* Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > On Thu, Oct 1, 2015 at 6:33 PM, Dave Hansen <dave@xxxxxxxx> wrote: > > > > Here it is in a quite fugly form (well, it's not opt-in). Init crashes if I > > boot with this, though. > > > > I'll see if I can turn it in to a bit more of an opt-in and see what's > > actually going wrong. > > It's quite likely that you will find that compilers put read-only constants in > the text section, knowing that executable means readable. At least with pkeys enabling true --x mappings, that compiler practice becomes a (mild) security problem: it provides a readable and executable return target for stack/buffer overflow attacks - FWIIW. (It's a limited concern because the true code areas are executable already.) I'd expect such readonly data to eventually move out into the regular data sections, the moment the kernel gives a tool to distros to enforce true PROT_EXEC mappings. > So it's entirely possible that it's pretty much all over. I'd expect that too. > That said, I don't understand your patch. Why check PROT_WRITE? We've had > :"execute but not write" forever. It's "execute and not *read*" that is > interesting. Yeah, but almost none of user-space seems to be using it. > So I wonder if your testing is just bogus. But maybe I'm mis-reading this? I don't think you are mis-reading it: my (hacky! bad! not signed off!) debug idea was to fudge PROT_EXEC|PROT_READ bits into pure PROT_EXEC only - at least to get pkeys used in a much more serious fashion than standalone testcases, without having to change the distro itself. You are probably right that true data reads from executable sections are very common, so this might not be a viable technique even for testing purposes. But worth a try. Thanks, Ingo -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>