NetBSD Problem Report #53474
From www@NetBSD.org Thu Jul 26 14:11:59 2018
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id B67AE7A1B0
for <gnats-bugs@gnats.NetBSD.org>; Thu, 26 Jul 2018 14:11:59 +0000 (UTC)
Message-Id: <20180726141158.7C4F57A210@mollari.NetBSD.org>
Date: Thu, 26 Jul 2018 14:11:58 +0000 (UTC)
From: zh_jq@outlook.com
Reply-To: zh_jq@outlook.com
To: gnats-bugs@NetBSD.org
Subject: mmap get anon execuable memory return MAP_FAILED
X-Send-Pr-Version: www-1.0
>Number: 53474
>Category: kern
>Synopsis: mmap get anon execuable memory return MAP_FAILED
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jul 26 14:15:00 +0000 2018
>Closed-Date: Thu Jul 26 14:23:34 +0000 2018
>Last-Modified: Fri Jul 27 10:25:00 +0000 2018
>Originator: Zhang Jingqiang
>Release: 8.0
>Organization:
>Environment:
NetBSD localhost 8.0 NetBSD 8.0 (GENERIC) #0: Tue Jul 17 14:59:51 UTC 2018 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
When use mmap to allocate MAP_ANON executable memory, it always returns MAP_FAILED.
This makes pcre2_jit_compile returns NOMEMORY error, as they use this in "src/sljit/sljitExecAllocator.c".
>How-To-Repeat:
Use the following test program:
--
#include <stdio.h>
#include <sys/mman.h>
int main(int argc, char *argv[])
{
void *retval = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANON, -1, 0);
printf("retval: %p\n", retval);
return 0;
}
--
Compile using the following command:
--
gcc -o test test.c
--
Then run ./test, you will get
retval: 0xffffffffffffffff
But if we run the program with gdb, it works as expected.
And if remove PROT_EXEC, the program works also.
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Thu, 26 Jul 2018 14:23:34 +0000
State-Changed-Why:
Not a bug
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/53474: mmap get anon execuable memory return MAP_FAILED
Date: Thu, 26 Jul 2018 16:22:53 +0200
On Thu, Jul 26, 2018 at 02:15:00PM +0000, zh_jq@outlook.com wrote:
> void *retval = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANON, -1, 0);
You can not create writable + executable mappings when pax mprotect is
active (which is the default on many architectures). See mremap(2).
Martin
From: =?utf-8?B?5bygIOaVrOW8ug==?= <zh_jq@outlook.com>
To: "gnats-bugs@netbsd.org" <gnats-bugs@netbsd.org>
Cc: Martin Husemann <martin@duskware.de>
Subject: Re: kern/53474: mmap get anon execuable memory return MAP_FAILED
Date: Thu, 26 Jul 2018 15:04:56 +0000
5ZyoIDIwMTjlubQ35pyIMjbml6XmmJ/mnJ/lm5sgQ1NUIOS4i+WNiDEwOjI1OjAw77yMTWFydGlu
IEh1c2VtYW5uIOWGmemBk++8mg0KPiAgT24gVGh1LCBKdWwgMjYsIDIwMTggYXQgMDI6MTU6MDBQ
TSArMDAwMCwgemhfanFAb3V0bG9vay5jb20gd3JvdGU6DQo+ICA+ICAgICAgICAgdm9pZCAqcmV0
dmFsID0gbW1hcChOVUxMLCA0MDk2LCBQUk9UX1JFQUQgfCBQUk9UX1dSSVRFIHwNCj4gID4gICAg
ICAgICBQUk9UX0VYRUMsIE1BUF9QUklWQVRFIHwgTUFQX0FOT04sIC0xLCAwKTsNCj4gIFlvdSBj
YW4gbm90IGNyZWF0ZSB3cml0YWJsZSArIGV4ZWN1dGFibGUgbWFwcGluZ3Mgd2hlbiBwYXggbXBy
b3RlY3QgaXMNCj4gIGFjdGl2ZSAod2hpY2ggaXMgdGhlIGRlZmF1bHQgb24gbWFueSBhcmNoaXRl
Y3R1cmVzKS4gU2VlIG1yZW1hcCgyKS4NCk9LLCBnb3QgaXQuDQpJIHdpbGwgd3JpdGUgYSBidWcg
cmVwb3J0IHRvIHBjcmUyLg0KQXMgYSB0ZW1wcmF0ZSBzb2x1dGlvbiBJIHdpbGwgZGlzYWJsZSBz
ZWN1cml0eS5wYXgubXByb3RlY3QuZW5hYmxlZC4NClRoYW5rcw0KDQoNCg0KDQo=
From: Joerg Sonnenberger <joerg@bec.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/53474: mmap get anon execuable memory return MAP_FAILED
Date: Thu, 26 Jul 2018 22:53:23 +0200
On Thu, Jul 26, 2018 at 02:25:00PM +0000, Martin Husemann wrote:
> The following reply was made to PR kern/53474; it has been noted by GNATS.
