aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--boehm-gc/ChangeLog5
-rwxr-xr-xboehm-gc/configure14
-rw-r--r--boehm-gc/configure.ac10
-rw-r--r--libffi/ChangeLog10
-rw-r--r--libffi/src/closures.c64
5 files changed, 88 insertions, 15 deletions
diff --git a/boehm-gc/ChangeLog b/boehm-gc/ChangeLog
index 89cabf0..aad8839 100644
--- a/boehm-gc/ChangeLog
+++ b/boehm-gc/ChangeLog
@@ -1,3 +1,8 @@
+2007-04-03 Jakub Jelinek <jakub@redhat.com>
+
+ * configure.ac (NO_EXECUTE_PERMISSION): Set by default.
+ * configure: Rebuilt.
+
2007-03-07 Alexandre Oliva <aoliva@redhat.com>
* include/gc.h (GC_REGISTER_FINALIZER_UNREACHABLE): New.
diff --git a/boehm-gc/configure b/boehm-gc/configure
index 8d34fbd..c13c8ec 100755
--- a/boehm-gc/configure
+++ b/boehm-gc/configure
@@ -6826,11 +6826,9 @@ LIBS="$oldLIBS"
# Configuration of machine-dependent code
#
-# We don't set NO_EXECUTE_PERMISSION by default because gcj (and
-# anything else that creates trampolines in gc-allocated memory)
-# always needs exec permission. The exceptions to this are IA-64 and
-# some variations of Power PC, where trampolines don't contain
-# executable code.
+# Set NO_EXECUTE_PERMISSION by default because gcj already uses
+# ffi_closure_{alloc,free} which takes care of allocating trampolines
+# in executable memory.
#
echo "$as_me:$LINENO: checking which machine-dependent code should be used" >&5
echo $ECHO_N "checking which machine-dependent code should be used... $ECHO_C" >&6
@@ -6891,14 +6889,14 @@ _ACEOF
machdep="sparc_mach_dep.lo"
;;
ia64-*-*)
+ machdep="mach_dep.lo ia64_save_regs_in_stack.lo"
+ ;;
+esac
cat >>confdefs.h <<\_ACEOF
#define NO_EXECUTE_PERMISSION 1
_ACEOF
- machdep="mach_dep.lo ia64_save_regs_in_stack.lo"
- ;;
-esac
if test x"$machdep" = x; then
echo "$as_me:$LINENO: result: $machdep" >&5
echo "${ECHO_T}$machdep" >&6
diff --git a/boehm-gc/configure.ac b/boehm-gc/configure.ac
index afc014d..d4dd16b 100644
--- a/boehm-gc/configure.ac
+++ b/boehm-gc/configure.ac
@@ -364,11 +364,9 @@ LIBS="$oldLIBS"
# Configuration of machine-dependent code
#
-# We don't set NO_EXECUTE_PERMISSION by default because gcj (and
-# anything else that creates trampolines in gc-allocated memory)
-# always needs exec permission. The exceptions to this are IA-64 and
-# some variations of Power PC, where trampolines don't contain
-# executable code.
+# Set NO_EXECUTE_PERMISSION by default because gcj already uses
+# ffi_closure_{alloc,free} which takes care of allocating trampolines
+# in executable memory.
#
AC_MSG_CHECKING(which machine-dependent code should be used)
machdep=
@@ -411,10 +409,10 @@ case "$host" in
machdep="sparc_mach_dep.lo"
;;
ia64-*-*)
- AC_DEFINE(NO_EXECUTE_PERMISSION,1,[cause some or all of the heap to not have execute permission])
machdep="mach_dep.lo ia64_save_regs_in_stack.lo"
;;
esac
+AC_DEFINE(NO_EXECUTE_PERMISSION,1,[cause some or all of the heap to not have execute permission])
if test x"$machdep" = x; then
AC_MSG_RESULT($machdep)
machdep="mach_dep.lo"
diff --git a/libffi/ChangeLog b/libffi/ChangeLog
index 23ae5f8..f47682e9 100644
--- a/libffi/ChangeLog
+++ b/libffi/ChangeLog
@@ -1,3 +1,13 @@
+2007-04-03 Jakub Jelinek <jakub@redhat.com>
+
+ * src/closures.c: Include sys/statfs.h.
+ (_GNU_SOURCE): Define on Linux.
+ (FFI_MMAP_EXEC_SELINUX): Define.
+ (selinux_enabled): New variable.
+ (selinux_enabled_check): New function.
+ (is_selinux_enabled): Define.
+ (dlmmap): Use it.
+
2007-03-24 Uros Bizjak <ubizjak@gmail.com>
* testsuite/libffi.call/return_fl2.c (return_fl): Mark as static.
diff --git a/libffi/src/closures.c b/libffi/src/closures.c
index 99be5ac..ec956d0 100644
--- a/libffi/src/closures.c
+++ b/libffi/src/closures.c
@@ -23,6 +23,10 @@
OTHER DEALINGS IN THE SOFTWARE.
----------------------------------------------------------------------- */
+#if defined __linux__ && !defined _GNU_SOURCE
+#define _GNU_SOURCE 1
+#endif
+
#include <ffi.h>
#include <ffi_common.h>
@@ -39,6 +43,15 @@
# endif
#endif
+#if FFI_MMAP_EXEC_WRIT && !defined FFI_MMAP_EXEC_SELINUX
+# ifdef __linux__
+/* When defined to 1 check for SELinux and if SELinux is active,
+ don't attempt PROT_EXEC|PROT_WRITE mapping at all, as that
+ might cause audit messages. */
+# define FFI_MMAP_EXEC_SELINUX 1
+# endif
+#endif
+
#if FFI_CLOSURES
# if FFI_MMAP_EXEC_WRIT
@@ -87,6 +100,55 @@
#include <sys/mman.h>
#define LACKS_SYS_MMAN_H 1
+#if FFI_MMAP_EXEC_SELINUX
+#include <sys/statfs.h>
+#include <stdlib.h>
+
+static int selinux_enabled = -1;
+
+static int
+selinux_enabled_check (void)
+{
+ struct statfs sfs;
+ FILE *f;
+ char *buf = NULL;
+ size_t len = 0;
+
+ if (statfs ("/selinux", &sfs) >= 0
+ && (unsigned int) sfs.f_type == 0xf97cff8cU)
+ return 1;
+ f = fopen ("/proc/mounts", "r");
+ if (f == NULL)
+ return 0;
+ while (getline (&buf, &len, f) >= 0)
+ {
+ char *p = strchr (buf, ' ');
+ if (p == NULL)
+ break;
+ p = strchr (p + 1, ' ');
+ if (p == NULL)
+ break;
+ if (strncmp (p + 1, "selinuxfs ", 10) != 0)
+ {
+ free (buf);
+ fclose (f);
+ return 1;
+ }
+ }
+ free (buf);
+ fclose (f);
+ return 0;
+}
+
+#define is_selinux_enabled() (selinux_enabled >= 0 ? selinux_enabled \
+ : (selinux_enabled = selinux_enabled_check ()))
+
+#else
+
+#define is_selinux_enabled() 0
+
+#endif
+
#define MAYBE_UNUSED __attribute__((__unused__))
/* Declare all functions defined in dlmalloc.c as static. */
@@ -358,7 +420,7 @@ dlmmap (void *start, size_t length, int prot,
printf ("mapping in %zi\n", length);
#endif
- if (execfd == -1)
+ if (execfd == -1 && !is_selinux_enabled ())
{
ptr = mmap (start, length, prot | PROT_EXEC, flags, fd, offset);