closures.c: Include sys/statfs.h.

* src/closures.c: Include sys/statfs.h. (_GNU_SOURCE): Define on Linux. (FFI_MMAP_EXEC_SELINUX): Define. (selinux_enabled): New variable. (selinux_enabled_check): New function. (is_selinux_enabled): Define. (dlmmap): Use it. * configure.ac (NO_EXECUTE_PERMISSION): Set by default. * configure: Rebuilt. From-SVN: r123457
2007-04-03 11:12:40 +02:00 · 2007-04-03 11:12:40 +02:00 · f0920e6c64
commit f0920e6c64
parent df3473facb
5 changed files with 88 additions and 15 deletions
--- a/boehm-gc/ChangeLog
+++ b/boehm-gc/ChangeLog
@ -1,3 +1,8 @@
+2007-04-03  Jakub Jelinek  <jakub@redhat.com>
+
+	* configure.ac (NO_EXECUTE_PERMISSION): Set by default.
+	* configure: Rebuilt.
+
 2007-03-07  Alexandre Oliva  <aoliva@redhat.com>

 	* include/gc.h (GC_REGISTER_FINALIZER_UNREACHABLE): New.
--- a/boehm-gc/configure
+++ b/boehm-gc/configure
@ -6826,11 +6826,9 @@ LIBS="$oldLIBS"

 # Configuration of machine-dependent code
 #
-# We don't set NO_EXECUTE_PERMISSION by default because gcj (and
-# anything else that creates trampolines in gc-allocated memory)
-# always needs exec permission.  The exceptions to this are IA-64 and
-# some variations of Power PC, where trampolines don't contain
-# executable code.
+# Set NO_EXECUTE_PERMISSION by default because gcj already uses
+# ffi_closure_{alloc,free} which takes care of allocating trampolines
+# in executable memory.
 #
 echo "$as_me:$LINENO: checking which machine-dependent code should be used" >&5
 echo $ECHO_N "checking which machine-dependent code should be used... $ECHO_C" >&6
@ -6891,14 +6889,14 @@ _ACEOF
    machdep="sparc_mach_dep.lo"
    ;;
 ia64-*-*)
+    machdep="mach_dep.lo ia64_save_regs_in_stack.lo"
+    ;;
+esac

 cat >>confdefs.h <<\_ACEOF
 #define NO_EXECUTE_PERMISSION 1
 _ACEOF

-    machdep="mach_dep.lo ia64_save_regs_in_stack.lo"
-    ;;
-esac
 if test x"$machdep" = x; then
 echo "$as_me:$LINENO: result: $machdep" >&5
 echo "${ECHO_T}$machdep" >&6
--- a/boehm-gc/configure.ac
+++ b/boehm-gc/configure.ac
@ -364,11 +364,9 @@ LIBS="$oldLIBS"

 # Configuration of machine-dependent code
 #
-# We don't set NO_EXECUTE_PERMISSION by default because gcj (and
-# anything else that creates trampolines in gc-allocated memory)
-# always needs exec permission.  The exceptions to this are IA-64 and
-# some variations of Power PC, where trampolines don't contain
-# executable code.
+# Set NO_EXECUTE_PERMISSION by default because gcj already uses
+# ffi_closure_{alloc,free} which takes care of allocating trampolines
+# in executable memory.
 #
 AC_MSG_CHECKING(which machine-dependent code should be used)
 machdep=
@ -411,10 +409,10 @@ case "$host" in
    machdep="sparc_mach_dep.lo"
    ;;
 ia64-*-*)
-    AC_DEFINE(NO_EXECUTE_PERMISSION,1,[cause some or all of the heap to not have execute permission])
    machdep="mach_dep.lo ia64_save_regs_in_stack.lo"
    ;;
 esac
+AC_DEFINE(NO_EXECUTE_PERMISSION,1,[cause some or all of the heap to not have execute permission])
 if test x"$machdep" = x; then
 AC_MSG_RESULT($machdep)
   machdep="mach_dep.lo"
--- a/libffi/ChangeLog
+++ b/libffi/ChangeLog
@ -1,3 +1,13 @@
+2007-04-03  Jakub Jelinek  <jakub@redhat.com>
+
+	* src/closures.c: Include sys/statfs.h.
+	(_GNU_SOURCE): Define on Linux.
+	(FFI_MMAP_EXEC_SELINUX): Define.
+	(selinux_enabled): New variable.
+	(selinux_enabled_check): New function.
+	(is_selinux_enabled): Define.
+	(dlmmap): Use it.
+
 2007-03-24  Uros Bizjak  <ubizjak@gmail.com>

 	* testsuite/libffi.call/return_fl2.c (return_fl): Mark as static.
--- a/libffi/src/closures.c
+++ b/libffi/src/closures.c
@ -23,6 +23,10 @@
   OTHER DEALINGS IN THE SOFTWARE.
   ----------------------------------------------------------------------- */

+#if defined __linux__ && !defined _GNU_SOURCE
+#define _GNU_SOURCE 1
+#endif
+
 #include <ffi.h>
 #include <ffi_common.h>

@ -39,6 +43,15 @@
 # endif
 #endif

+#if FFI_MMAP_EXEC_WRIT && !defined FFI_MMAP_EXEC_SELINUX
+# ifdef __linux__
+/* When defined to 1 check for SELinux and if SELinux is active,
+   don't attempt PROT_EXEC|PROT_WRITE mapping at all, as that
+   might cause audit messages.  */
+#  define FFI_MMAP_EXEC_SELINUX 1
+# endif
+#endif
+
 #if FFI_CLOSURES

 # if FFI_MMAP_EXEC_WRIT
@ -87,6 +100,55 @@
 #include <sys/mman.h>
 #define LACKS_SYS_MMAN_H 1

+#if FFI_MMAP_EXEC_SELINUX
+#include <sys/statfs.h>
+#include <stdlib.h>
+
+static int selinux_enabled = -1;
+
+static int
+selinux_enabled_check (void)
+{
+  struct statfs sfs;
+  FILE *f;
+  char *buf = NULL;
+  size_t len = 0;
+
+  if (statfs ("/selinux", &sfs) >= 0
+      && (unsigned int) sfs.f_type == 0xf97cff8cU)
+    return 1;
+  f = fopen ("/proc/mounts", "r");
+  if (f == NULL)
+    return 0;
+  while (getline (&buf, &len, f) >= 0)
+    {
+      char *p = strchr (buf, ' ');
+      if (p == NULL)
+        break;
+      p = strchr (p + 1, ' ');
+      if (p == NULL)
+        break;
+      if (strncmp (p + 1, "selinuxfs ", 10) != 0)
+        {
+          free (buf);
+          fclose (f);
+          return 1;
+        }
+    }
+  free (buf);
+  fclose (f);
+  return 0;
+}
+
+#define is_selinux_enabled() (selinux_enabled >= 0 ? selinux_enabled \
+			      : (selinux_enabled = selinux_enabled_check ()))
+
+#else
+
+#define is_selinux_enabled() 0
+
+#endif
+
 #define MAYBE_UNUSED __attribute__((__unused__))

 /* Declare all functions defined in dlmalloc.c as static.  */
@ -358,7 +420,7 @@ dlmmap (void *start, size_t length, int prot,
  printf ("mapping in %zi\n", length);
 #endif

-  if (execfd == -1)
+  if (execfd == -1 && !is_selinux_enabled ())
    {
      ptr = mmap (start, length, prot | PROT_EXEC, flags, fd, offset);