[Mesa-stable] [Mesa-dev] [PATCH] Disable the code that allocates W|X memory on OpenBSD

Jonathan Gray jsg at jsg.id.au
Thu Sep 8 18:10:16 UTC 2016


On Thu, Sep 08, 2016 at 06:57:44PM +0100, Emil Velikov wrote:
> On 1 September 2016 at 18:23, Jonathan Gray <jsg at jsg.id.au> wrote:
> > OpenBSD now has strict W^X enforcement.  Processes that violate
> > the policy get killed by the kernel.  Don't attempt to use
> > executable memory on OpenBSD to avoid this.
> >
> > Patch from Mark Kettenis.
> >
> 
> > --- a/src/gallium/auxiliary/rtasm/rtasm_execmem.c
> > +++ b/src/gallium/auxiliary/rtasm/rtasm_execmem.c
> > @@ -69,6 +69,16 @@ static struct mem_block *exec_heap = NULL;
> >  static unsigned char *exec_mem = NULL;
> >
> >
> > +#ifdef __OpenBSD__
> > +
> > +static int
> > +init_heap(void)
> > +{
> > +   return 0;
> > +}
> Afaict this is equivalent to using the #else path in translate_see.c.
> In general I'm wondering if we can/should not have a configure toggle
> for this. Then again please look below.
> 
> 
> > --- a/src/mapi/u_execmem.c
> > +++ b/src/mapi/u_execmem.c
> > @@ -45,8 +45,15 @@ static unsigned int head = 0;
> >
> >  static unsigned char *exec_mem = (unsigned char *)0;
> >
> > +#if defined(__OpenBSD__)
> >
> > -#if defined(__linux__) || defined(__OpenBSD__) || defined(_NetBSD__) || defined(__sun) || defined(__HAIKU__)
> > +static int
> > +init_map(void)
> > +{
> > +  return 0;
> > +}
> > +
> And this one to --disable-glx-tls and/or --disable-asm. Which reminds
> me of - have you guys tried enabling either/both of them. Has there
> been (m)any issues ?
> 
> For a long while the intent has been to use --enable-glx-tls by
> default and kill off the other codepaths. But with the write xor
> execute policy, it's going to be (close to) impossible.

Full tls support is not in the OpenBSD tree currently, though the
remaining parts were being looked at including enabling tls with Mesa
last week.  I'm not sure what state that work is in currently.

> Have you guys considered a way to disable the restriction for usecases
> that need the behaviour ?

The limited exceptions involve flagging binaries and having to mount
the filesystem containing them with a flag.  This is mostly a temporary
measure as I understand it and libraries especially should not be creating
W|X mappings.


More information about the mesa-stable mailing list