39 AM, K K Subbu <kksubbu.ml at gmail.com> wrote:
>
> On 29/10/20 9:01 pm, Eliot Miranda wrote:
>> The OS can impose radically different constraints on the JIT. In Mankato it is impossible to derive an executable region from mmap that is at the same time writable. On MacOS it is possible, but the VM needs a capability conveyed through its Info.plist and baked in when the app bundle is signed.
>
> doesn't PROT_EXEC imply PROT_READ? a region with write|exec would essentially be equivalent to an unprotected one.
I believe not. I think an instruction fetch is different at the bus
level from a normal read. I could be wrong. There are strong security
reasons why this should be the case.
The manual page says
The protections (region accessibility) are specified in the prot argument
by or'ing the following values:
PROT_NONE Pages may not be accessed.
PROT_READ Pages may be read.
PROT_WRITE Pages may be written.
PROT_EXEC Pages may be executed.
Note that, due to hardware limitations, on some platforms PROT_WRITE may
imply PROT_READ, and PROT_READ may imply PROT_EXEC. Portable programs
should not rely on these flags being separately enforcable.
Note that it does *not* say that due to hardware limitations PROT_EXEC
may imply PROT_READ :-)
>> Other linuxes for Pi4 May impose different constraints. As I only have these two variants I need your help in dealing with differing constraints on these other platforms.
>
> I don't have a RP 4 board to test the Ubuntu aarch64 (COVID-19 lockdown constraints). Sorry :-(.
They're inexpensive and fun.
>
> Regards .. Subbu
More information about the Vm-dev
mailing list