google · copybara-service · Apr 19, 2024
diff --git a/pkg/sentry/mm/pma.go b/pkg/sentry/mm/pma.go
@@ -180,6 +180,13 @@ func (mm *MemoryManager) getVecPMAsLocked(ctx context.Context, ars hostarch.Addr
 	return ars, nil
 }
 
+func (mm *MemoryManager) expandCOWBreakOnExec() bool {
+	if mm.as == nil {
+		return false
+	}
+	return mm.as.ExpandCOWBreakOnExec()
+}
+
 // getPMAsInternalLocked is equivalent to getPMAsLocked, with the following
 // exceptions:
 //
@@ -333,7 +340,7 @@ func (mm *MemoryManager) getPMAsInternalLocked(ctx context.Context, vseg vmaIter
 						}
 					}
 					var copyAR hostarch.AddrRange
-					if vma := vseg.ValuePtr(); vma.effectivePerms.Execute {
+					if vma := vseg.ValuePtr(); vma.effectivePerms.Execute && !mm.expandCOWBreakOnExec() {
 						// The majority of copy-on-write breaks on executable
 						// pages come from:
 						//

diff --git a/pkg/sentry/platform/kvm/address_space.go b/pkg/sentry/platform/kvm/address_space.go
@@ -243,3 +243,6 @@ func (as *addressSpace) PreFork() {}
 
 // PostFork implements platform.AddressSpace.PostFork.
 func (as *addressSpace) PostFork() {}
+
+// ExpandCOWBreakOnExec implements platform.AddressSpace.ExpandCOWBreakOnExec.
+func (as *addressSpace) ExpandCOWBreakOnExec() bool { return false }
diff --git a/pkg/sentry/platform/platform.go b/pkg/sentry/platform/platform.go
@@ -365,6 +365,12 @@ type AddressSpace interface {
 	// Platform.SupportsAddressSpaceIO() == true. AddressSpaces for which this
 	// does not hold may panic if AddressSpaceIO methods are invoked.
 	AddressSpaceIO
+
+	// ExpandCOWBreakOnExec returns true if MemoryManager needs to treat
+	// executable VMA-s like regular ones. It can be useful if a platform
+	// needs to modify executable vma-s. Look at
+	// MemoryManager.getPMAInternalMappingsLocked for more details.
+	ExpandCOWBreakOnExec() bool
 }
 
 // AddressSpaceIO supports IO through the memory mappings installed in an

diff --git a/pkg/sentry/platform/ptrace/subprocess.go b/pkg/sentry/platform/ptrace/subprocess.go
@@ -680,6 +680,9 @@ func (s *subprocess) Unmap(addr hostarch.Addr, length uint64) {
 	}
 }
 
+// ExpandCOWBreakOnExec implements platform.AddressSpace.ExpandCOWBreakOnExec
+func (s *subprocess) ExpandCOWBreakOnExec() bool { return false }
+
 // PreFork implements platform.AddressSpace.PreFork.
 func (s *subprocess) PreFork() {}
 

diff --git a/pkg/sentry/platform/systrap/subprocess_amd64.go b/pkg/sentry/platform/systrap/subprocess_amd64.go
@@ -45,6 +45,9 @@ func (s *subprocess) resetSysemuRegs(regs *arch.Registers) {
 	regs.Gs = s.sysmsgInitRegs.Gs
 }
 
+// ExpandCOWBreakOnExec implements platform.AddressSpace.ExpandCOWBreakOnExec.
+func (s *subprocess) ExpandCOWBreakOnExec() bool { return true }
+
 // createSyscallRegs sets up syscall registers.
 //
 // This should be called to generate registers for a system call.

diff --git a/pkg/sentry/platform/systrap/subprocess_arm64.go b/pkg/sentry/platform/systrap/subprocess_arm64.go
@@ -39,6 +39,9 @@ const (
 func (s *subprocess) resetSysemuRegs(regs *arch.Registers) {
 }
 
+// ExpandCOWBreakOnExec implements platform.AddressSpace.ExpandCOWBreakOnExec.
+func (s *subprocess) ExpandCOWBreakOnExec() bool { return false }
+
 // createSyscallRegs sets up syscall registers.
 //
 // This should be called to generate registers for a system call.