Re: Testing PROT_NONE and other protections, and a surprise

[Richard Curnow]

Hi Jamie,

* Jamie Lokier <jamie@xxxxxxxxxxxxx> [2004-07-01]:
> 
> I've just written a thorough test.  The attached program tries every
> combination of PROT_* flags, and tells you what protection you really get.
> 
> It'll be interesting to see the results on other architectures.

I've got this working on sh64/2.6 (which was only merged a couple of
days ago); here are the results:

Requested PROT | ---    R--    -W-    RW-    --X    R-X    -WX    RWX
========================================================================
MAP_SHARED     | ---    r--    -w-    rw-    r-x    r-x    rwx    rwx
MAP_PRIVATE    | ---    r--    -w-    rw-    r-x    r-x    rwx    rwx

Although the hardware is capable of distinguish R and X, the kernel
always allows R if X is specified to mmap().  This is for 2 reasons :

1. jump tables for switch() get embedded into the code in 32-bit
   (SHmedia) mode
2. constant pools embedded in the code in 16-bit (SHcompact, i.e. SH-4
   compatible) mode

so in practice an exec-only page is pretty useless to a typical userland
program.

> This program should hopefully run on all architectures, however it
> does depend on an empty function working when relocated.

The empty function relocated fine.  But I had to make 2 trivial changes to
handle using &void_function as an argument to memcpy and when casting
addr to a function pointer.  These result from the way the SH-5 uses the
LSB in function addresses and branch targets to switch between the
SHmedia and SHcompact instruction sets.  (I can send you the patch if you
want.)

-- 
Richard \\\ SH-4/SH-5 Core & Debug Architect
Curnow  \\\         SuperH (UK) Ltd, Bristol
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/