Do not map read-only data memory sections with EXECUTE flags.

The code in SectionMemoryManager.cpp unnecessarily maps read-only data sections with the READ+EXECUTE flags. This is undesirable from a security stand-point. Moreover, on the Fuchsia platform, which is now very strict about mapping pages with the EXECUTE permission, this simply fails, because the section's pages were initially allocated with only the READ+WRITE flags. A more detailed description of the issue can be found in this public SwiftShader bug: https://issuetracker.google.com/issues/154586551 This patch just restrict the mapping to the READ flag for ROData sections. Code sections are still mapped with READ+EXECUTE as expected. Reviewed By: lhames Differential Revision: https://reviews.llvm.org/D78574
2024-11-28 13:51:09 +00:00 · 2020-08-05 10:50:06 +02:00 · 2020-08-05 10:50:06 +02:00 · 221f10ac36
commit 221f10ac36
parent 8489fbb9a7
1 changed files with 1 additions and 2 deletions
--- a/lib/ExecutionEngine/SectionMemoryManager.cpp
+++ b/lib/ExecutionEngine/SectionMemoryManager.cpp
@ -161,8 +161,7 @@ bool SectionMemoryManager::finalizeMemory(std::string *ErrMsg) {
  }

  // Make read-only data memory read-only.
-  ec = applyMemoryGroupPermissions(RODataMem,
-                                   sys::Memory::MF_READ | sys::Memory::MF_EXEC);
+  ec = applyMemoryGroupPermissions(RODataMem, sys::Memory::MF_READ);
  if (ec) {
    if (ErrMsg) {
      *ErrMsg = ec.message();