Conversation
guest_build_page_tables OR-merged perms when multiple regions shared a 2MiB block, collapsing small static binaries' .text RX + .data RW + heap RW into one RWX block. The pair-only post-build fixup in bootstrap.c only handled adjacent array pairs, and exec.c had no fixup at all so execve into a small binary left the merged RWX state. The new finalize_block_perms at the end of guest_build_page_tables splits any 2MiB block where the input regions disagree on perms or leave gaps, applies the union of perms per 4KiB page, and leaves uncovered pages invalid. Idempotent across overlapping regions, so no visited-set is needed. Bundled adjustments: VDSO declared as an explicit boot region in bootstrap.c and exec.c (it previously rode the shim's RX block); MAX_REGIONS / MAX_BOOT_REGIONS bumped to 8 + 2*ELF_MAX_SEGMENTS and silent segment truncation in execve turned into a fatal abort; build_boot_regions / load_interpreter / finalize_block_perms switched to bool returns where the only meaningful values are success/failure; BLOCK_2MB family and \d+(KB|MB|GB|TB) literals swept to IEC binary prefixes (BLOCK_2MIB, KiB/MiB/GiB/TiB) across src/ and tests/. Lowercase 'kB' in /proc/meminfo and /proc/self/status emulation kept verbatim for Linux ABI compat.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
guest_build_page_tables OR-merged perms when multiple regions shared a 2MiB block, collapsing small static binaries' .text RX + .data RW + heap RW into one RWX block. The pair-only post-build fixup in bootstrap.c only handled adjacent array pairs, and exec.c had no fixup at all so execve into a small binary left the merged RWX state.
The new finalize_block_perms at the end of guest_build_page_tables splits any 2MiB block where the input regions disagree on perms or leave gaps, applies the union of perms per 4KiB page, and leaves uncovered pages invalid. Idempotent across overlapping regions, so no visited-set is needed.
Bundled adjustments: VDSO declared as an explicit boot region in bootstrap.c and exec.c (it previously rode the shim's RX block); MAX_REGIONS / MAX_BOOT_REGIONS bumped to 8 + 2*ELF_MAX_SEGMENTS and silent segment truncation in execve turned into a fatal abort; build_boot_regions / load_interpreter / finalize_block_perms switched to bool returns where the only meaningful values are success/failure; BLOCK_2MB family and \d+(KB|MB|GB|TB) literals swept to IEC binary prefixes (BLOCK_2MIB, KiB/MiB/GiB/TiB) across src/ and tests/. Lowercase 'kB' in /proc/meminfo and /proc/self/status emulation kept verbatim for Linux ABI compat.
Summary by cubic
Fixes mixed-permission 2MiB blocks by splitting them into 4KiB L3 pages and applying per-page permissions, preventing OR-merged RWX and leaving gaps invalid. Ensures correct W^X for small static binaries on both bootstrap and execve, and keeps the vDSO RX when sharing a block with the shim.
Bug Fixes
guest_build_page_tablesto split any 2MiB block with mixed perms or gaps, union perms per 4KiB page, and leave uncovered pages invalid.Refactors
MAX_REGIONS/MAX_BOOT_REGIONSto8 + 2*ELF_MAX_SEGMENTS; exec segment overflow now aborts instead of truncating.build_boot_regions/load_interpreter/finalize_block_permsto bool returns.BLOCK_2MB→BLOCK_2MIBand standardized units to KiB/MiB/GiB/TiB across code and tests (kept Linux ABIkBstrings in/procemulation).Written for commit fb5e253. Summary will update on new commits.