[gcc-6] 213/401: * Backport from libffi trunk (Stefan Bühler): - Always check for PaX MPROTECT on linux, make EMUTRAMP experimental. - dlmmap_locked always needs locking as it always modifies execsize.

Ximin Luo infinity0 at debian.org
Wed Apr 5 15:49:31 UTC 2017 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch pu/reproducible_builds
in repository gcc-6.

commit 3bc5df2d60432934a92b70a49421384261ca62ec
Author: doko <doko at 6ca36cf4-e1d1-0310-8c6f-e303bb2178ca>
Date:   Thu Sep 15 12:38:18 2016 +0000

      * Backport from libffi trunk (Stefan Bühler):
        - Always check for PaX MPROTECT on linux, make EMUTRAMP experimental.
        - dlmmap_locked always needs locking as it always modifies execsize.
    
    
    git-svn-id: svn://anonscm.debian.org/gcccvs/branches/sid/gcc-6@8981 6ca36cf4-e1d1-0310-8c6f-e303bb2178ca
---
 debian/changelog                          |   7 +-
 debian/patches/libffi-pax.diff            | 161 ++++++++++++++++++++++++++++++
 debian/patches/libffi-race-condition.diff |  33 ++++++
 debian/rules.patch                        |   2 +
 4 files changed, 201 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 9e3550d..a971ce9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,12 +1,15 @@
-gcc-6 (6.2.0-4) UNRELEASED; urgency=medium
+gcc-6 (6.2.0-4) unstable; urgency=medium
 
   * Update to SVN 20160914 (r240133, 6.2.1) from the gcc-6-branch.
     - Fix PR rtl-optimization/77452, PR c++/77427.
   * gcj: Depend on the ecj1 standalone binary.
   * Configure native builds using --with-program-prefix.
   * Fix ICE in gdc symbol mangling (Iain Buclaw). LP: #1620681.
+  * Backport from libffi trunk (Stefan Bühler):
+    - Always check for PaX MPROTECT on linux, make EMUTRAMP experimental.
+    - dlmmap_locked always needs locking as it always modifies execsize.
 
- -- Matthias Klose <doko at debian.org>  Wed, 14 Sep 2016 13:29:08 +0200
+ -- Matthias Klose <doko at debian.org>  Thu, 15 Sep 2016 11:52:35 +0200
 
