LWN: Comments on "mimmutable() for OpenBSD"

Text already read-only?

mrugiero — Thu, 22 Dec 2022 21:41:54 +0000

> mmap, munmap, mprotect, madvise, ... mimmutable.

Isn't yours precisely an example of what makes it confusing? One is talking about mapping a m(emory) region. Then about unmapping it. Then about protection for it. Then about hints about its usage. Then you talk about the mapping itself? It could have made sense to call it something like ptimmutable (page-table immutable).

Text already read-only?

Cyberax — Thu, 15 Dec 2022 21:04:55 +0000

When I saw this headline, I was for a few seconds confused. What is "mimmu"? And how is it related to tables?

Text already read-only?

VadimP — Thu, 15 Dec 2022 20:21:17 +0000

mmap, munmap, mprotect, madvise, ... mimmutable.

mimmutable() for OpenBSD

mirabilos — Sun, 11 Dec 2022 20:38:03 +0000

And this is still biting us, especially with .S files.

The better way is to have programs explicitly declare the need for executable stack and default to r/w-only. But, again, this is something OpenBSD can do much easierly. Just recompile the world.

Text already read-only?

mathstuf — Sat, 10 Dec 2022 23:55:03 +0000

Indeed. Abbreviating the noun to a single letter and spelling out the `immutable` adjective (which could easily be `immut` without collisions) seems like quite an odd decision to me.

Text already read-only?

edeloget — Sat, 10 Dec 2022 13:06:51 +0000

Text mapping is rx (read-execute), not ro. This new BSD system call means that whatever you use to try to change that will fail.

Text already read-only?

dottedmag — Sat, 10 Dec 2022 07:43:00 +0000

Yep, it's "mapping immutable", not "memory immutable". Confusing.

Text already read-only?

jrtc27 — Fri, 09 Dec 2022 19:29:16 +0000

It's two things: you can't mprotect it to something else (even a strict subset, not just something that adds permissions) and you can't mmap something else over the top (even with the same permissions).

Despite the confusing name, it doesn't actually make the memory itself read-only, it "freezes" the mapping itself; note that this is how it's being applied even to .data, which clearly needs to remain RW if you don't want to immediately segfault, but you can still enforce that it remains a RW private mapping of the on-disk data segment until the end of time.

Text already read-only?

epa — Fri, 09 Dec 2022 18:28:55 +0000

I’m surprised, I thought the text section of a process (its executable code) was already read-only. If not on every system then certainly on OpenBSD. It must be for demand paging executables to work. Is the difference here just that the process cannot remove the immutability no matter what system calls it makes?

mimmutable() for OpenBSD

kilobyte — Fri, 09 Dec 2022 16:51:50 +0000

And we do enable optimization or hardening features all the time. Stuff like LTO or relro. It's a bunch of of projects at first, then it comes as a dh flag (like optimize=+lto), then it's packaging default, then compiler default. All while old software continues to work, even if compiled with libc5 or whatever.

mimmutable() for OpenBSD

abatters — Fri, 09 Dec 2022 16:43:40 +0000

Not all programs need to be converted at once. For example an ELF flag was previously added to indicate which programs don't need an executable stack:

https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart