This is the mail archive of the
libffi-discuss@sourceware.org
mailing list for the libffi project.
Re: Avoid stack/heap executable memory
- From: Jay <jay dot krell at cornell dot edu>
- To: Anthony Green <green at moxielogic dot com>
- Cc: Andrew Haley <aph at redhat dot com>, Richard Henderson <rth at redhat dot com>, "libffi-discuss at sourceware dot org" <libffi-discuss at sourceware dot org>
- Date: Wed, 4 May 2016 09:14:10 -0700
- Subject: Re: Avoid stack/heap executable memory
- Authentication-results: sourceware.org; auth=none
- References: <1462310910 dot 16919 dot 2 dot camel at gmail dot com> <84bfffeb-8172-85fd-6631-d2199eb21d94 at redhat dot com> <5729CC44 dot 10601 at redhat dot com> <CACxje59nefxc_9ZtO7xMSEYsr+igrYe0mzx91GgCJCgHM4242g at mail dot gmail dot com>
That is quite slow, incurring no-execute traps.
- Jay
On May 4, 2016, at 5:42 AM, Anthony Green <green@moxielogic.com> wrote:
> Can't there be special kernel support for this kind of situation?
> Like https://pax.grsecurity.net/docs/emutramp.txt
>
> (resent because original was bounced by sourceware)
>
> AG
>
> On Wed, May 4, 2016 at 6:17 AM, Andrew Haley <aph@redhat.com> wrote:
>> On 05/04/2016 12:32 AM, Richard Henderson wrote:
>>> Of course, this will change the ABI, but I think we can work around that (at
>>> least for ELF with symbol versioning), and also preserve the API. Of course,
>>> there's a *lot* that can be cleaned up if we're willing to change the API...
>>
>> For a long while now I've wanted to go in the opposite direction: to
>> use a small JIT compiler to generate efficient code for invocations in
>> both directions. It doesn't have to be very complicated, and once
>> you've generated code for any particular set of arguments that shim
>> can be cached for use by any function with the same argument types.
>> This could either use an existing JIT library or a custom JIT created
>> just for libffi. It would often be way more efficient than what we do
>> at present.
>>
>> But it would keep bumping up against the "no executable and writable
>> memory!" meme. Of course security is important, but I can't help
>> thinking that by being rigid about this we're performing a DOS attack
>> on ourselves.
>>
>> Andrew.