diff options
| author | Johannes Stoelp <johannes.stoelp@gmail.com> | 2023-10-22 14:24:33 +0200 |
|---|---|---|
| committer | Johannes Stoelp <johannes.stoelp@gmail.com> | 2023-10-22 14:24:33 +0200 |
| commit | 474c2545cbb1af85a326a47e202fe1e6c450b496 (patch) | |
| tree | 51a0850b590f4cdcea526a2dba9d1bfc41aeb961 | |
| parent | 47a16f36313273a2e3b40440d71b264e35463c05 (diff) | |
| download | juicebox-asm-474c2545cbb1af85a326a47e202fe1e6c450b496.tar.gz juicebox-asm-474c2545cbb1af85a326a47e202fe1e6c450b496.zip | |
Remove write permissions from runtime code buffer after copying jitted code
| -rw-r--r-- | src/rt.rs | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -1,7 +1,7 @@ //! A simple runtime which can be used to execute emitted instructions. use core::ffi::c_void; -use nix::sys::mman::{mmap, munmap, MapFlags, ProtFlags}; +use nix::sys::mman::{mmap, mprotect, munmap, MapFlags, ProtFlags}; /// A simple `mmap`ed runtime with executable pages. pub struct Runtime { @@ -18,7 +18,7 @@ impl Runtime { mmap( None, len, - ProtFlags::PROT_WRITE | ProtFlags::PROT_READ | ProtFlags::PROT_EXEC, + ProtFlags::PROT_WRITE, MapFlags::MAP_PRIVATE | MapFlags::MAP_ANONYMOUS, 0, /* fd */ 0, /* off */ @@ -31,6 +31,11 @@ impl Runtime { assert!(code.len() < len.get()); unsafe { std::ptr::copy_nonoverlapping(code.as_ptr(), buf.cast(), len.get()) }; } + unsafe { + // Remove write permissions from code buffer and allow to read-execute from it. + mprotect(buf, len.get(), ProtFlags::PROT_READ | ProtFlags::PROT_EXEC) + .expect("Failed to RX mprotect Runtime code buffer"); + } Runtime { buf, |