* Kalesh Singh <kaleshsingh@xxxxxxxxxx> [250219 03:35]: > On Wed, Feb 19, 2025 at 12:25 AM Kalesh Singh <kaleshsingh@xxxxxxxxxx> wrote: > > > > On Thu, Feb 13, 2025 at 10:18 AM Lorenzo Stoakes > > <lorenzo.stoakes@xxxxxxxxxx> wrote: > > > > > > The guard regions feature was initially implemented to support anonymous > > > mappings only, excluding shmem. > > > > > > This was done such as to introduce the feature carefully and incrementally > > > and to be conservative when considering the various caveats and corner > > > cases that are applicable to file-backed mappings but not to anonymous > > > ones. > > > > > > Now this feature has landed in 6.13, it is time to revisit this and to > > > extend this functionality to file-backed and shmem mappings. > > > > > > In order to make this maximally useful, and since one may map file-backed > > > mappings read-only (for instance ELF images), we also remove the > > > restriction on read-only mappings and permit the establishment of guard > > > regions in any non-hugetlb, non-mlock()'d mapping. > > > > Hi Lorenzo, > > > > Thank you for your work on this. > > > > Have we thought about how guard regions are represented in /proc/*/[s]maps? > > > > In the field, I've found that many applications read the ranges from > > /proc/self/[s]maps to determine what they can access (usually related > > to obfuscation techniques). If they don't know of the guard regions it > > would cause them to crash; I think that we'll need similar entries to > > PROT_NONE (---p) for these, and generally to maintain consistency > > between the behavior and what is being said from /proc/*/[s]maps. > > To clarify why the applications may not be aware of their guard > regions -- in the case of the ELF mappings these PROT_NONE (guard > regions) would be installed by the dynamic loader; or may be inherited > from the parent (zygote in Android's case). The guard regions are a method to reduce vma count and speed up guard installation and removal. This very much will change the proc interface by its design, since it's removing information from the maps for the advantage of speed and less resources. I thought that was pretty clear from the start. The proc interface is also not a very good way to programmatically get this information, as I'm sure you are aware. I'm also sure you know that reading that file takes the mmap read lock, and tearing can occur. I think this implies you are taking a lot of time to get the information you want in the way you are getting it (parsing a text file, and not doing any mmap write work)? If this is a common pattern, I think we need a better interface to query this type of information. We have an ioctl going in for getting vma information, but that will lack these new guard regions as well. David mentioned /proc/self/pagemap - that's certainly worth exploring, and doesn't involve text parsing. If it's not that common, then maybe your zygote/loader can communicate the information in a way that does not involve read locking the programs vm area? Are you really parsing the same library information for each application launched to find the guards instead of asking or being told what they are? I must be missing something.. Thanks, Liam