 gcc-6 (6.2.0-3) unstable; urgency=medium
 
diff --git a/debian/patches/libffi-pax.diff b/debian/patches/libffi-pax.diff
new file mode 100644
index 0000000..e8666f8
--- /dev/null
+++ b/debian/patches/libffi-pax.diff
@@ -0,0 +1,161 @@
+From 757876336c183f5b20b6620d674cc9817fd0d280 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Stefan=20B=C3=BChler?= <buehler at cert.uni-stuttgart.de>
+Date: Wed, 7 Sep 2016 15:50:54 +0200
+Subject: [PATCH 2/2] always check for PaX MPROTECT on linux, make EMUTRAMP
+ experimental
+
+- ffi_prep_closure_loc doesn't necessarily generate trampolines recognized by
+  PaX EMUTRAMP handler; there is no way to check before, and it isn't working
+on x86-64 right now -> experimental
+- if MPROTECT is enabled use the same workaround as is used for SELinux (double
+  mmap())
+---
+ configure.ac   | 11 +++++++---
+ src/closures.c | 68 +++++++++++++++++++++++++++++++++++++++-------------------
+ 2 files changed, 54 insertions(+), 25 deletions(-)
+
+--- a/src/libffi/configure.ac
++++ b/src/libffi/configure.ac
+@@ -177,12 +177,17 @@
+     ;;
+ esac
+ 
+-# On PaX enable kernels that have MPROTECT enable we can't use PROT_EXEC.
++# On PaX enable kernels that have MPROTECT enable we can't use PROT_EXEC;
++# if EMUTRAMP is active too ffi could try mapping without PROT_EXEC,
++# but the kernel needs to recognize the trampoline generated by ffi.
++# Otherwise fallback to double mmap trick.
+ AC_ARG_ENABLE(pax_emutramp,
+-  [  --enable-pax_emutramp       enable pax emulated trampolines, for we can't use PROT_EXEC],
++  [  --enable-pax_emutramp       enable pax emulated trampolines (experimental)],
+   if test "$enable_pax_emutramp" = "yes"; then
++    AC_MSG_WARN([EMUTRAMP is experimental only.  Use --enable-pax_emutramp=experimental to enforce.])
++  elif test "$enable_pax_emutramp" = "experimental"; then
+     AC_DEFINE(FFI_MMAP_EXEC_EMUTRAMP_PAX, 1,
+-      [Define this if you want to enable pax emulated trampolines])
++      [Define this if you want to enable pax emulated trampolines (experimental)])
+   fi)
+ 
+ FFI_EXEC_TRAMPOLINE_TABLE=0
+--- a/src/libffi/src/closures.c
++++ b/src/libffi/src/closures.c
+@@ -53,14 +53,18 @@
+ # endif
+ #endif
+ 
+-#if FFI_MMAP_EXEC_WRIT && !defined FFI_MMAP_EXEC_SELINUX
+-# ifdef __linux__
++#if FFI_MMAP_EXEC_WRIT && defined __linux__
++# if !defined FFI_MMAP_EXEC_SELINUX
+ /* When defined to 1 check for SELinux and if SELinux is active,
+    don't attempt PROT_EXEC|PROT_WRITE mapping at all, as that
+    might cause audit messages.  */
+ #  define FFI_MMAP_EXEC_SELINUX 1
+-# endif
+-#endif
++# endif /* !defined FFI_MMAP_EXEC_SELINUX */
++# if !defined FFI_MMAP_PAX
++/* Also check for PaX MPROTECT */
++#  define FFI_MMAP_PAX 1
++# endif /* !defined FFI_MMAP_PAX */
++#endif /* FFI_MMAP_EXEC_WRIT && defined __linux__ */
+ 
+ #if FFI_CLOSURES
+ 
+@@ -172,14 +176,18 @@
+ 
+ #endif /* !FFI_MMAP_EXEC_SELINUX */
+ 
+-/* On PaX enable kernels that have MPROTECT enable we can't use PROT_EXEC. */
+-#ifdef FFI_MMAP_EXEC_EMUTRAMP_PAX
++/* On PaX enable kernels that have MPROTECT enabled we can't use PROT_EXEC. */
++#if defined FFI_MMAP_PAX
+ #include <stdlib.h>
+ 
+-static int emutramp_enabled = -1;
++enum {
++  PAX_MPROTECT = (1 << 0),
++  PAX_EMUTRAMP = (1 << 1),
++};
++static int cached_pax_flags = -1;
+ 
+ static int
+-emutramp_enabled_check (void)
++pax_flags_check (void)
+ {
+   char *buf = NULL;
+   size_t len = 0;
+@@ -193,9 +201,10 @@
+   while (getline (&buf, &len, f) != -1)
+     if (!strncmp (buf, "PaX:", 4))
+       {
+-        char emutramp;
+-        if (sscanf (buf, "%*s %*c%c", &emutramp) == 1)
+-          ret = (emutramp == 'E');
++        if (NULL != strchr (buf + 4, 'M'))
++          ret |= PAX_MPROTECT;
++        if (NULL != strchr (buf + 4, 'E'))
++          ret |= PAX_EMUTRAMP;
+         break;
+       }
+   free (buf);
+@@ -203,9 +212,13 @@
+   return ret;
+ }
+ 
+-#define is_emutramp_enabled() (emutramp_enabled >= 0 ? emutramp_enabled \
