diff options
-rw-r--r-- | boehm-gc/ChangeLog | 5 | ||||
-rwxr-xr-x | boehm-gc/configure | 14 | ||||
-rw-r--r-- | boehm-gc/configure.ac | 10 | ||||
-rw-r--r-- | libffi/ChangeLog | 10 | ||||
-rw-r--r-- | libffi/src/closures.c | 64 |
5 files changed, 88 insertions, 15 deletions
diff --git a/boehm-gc/ChangeLog b/boehm-gc/ChangeLog index 89cabf0..aad8839 100644 --- a/boehm-gc/ChangeLog +++ b/boehm-gc/ChangeLog @@ -1,3 +1,8 @@ +2007-04-03 Jakub Jelinek <jakub@redhat.com> + + * configure.ac (NO_EXECUTE_PERMISSION): Set by default. + * configure: Rebuilt. + 2007-03-07 Alexandre Oliva <aoliva@redhat.com> * include/gc.h (GC_REGISTER_FINALIZER_UNREACHABLE): New. diff --git a/boehm-gc/configure b/boehm-gc/configure index 8d34fbd..c13c8ec 100755 --- a/boehm-gc/configure +++ b/boehm-gc/configure @@ -6826,11 +6826,9 @@ LIBS="$oldLIBS" # Configuration of machine-dependent code # -# We don't set NO_EXECUTE_PERMISSION by default because gcj (and -# anything else that creates trampolines in gc-allocated memory) -# always needs exec permission. The exceptions to this are IA-64 and -# some variations of Power PC, where trampolines don't contain -# executable code. +# Set NO_EXECUTE_PERMISSION by default because gcj already uses +# ffi_closure_{alloc,free} which takes care of allocating trampolines +# in executable memory. # echo "$as_me:$LINENO: checking which machine-dependent code should be used" >&5 echo $ECHO_N "checking which machine-dependent code should be used... $ECHO_C" >&6 @@ -6891,14 +6889,14 @@ _ACEOF machdep="sparc_mach_dep.lo" ;; ia64-*-*) + machdep="mach_dep.lo ia64_save_regs_in_stack.lo" + ;; +esac cat >>confdefs.h <<\_ACEOF #define NO_EXECUTE_PERMISSION 1 _ACEOF - machdep="mach_dep.lo ia64_save_regs_in_stack.lo" - ;; -esac if test x"$machdep" = x; then echo "$as_me:$LINENO: result: $machdep" >&5 echo "${ECHO_T}$machdep" >&6 diff --git a/boehm-gc/configure.ac b/boehm-gc/configure.ac index afc014d..d4dd16b 100644 --- a/boehm-gc/configure.ac +++ b/boehm-gc/configure.ac @@ -364,11 +364,9 @@ LIBS="$oldLIBS" # Configuration of machine-dependent code # -# We don't set NO_EXECUTE_PERMISSION by default because gcj (and -# anything else that creates trampolines in gc-allocated memory) -# always needs exec permission. The exceptions to this are IA-64 and -# some variations of Power PC, where trampolines don't contain -# executable code. +# Set NO_EXECUTE_PERMISSION by default because gcj already uses +# ffi_closure_{alloc,free} which takes care of allocating trampolines +# in executable memory. # AC_MSG_CHECKING(which machine-dependent code should be used) machdep= @@ -411,10 +409,10 @@ case "$host" in machdep="sparc_mach_dep.lo" ;; ia64-*-*) - AC_DEFINE(NO_EXECUTE_PERMISSION,1,[cause some or all of the heap to not have execute permission]) machdep="mach_dep.lo ia64_save_regs_in_stack.lo" ;; esac +AC_DEFINE(NO_EXECUTE_PERMISSION,1,[cause some or all of the heap to not have execute permission]) if test x"$machdep" = x; then AC_MSG_RESULT($machdep) machdep="mach_dep.lo" diff --git a/libffi/ChangeLog b/libffi/ChangeLog index 23ae5f8..f47682e9 100644 --- a/libffi/ChangeLog +++ b/libffi/ChangeLog @@ -1,3 +1,13 @@ +2007-04-03 Jakub Jelinek <jakub@redhat.com> + + * src/closures.c: Include sys/statfs.h. + (_GNU_SOURCE): Define on Linux. + (FFI_MMAP_EXEC_SELINUX): Define. + (selinux_enabled): New variable. + (selinux_enabled_check): New function. + (is_selinux_enabled): Define. + (dlmmap): Use it. + 2007-03-24 Uros Bizjak <ubizjak@gmail.com> * testsuite/libffi.call/return_fl2.c (return_fl): Mark as static. diff --git a/libffi/src/closures.c b/libffi/src/closures.c index 99be5ac..ec956d0 100644 --- a/libffi/src/closures.c +++ b/libffi/src/closures.c @@ -23,6 +23,10 @@ OTHER DEALINGS IN THE SOFTWARE. ----------------------------------------------------------------------- */ +#if defined __linux__ && !defined _GNU_SOURCE +#define _GNU_SOURCE 1 +#endif + #include <ffi.h> #include <ffi_common.h> @@ -39,6 +43,15 @@ # endif #endif +#if FFI_MMAP_EXEC_WRIT && !defined FFI_MMAP_EXEC_SELINUX +# ifdef __linux__ +/* When defined to 1 check for SELinux and if SELinux is active, + don't attempt PROT_EXEC|PROT_WRITE mapping at all, as that + might cause audit messages. */ +# define FFI_MMAP_EXEC_SELINUX 1 +# endif +#endif + #if FFI_CLOSURES # if FFI_MMAP_EXEC_WRIT @@ -87,6 +100,55 @@ #include <sys/mman.h> #define LACKS_SYS_MMAN_H 1 +#if FFI_MMAP_EXEC_SELINUX +#include <sys/statfs.h> +#include <stdlib.h> + +static int selinux_enabled = -1; + +static int +selinux_enabled_check (void) +{ + struct statfs sfs; + FILE *f; + char *buf = NULL; + size_t len = 0; + + if (statfs ("/selinux", &sfs) >= 0 + && (unsigned int) sfs.f_type == 0xf97cff8cU) + return 1; + f = fopen ("/proc/mounts", "r"); + if (f == NULL) + return 0; + while (getline (&buf, &len, f) >= 0) + { + char *p = strchr (buf, ' '); + if (p == NULL) + break; + p = strchr (p + 1, ' '); + if (p == NULL) + break; + if (strncmp (p + 1, "selinuxfs ", 10) != 0) + { + free (buf); + fclose (f); + return 1; + } + } + free (buf); + fclose (f); + return 0; +} + +#define is_selinux_enabled() (selinux_enabled >= 0 ? selinux_enabled \ + : (selinux_enabled = selinux_enabled_check ())) + +#else + +#define is_selinux_enabled() 0 + +#endif + #define MAYBE_UNUSED __attribute__((__unused__)) /* Declare all functions defined in dlmalloc.c as static. */ @@ -358,7 +420,7 @@ dlmmap (void *start, size_t length, int prot, printf ("mapping in %zi\n", length); #endif - if (execfd == -1) + if (execfd == -1 && !is_selinux_enabled ()) { ptr = mmap (start, length, prot | PROT_EXEC, flags, fd, offset); |