abrown opened PR #7363 from abrown:pku-prot-none
to bytecodealliance:main
:
This change fixes a bug with
ProtectionKey::protect
: previously it initialized each stripe with read and write permissions (i.e.,pkey_mprotect(..., PROT_READ | PROT_WRITE)
under the mistaken assumption that these permissions were MPK-specific, "what MPK permissions will we be allowed to set in the PKRU for these regions in the future?". This assumption is incorrect: the regions were immediately made accessible for reading and writing. The fix is to initially protect the regions withPROT_NONE
and allow Wasmtime'smemory.grow
implementation to mark pages withmprotect(..., PROT_READ | PROT_WRITE)
as usual. Whether a store can access a slice is still determined by the CPU state set inmpk::allow
.<!--
Please make sure you include the following information:
If this work has been discussed elsewhere, please include a link to that
conversation. If it was discussed in an issue, just mention "issue #...".Explain why this change is needed. If the details are in an issue already,
this can be brief.Our development process is documented in the Wasmtime book:
https://docs.wasmtime.dev/contributing-development-process.htmlPlease ensure all communication follows the code of conduct:
https://github.com/bytecodealliance/wasmtime/blob/main/CODE_OF_CONDUCT.md
-->
abrown requested wasmtime-core-reviewers for a review on PR #7363.
abrown requested pchickey for a review on PR #7363.
alexcrichton requested alexcrichton for a review on PR #7363.
alexcrichton submitted PR review:
Nice! Is it possible to have a test in this regard? For example if mpk is enabled does that mean that guard pages were accidentally read/write?
abrown merged PR #7363.
Last updated: Dec 23 2024 at 12:05 UTC