On Tue, Apr 18, 2023 at 09:16:37PM -0400, Waiman Long wrote: > 1) App runs creating lots of threads. > 2) It mmap's 256K pages of anonymous memory. > 3) It writes executable code to that memory. > 4) It calls mprotect() with PROT_EXEC on that memory so > it can subsequently execute the code. > > The above mprotect() will fail if the mmap'd region's VMA gets merged with > the VMA for one of the thread stacks. That's because the default RHEL > SELinux policy is to not allow executable stacks. By the way, this is a daft policy. The policy you really want is EXEC|WRITE is not allowed. A non-writable stack is useless, so it's actually a superset of your current policy. Forbidding _simultaneous_ write and executable is just good programming. This way, you don't need to care about the underlying VMA's current permissions, you just need to do: if ((prot & (PROT_EXEC|PROT_WRITE)) == (PROT_EXEC|PROT_WRITE)) return -EACCESS;
