Early during mimmutable(2) development, we had a big problem with the

chrome v8_flags variable's placement in bss, and as a workaround made
it possible to demote a mimmutable mapping's permissions from RW to R.
Further mimmutable-related work in libc's malloc created the same
problem, which led to a better design: objects could be placed into
.openbsd.mutable region, and then at runtime their permission and
immutability could be manipulated better.  So the RW to R demotion
logic is no longer being used, and now this semantic is being deleted.
ok kettenis

diff --git a/lib/libc/sys/mimmutable.2 b/lib/libc/sys/mimmutable.2
index b977835..03fff5c 100644 (file)
--- a/lib/libc/sys/mimmutable.2
+++ b/lib/libc/sys/mimmutable.2
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: mimmutable.2,v 1.3 2022/11/06 20:15:44 jmc Exp $
+.\"    $OpenBSD: mimmutable.2,v 1.4 2024/01/20 13:19:37 deraadt Exp $
 .\"
 .\" Copyright (c) 1991, 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -29,7 +29,7 @@
 .\"
 .\"    @(#)mimmutable.2        8.1 (Berkeley) 6/9/93
 .\"
-.Dd $Mdocdate: November 6 2022 $
+.Dd $Mdocdate: January 20 2024 $
 .Dt MIMMUTABLE 2
 .Os
 .Sh NAME
@@ -81,16 +81,3 @@ The
 .Fn mimmutable
 function first appeared in
 .Ox 7.3 .
-.Sh CAVEATS
-At present,
-.Xr mprotect 2
-may reduce permissions on immutable pages marked
-.Dv PROT_READ | PROT_WRITE
-to the less permissive
-.Dv PROT_READ .
-This one-way operation is permitted for an introductory period to observe how
-software uses this mechanism.
-It may change to require explicit mutable region annotation with
-.Va __attribute__((section(".openbsd.mutable")))
-and explicit calls to
-.Fn mimmutable .

diff --git a/sys/uvm/uvm_map.c b/sys/uvm/uvm_map.c
index 5164357..5078f3a 100644 (file)
--- a/sys/uvm/uvm_map.c
+++ b/sys/uvm/uvm_map.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: uvm_map.c,v 1.320 2024/01/16 19:05:01 deraadt Exp $   */
+/*     $OpenBSD: uvm_map.c,v 1.321 2024/01/20 13:19:39 deraadt Exp $   */
 /*     $NetBSD: uvm_map.c,v 1.86 2000/11/27 08:40:03 chs Exp $ */
 
 /*
@@ -3144,16 +3144,9 @@ uvm_map_protect(struct vm_map *map, vaddr_t start, vaddr_t end,
                if (iter->start == iter->end || UVM_ET_ISHOLE(iter))
                        continue;
 
-               if (checkimmutable &&
-                   (iter->etype & UVM_ET_IMMUTABLE)) {
-                       if (iter->protection == (PROT_READ | PROT_WRITE) &&
-                           new_prot == PROT_READ) {
-                               /* Permit RW to R as a data-locking mechanism */
-                               ;
-                       } else {
-                               error = EPERM;
-                               goto out;
-                       }
+               if (checkimmutable && (iter->etype & UVM_ET_IMMUTABLE)) {
+                       error = EPERM;
+                       goto out;
                }
                old_prot = iter->protection;
                if (old_prot == PROT_NONE && new_prot != old_prot) {