Re: [PATCH -mm] vmscan: make mapped executable pages the firstclass citizen

[Peter Zijlstra]

On Sun, 2009-05-10 at 21:39 +0900, KOSAKI Motohiro wrote:
> >> > They always use mmap(PROT_READ | PROT_WRITE | PROT_EXEC) for anycase.
> >> > Please google it. you can find various example.
> >>
> >> How widely is PROT_EXEC abused? Would you share some of your google results?
> >
> > That's a security bug right there and should be fixed regardless of our
> > heuristics.
> 
> Yes, should be. but it's not security issue. it doesn't make any security hole.
> Plus, this claim doesn't help to solve end-user problems.

Having more stuff executable than absolutely needed is always a security
issue.

> I think the basic concept of the patch is right.
>   - executable mapping is important for good latency
>   - executable file is relatively small
> 
> The last problem is, The patch assume executable mappings is rare, but
> it isn't guranteed.
> How do we separate truth executable mapping and mis-used PROT_EXEC usage?

One could possibly limit the size, but I don't think it pays to bother
about this until we really run into it, again as Andrew already said,
there's more ways to screw reclaim if you really want to.



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/