wasmtime / PR #7363 mpk: protect memory with `PROT_NONE` · git-wasmtime

Stream: git-wasmtime

Topic: wasmtime / PR #7363 mpk: protect memory with `PROT_NONE`

Wasmtime GitHub notifications bot (Oct 25 2023 at 17:55):

abrown opened PR #7363 from abrown:pku-prot-none to bytecodealliance:main:

This change fixes a bug with ProtectionKey::protect: previously it initialized each stripe with read and write permissions (i.e., pkey_mprotect(..., PROT_READ | PROT_WRITE) under the mistaken assumption that these permissions were MPK-specific, "what MPK permissions will we be allowed to set in the PKRU for these regions in the future?". This assumption is incorrect: the regions were immediately made accessible for reading and writing. The fix is to initially protect the regions with PROT_NONE and allow Wasmtime's memory.grow implementation to mark pages with mprotect(..., PROT_READ | PROT_WRITE) as usual. Whether a store can access a slice is still determined by the CPU state set in mpk::allow.

Wasmtime GitHub notifications bot (Oct 25 2023 at 17:55):

abrown requested wasmtime-core-reviewers for a review on PR #7363.

Wasmtime GitHub notifications bot (Oct 25 2023 at 17:55):

abrown requested pchickey for a review on PR #7363.

Wasmtime GitHub notifications bot (Oct 25 2023 at 18:35):

alexcrichton requested alexcrichton for a review on PR #7363.

Wasmtime GitHub notifications bot (Oct 25 2023 at 18:36):

alexcrichton submitted PR review:

Nice! Is it possible to have a test in this regard? For example if mpk is enabled does that mean that guard pages were accidentally read/write?

Wasmtime GitHub notifications bot (Oct 25 2023 at 20:37):

abrown merged PR #7363.

Last updated: Oct 23 2024 at 20:03 UTC