[Mesa-dev] [PATCH] gallium/rtasm: add support for SELinux

Emil Velikov emil.l.velikov at gmail.com
Sat Jan 11 09:09:12 PST 2014 

Implementation is identical to the one used by classic mesa, and
prevent driver segfault when mmap() fails.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=73473
Signed-off-by: Emil Velikov <emil.l.velikov at gmail.com>
Cc: 9.1 9.2 10.0 <mesa-stable at lists.freedesktop.org>
---

According to #gentoo-hardened people this is not the optimal
solution and one should check for M (or m) in /proc/self/status
if PaX is enabled.

Either way this patch prevents segfaults in _every_ gallium
driver and the bug is present since day one, so let's avoid the
crash initially and worry about the rest later on.

---

 src/gallium/auxiliary/rtasm/rtasm_execmem.c | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/gallium/auxiliary/rtasm/rtasm_execmem.c b/src/gallium/auxiliary/rtasm/rtasm_execmem.c
index edc1b66..16fb98a 100644
--- a/src/gallium/auxiliary/rtasm/rtasm_execmem.c
+++ b/src/gallium/auxiliary/rtasm/rtasm_execmem.c
@@ -61,6 +61,10 @@
 #include <sys/mman.h>
 #include "util/u_mm.h"
 
+#ifdef MESA_SELINUX
+#include <selinux/selinux.h>
+#endif
+
 #define EXEC_HEAP_SIZE (10*1024*1024)
 
 pipe_static_mutex(exec_mutex);
@@ -69,9 +73,17 @@ static struct mem_block *exec_heap = NULL;
 static unsigned char *exec_mem = NULL;
 
 
-static void
+static int
 init_heap(void)
 {
+#ifdef MESA_SELINUX
+   if (is_selinux_enabled()) {
+      if (!security_get_boolean_active("allow_execmem") ||
+	  !security_get_boolean_pending("allow_execmem"))
+         return 0;
+   }
+#endif
+
    if (!exec_heap)
       exec_heap = u_mmInit( 0, EXEC_HEAP_SIZE );
    
@@ -79,6 +91,8 @@ init_heap(void)
       exec_mem = (unsigned char *) mmap(0, EXEC_HEAP_SIZE, 
 					PROT_EXEC | PROT_READ | PROT_WRITE, 
 					MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+
+   return (exec_mem != MAP_FAILED);
 }
 
 
@@ -90,7 +104,8 @@ rtasm_exec_malloc(size_t size)
 
    pipe_mutex_lock(exec_mutex);
 
-   init_heap();
+   if (!init_heap())
+      goto bail;
 
    if (exec_heap) {
       size = (size + 31) & ~31;  /* next multiple of 32 bytes */
@@ -101,7 +116,8 @@ rtasm_exec_malloc(size_t size)
       addr = exec_mem + block->ofs;
    else 
       debug_printf("rtasm_exec_malloc failed\n");
-   
+
+bail:
    pipe_mutex_unlock(exec_mutex);
    
    return addr;
-- 
1.8.5.1

More information about the mesa-dev mailing list