+-                               : (emutramp_enabled = emutramp_enabled_check ()))
+-#endif /* FFI_MMAP_EXEC_EMUTRAMP_PAX */
++#define get_pax_flags() (cached_pax_flags >= 0 ? cached_pax_flags \
++                               : (cached_pax_flags = pax_flags_check ()))
++#define has_pax_flags(flags) ((flags) == ((flags) & get_pax_flags ()))
++#define is_mprotect_enabled() (has_pax_flags (PAX_MPROTECT))
++#define is_emutramp_enabled() (has_pax_flags (PAX_EMUTRAMP))
++
++#endif /* defined FFI_MMAP_PAX */
+ 
+ #elif defined (__CYGWIN__) || defined(__INTERIX)
+ 
+@@ -216,9 +229,10 @@
+ 
+ #endif /* !defined(X86_WIN32) && !defined(X86_WIN64) */
+ 
+-#ifndef FFI_MMAP_EXEC_EMUTRAMP_PAX
+-#define is_emutramp_enabled() 0
+-#endif /* FFI_MMAP_EXEC_EMUTRAMP_PAX */
++#if !defined FFI_MMAP_PAX
++# define is_mprotect_enabled() 0
++# define is_emutramp_enabled() 0
++#endif /* !defined FFI_MMAP_PAX */
+ 
+ /* Declare all functions defined in dlmalloc.c as static.  */
+ static void *dlmalloc(size_t);
+@@ -525,13 +539,23 @@
+   printf ("mapping in %zi\n", length);
+ #endif
+ 
+-  if (execfd == -1 && is_emutramp_enabled ())
++  /* -1 != execfd hints that we already decided to use dlmmap_locked
++     last time.  */
++  if (execfd == -1 && is_mprotect_enabled ())
+     {
+-      ptr = mmap (start, length, prot & ~PROT_EXEC, flags, fd, offset);
+-      return ptr;
++#ifdef FFI_MMAP_EXEC_EMUTRAMP_PAX
++      if (is_emutramp_enabled ())
++        {
++          /* emutramp requires the kernel recognizing the trampoline pattern
++             generated by ffi_prep_closure_loc; there is no way to test
++             in advance whether this will work, so this is experimental.  */
++          ptr = mmap (start, length, prot & ~PROT_EXEC, flags, fd, offset);
++          return ptr;
++        }
++#endif
++      /* fallback to dlmmap_locked.  */
+     }
+-
+-  if (execfd == -1 && !is_selinux_enabled ())
++  else if (execfd == -1 && !is_selinux_enabled ())
+     {
+       ptr = mmap (start, length, prot | PROT_EXEC, flags, fd, offset);
+ 
diff --git a/debian/patches/libffi-race-condition.diff b/debian/patches/libffi-race-condition.diff
new file mode 100644
index 0000000..686ec79
--- /dev/null
+++ b/debian/patches/libffi-race-condition.diff
@@ -0,0 +1,33 @@
+From 48d2e46528fb6e621d95a7fa194069fd136b712d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Stefan=20B=C3=BChler?= <buehler at cert.uni-stuttgart.de>
+Date: Wed, 7 Sep 2016 15:49:48 +0200
+Subject: [PATCH 1/2] dlmmap_locked always needs locking as it always modifies
+ execsize
+
+---
+ src/closures.c | 13 ++++---------
+ 1 file changed, 4 insertions(+), 9 deletions(-)
+
+--- a/src/libffi/src/closures.c
++++ b/src/libffi/src/closures.c
+@@ -568,16 +568,11 @@
+ 	 MREMAP_DUP and prot at this point.  */
+     }
+ 
+-  if (execsize == 0 || execfd == -1)
+-    {
+-      pthread_mutex_lock (&open_temp_exec_file_mutex);
+-      ptr = dlmmap_locked (start, length, prot, flags, offset);
+-      pthread_mutex_unlock (&open_temp_exec_file_mutex);
++  pthread_mutex_lock (&open_temp_exec_file_mutex);
++  ptr = dlmmap_locked (start, length, prot, flags, offset);
++  pthread_mutex_unlock (&open_temp_exec_file_mutex);
+ 
+-      return ptr;
+-    }
+-
+-  return dlmmap_locked (start, length, prot, flags, offset);
++  return ptr;
+ }
+ 
+ /* Release memory at the given address, as well as the corresponding
diff --git a/debian/rules.patch b/debian/rules.patch
index 45c441a..617583b 100644
--- a/debian/rules.patch
+++ b/debian/rules.patch
@@ -91,6 +91,8 @@ debian_patches += \
 	pr77379 \
 	$(if $(with_linaro_branch),,vulcan-cpu) \
 	$(if $(with_linaro_branch),,vulcan-costs) \
+	libffi-pax \
+	libffi-race-condition \
 
 # this is still needed on powerpc, e.g. firefox and insighttoolkit4 will ftbfs.
 ifneq (,$(filter $(DEB_TARGET_ARCH),powerpc))

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/gcc-6.git

More information about the Reproducible-commits mailing list