make Android use mmap to make write+exec mappings#265
make Android use mmap to make write+exec mappings#265notaz wants to merge 2 commits intolibffi:masterfrom
Conversation
Some Android versions use SELinux, but it doesn't seem to complain about write+exec mappings. Also the check depends on getline(), which older versions of NDK lack.
On Linux, by default libffi relies on malloc() memory to have write+execute permissions, which is usually comes as a side effect of making the stack executable (either by execstack linker option or by compiling and linking some .S files; libffi linked programs get linked to such objects). On Android, at least on some versions of NDK for ARM, it is not enough to just link some objects compiled from .S (or libffi) to enable execstack and to get executable heap, so libffi just crashes in such configuration. It can be argued it's not even desirable to make the whole heap executable because of security implications, so enable FFI_MMAP_EXEC_WRIT to make only needed memory executable instead.
|
Thanks for this. As reported by Xavier de Gaye at http://bugs.python.org/issue26865#msg264746, I guess @xdegaye is exactly the aforementioned Xavier de Gaye. If not sorry for bothering. I don't have a x86 machine and I don't trust the result of emulators. Does anyone have a x86 or MIPS Android device and have tried libffi on it? |
|
After discussion with @xdegaye, I turn to unified implementation on Android, regardless of architectures. Is anybody still looking at this PR? |
|
The most recent versions of Android use selinux. The following tests from the Python test suite that used to crash python before commit 93d8e7d also do not crash python when the change made by this commit in src/closures.c is reverted (IOW on Android one should test whether selinux is enabled as for any other linux platform): |
Similar to PR libffi#265 [1], we need to enable FFI_MMAP_EXEC_WRIT to use explicit write+exec mapping on DragonFly BSD. Without this fix, we were having segfaults with Meld [2]; it would crash with SIGSEGV after 5 diff operations. The crash was caused by it attempting to execute code from non-execute memory region. Moreover, if we set the `machdep.pmap_nx_enable=2` tunable (i.e., strict NX mode), Meld would crash upon the first diff operation. Fix the `configure.ac` script to enable `FFI_MMAP_EXEC_WRIT` for DragonFly BSD. In addition, add it to the supported platforms table. [1] libffi#265 [2] https://meldmerge.org/
Similar to PR #265 [1], we need to enable FFI_MMAP_EXEC_WRIT to use explicit write+exec mapping on DragonFly BSD. Without this fix, we were having segfaults with Meld [2]; it would crash with SIGSEGV after 5 diff operations. The crash was caused by it attempting to execute code from non-execute memory region. Moreover, if we set the `machdep.pmap_nx_enable=2` tunable (i.e., strict NX mode), Meld would crash upon the first diff operation. Fix the `configure.ac` script to enable `FFI_MMAP_EXEC_WRIT` for DragonFly BSD. In addition, add it to the supported platforms table. [1] #265 [2] https://meldmerge.org/
This is rebased #240