>
> From: Martin Husemann <martin@duskware.de>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: kern/53474: mmap get anon execuable memory return MAP_FAILED
> Date: Thu, 26 Jul 2018 16:22:53 +0200
>
> On Thu, Jul 26, 2018 at 02:15:00PM +0000, zh_jq@outlook.com wrote:
> > void *retval = mmap(NULL, 4096, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANON, -1, 0);
>
> You can not create writable + executable mappings when pax mprotect is
> active (which is the default on many architectures). See mremap(2).
Also, this has nothing to do with MAP_ANON.
Joerg
From: ? ?? <zh_jq@outlook.com>
To: "gnats-bugs@netbsd.org" <gnats-bugs@netbsd.org>
Cc: Martin Husemann <martin@duskware.de>
Subject: Re: kern/53474: mmap get anon execuable memory return MAP_FAILED
Date: Thu, 26 Jul 2018 15:19:44 +0000
Sorry, resend again, as the previous one has been changed by outlook.com
> On Thu, Jul 26, 2018 at 02:15:00PM +0000, zh_jq@outlook.com wrote:
> > void *retval =3D mmap(NULL, 4096, PROT_READ | PROT_WRITE |
> > PROT_EXEC, MAP_PRIVATE | MAP_ANON, -1, 0);
> You can not create writable + executable mappings when pax mprotect is
> active (which is the default on many architectures). See mremap(2).
OK, got it.
I will write a bug report to pcre2.
As a temprate solution I will disable security.pax.mprotect.enabled.
Thanks
From: Joerg Sonnenberger <joerg@bec.de>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org, zh_jq@outlook.com
Subject: Re: kern/53474: mmap get anon execuable memory return MAP_FAILED
Date: Fri, 27 Jul 2018 12:21:39 +0200
On Thu, Jul 26, 2018 at 10:40:01PM +0000, ? ?? wrote:
> The following reply was made to PR kern/53474; it has been noted by GNATS.
>
> From: ? ?? <zh_jq@outlook.com>
> To: "gnats-bugs@netbsd.org" <gnats-bugs@netbsd.org>
> Cc: Martin Husemann <martin@duskware.de>
> Subject: Re: kern/53474: mmap get anon execuable memory return MAP_FAILED
> Date: Thu, 26 Jul 2018 15:19:44 +0000
>
> Sorry, resend again, as the previous one has been changed by outlook.com
> > On Thu, Jul 26, 2018 at 02:15:00PM +0000, zh_jq@outlook.com wrote:
> > > void *retval =3D mmap(NULL, 4096, PROT_READ | PROT_WRITE |
> > > PROT_EXEC, MAP_PRIVATE | MAP_ANON, -1, 0);
> > You can not create writable + executable mappings when pax mprotect is
> > active (which is the default on many architectures). See mremap(2).
> OK, got it.
> I will write a bug report to pcre2.
> As a temprate solution I will disable security.pax.mprotect.enabled.
pkgsrc/devel/libffi/patches/patch-src_closures.c illustrates a possible
fix.
Joerg
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.