On Oct 30, 2020, at 4:39 AM, K K Subbu kksubbu.ml@gmail.com wrote:
On 29/10/20 9:01 pm, Eliot Miranda wrote:
The OS can impose radically different constraints on the JIT. In Mankato it is impossible to derive an executable region from mmap that is at the same time writable. On MacOS it is possible, but the VM needs a capability conveyed through its Info.plist and baked in when the app bundle is signed.
doesn't PROT_EXEC imply PROT_READ? a region with write|exec would essentially be equivalent to an unprotected one.
I believe not. I think an instruction fetch is different at the bus level from a normal read. I could be wrong. There are strong security reasons why this should be the case.
The manual page says
The protections (region accessibility) are specified in the prot argument by or'ing the following values:
PROT_NONE Pages may not be accessed. PROT_READ Pages may be read. PROT_WRITE Pages may be written. PROT_EXEC Pages may be executed.
Note that, due to hardware limitations, on some platforms PROT_WRITE may imply PROT_READ, and PROT_READ may imply PROT_EXEC. Portable programs should not rely on these flags being separately enforcable.
Note that it does *not* say that due to hardware limitations PROT_EXEC may imply PROT_READ :-)
Other linuxes for Pi4 May impose different constraints. As I only have these two variants I need your help in dealing with differing constraints on these other platforms.
I don't have a RP 4 board to test the Ubuntu aarch64 (COVID-19 lockdown constraints). Sorry :-(.
They're inexpensive and fun.
Regards .. Subbu