24 Oct
2023
24 Oct
'23
10:42 a.m.
The problem you seem to have with fully locked mseal() in chrome seems to be here:
about permission changes but sometimes we do need to mprotect data only pages.
Does that data have to be in the same region? Can your allocator not put the non-code pieces of the JIT elsewhere, with a different permission, fully immutable / msealed -- and perhaps even managed with a different PKEY if neccessary?
No we can't. We investigated this extensively since this also poses some difficulties on MacOS. We implemented different approaches but any such change to the allocator introduces too much of a performance impact.