On 21.03.2019 21:04, Matthew Garrett wrote:
On Thu, Mar 21, 2019 at 4:48 AM Igor Zhbanov <i.zhbanov@xxxxxxxxxxxx> wrote:
Along with disabling creating anonymous executable pages at all since
is is hardly needed for the system services for normal work.
Is this true? Do no JIT compilers behave this way?
Well, besides JIT I've scanned all /proc/PID/maps of my web-server and didn't
find any process with mapped anonymous executable pages.
As for JIT I suppose we could use prctl or something else to allow having
anonymous executable pages.
I'm pondering about some system-wide (or processes subtree-wide) default
setting controlling whether it is allowed to have anonymous pages by default,
and then some mechanism to turn it on/off on a per-process bases. Perhaps
with some locking preventing reenabling after it was dropped.
And what do you think about it?