[Mesa-dev] [PATCH] New configure option for mesa to enable readonly text segments for x86

Thu Feb 10 09:44:54 PST 2011

Magnus Granberg <zorry at gentoo.org> writes:
> This patch add new configure options to enable readonly text segments
> for x86 For any apps that use any libGL with writeble text segments
> on x86 with a Grsec/PaX/Selinux enable kernel get killed with cannot
> make segment writable for relocation: Permission denied. This
> patch was okay with Dan Nicholson from the old mesa3d-dev ml on
> sourceforge.com byt fas never commited.

Uhh.. what's the point?

If you --enable-glx-tls, then Mesa plays well with SELinux.  I did
notice a bug a while back, where on x86 (and not x86_64!) a define
wasn't propagating correctly and this resulted in a lone unrelocatable
symbol.  I actually have trouble finding an x86 system these days, to
be quite honest.

I'll see if I can dig up that patch and send it to you off-list.  If
you can test it for me && submit it to this dev-list, I'd be grateful.
I'd vote that it get fixed that way instead of a new, redundant
configure option.  Especially since I plan on making --enable-glx-tls a
default=autodetect instead of default=disabled option soon enough.

Side note to your or anyone, IMHO if you're building for a Linux distro
you almost assuredly want to force --enable-glx-tls.  The only reason
it's not the default is for esoteric systems / runtimes (i.e. not the
nornmal Linux situation) that have not managed to implement TLS yet.

-tom

> http://marc.info/?l=mesa3d-dev&m=125972126112796&w=2
> 
> /Magnus
> ---
> 
> --Boundary-00=_rwxUNrN97g4U9RI
> Content-Type: text/x-patch;
>   charset="UTF-8";
>   name="glx_ro_text_segm.patch"
> Content-Transfer-Encoding: 7bit
> Content-Disposition: attachment;
> 	filename="glx_ro_text_segm.patch"
> 
> 2011-02-09	Jeremy Huddleston <jeremyhu at freedesktop.org
> 
> 		* configure.ac	add support to enable readonly test segment on 
> x86
> 
> --- configure.ac.orig	2008-11-17 23:19:38.000000000 +0100
> +++ configure.ac	2008-11-17 23:20:17.000000000 +0100
> @@ -499,6 +499,20 @@
>      enable_xcb=no
>  fi
>  
> +
> +dnl readonly text segment on x86 hardened platforms
> +AC_ARG_ENABLE([glx_rts],
> +    [AS_HELP_STRING([--enable-glx-rts],
> +        [on x86, use a readonly text segment for libGL @<:@default=disabled@
> :>@])],
> +    [enable_glx_rts="$enableval"],
> +    [enable_glx_rts=no])
> +if test "x$enable_glx_rts" = xyes; then
> +    DEFINES="$DEFINES -DGLX_X86_READONLY_TEXT"
> +else
> +    enable_glx_rts=no
> +fi
> +
> +
>  dnl
>  dnl libGL configuration per driver
>  dnl
> 
> --Boundary-00=_rwxUNrN97g4U9RI
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> mesa-dev mailing list
> mesa-dev at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/mesa-dev
> 
> --Boundary-00=_rwxUNrN97g4U9RI--