> I do like us starting with just "mimmutable()", since it already > exists. Particularly if chrome already knows how to use it. > > Maybe add a flag field (require it to be zero initially) just to allow > any future expansion. Maybe the chrome team has *wanted* to have some > finer granularity thing and currently doesn't use mimmutable() in some > case? Yes, we do have a use case in Chrome to split the sealing into unmap and mprotect which will allow us to seal additional pages that we can't seal with pure mimmutable(). For example, we have pkey-tagged RWX memory that we want to seal. Since the memory is already RWX and the pkey controls write access, we don't care about permission changes but sometimes we do need to mprotect data only pages. But the munmap sealing will provide protection against implicit changes of the pkey in this case which would happen if a page gets unmapped and another mapped in its place.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
