> On Oct 18, 2022, at 7:50 AM, Christoph Hellwig <hch@xxxxxx> wrote: > > On Mon, Oct 17, 2022 at 04:23:52PM +0000, Song Liu wrote: >>> Well, nothing explains what the method is to avoid having memory >>> that is mapped writable and executable at the same time, which really >>> could use some explanation here (and in the main patch as well). >> >> Thanks for the feedback. I will add this. >> >> Does the code look good to you? I personally think patch 1, 2, 4 could >> ship with a little more work. > > I only took a quick look and I'm not sure how the W^X actually works. > Yes, it alls into the text poke helpers, but how do these work on > less than page sized allocations? Aha, I guess I understand your point (and concern) now. It is the same as text poke into static kernel text: we create a local writable mapping to the memory we need to update. For less than page sized allocation, this mapping does have access to X memory that may belong to a different allocation, just like text poke into static kernel text. Maybe we need something like vcopy_exec(x_mem, tmp_buf, size), where we explicitly check the allowed memory of x_mem is bigger or equal to size. And users of vmalloc_exec should only use vcopy_exec to update memory from vmalloc_exec. Does this make sense? Did I understand your concern correctly? Thanks, Song
