On 08/10, Denys Vlasenko wrote: > > Currently, to support 32-bit binaries with PLT in BSS kernel maps *entire > brk area* with executable rights for all binaries, even --secure-plt ones. > > Stop doing that. Can't really review this patch, but at least the change in mm/mmap.c looks technically correct to me... One nit below, feel free to ignore. > @@ -2668,7 +2668,7 @@ static int do_brk(unsigned long addr, unsigned long request) > if (!len) > return 0; > > - flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; > + flags |= VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; OK. But note that we have mlock_future_check(mm->def_flags); a few lines below and after this change this _looks_ wrong because VM_LOCKED can come from the new "flags" argument passed to do_brk(). Nobody does this right now, still this looks wrong/confusing. I'd suggest to add another change - mlock_future_check(mm->def_flags); + mlock_future_check(flags); or add a sanity check at the start to deny VM_LOCKED and perhaps something else... The same for vm_brk_flags() which after your change does do_brk_flags(flags); populate = (mm->def_flags & VM_LOCKED); again, this is just a nit, I do not think it will be ever called with VM_LOCKED in "flags". Oleg. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>