Index: libffi/ChangeLog =================================================================== --- libffi.orig/ChangeLog +++ libffi/ChangeLog @@ -3,6 +3,14 @@ * src/powerpc/linux64_closure.S: Add new ABI support. * src/powerpc/linux64.S: Likewise. +2012-10-30 Magnus Granberg + Pavel Labushev + + * configure.ac: New options pax_emutramp + * configure, fficonfig.h.in: Regenerated + * src/closures.c: New function emutramp_enabled_check() and + checks. + 2012-10-30 Frederick Cheung * configure.ac: Enable FFI_MAP_EXEC_WRIT for Darwin 12 (mountain Index: libffi/README =================================================================== --- libffi.orig/README +++ libffi/README @@ -154,6 +154,7 @@ See the ChangeLog files for details. Add Blackfin support. Add TILE-Gx/TILEPro support. Add AArch64 support. + Add support for PaX enabled kernels with MPROTECT. 3.0.11 Apr-11-12 Lots of build fixes. Index: libffi/configure =================================================================== --- libffi.orig/configure +++ libffi/configure @@ -826,6 +826,7 @@ enable_libtool_lock enable_portable_binary with_gcc_arch enable_maintainer_mode +enable_pax_emutramp enable_debug enable_structs enable_raw_api @@ -1473,6 +1474,7 @@ Optional Features: unportable binaries --enable-maintainer-mode enable make rules and dependencies not useful (and sometimes confusing) to the casual installer + --enable-pax_emutramp enable pax emulated trampolines, for we can't use PROT_EXEC --enable-debug debugging mode --disable-structs omit code for struct support --disable-raw-api make the raw api unavailable @@ -14457,6 +14459,16 @@ $as_echo "#define SYMBOL_UNDERSCORE 1" > fi fi +# On PaX enable kernels that have MPROTECT enable we can't use PROT_EXEC. +# Check whether --enable-pax_emutramp was given. +if test "${enable_pax_emutramp+set}" = set; then : + enableval=$enable_pax_emutramp; if test "$enable_pax_emutramp" = "yes"; then + +$as_echo "#define FFI_MMAP_EXEC_EMUTRAMP_PAX 1" >>confdefs.h + + fi +fi + FFI_EXEC_TRAMPOLINE_TABLE=0 case "$target" in Index: libffi/configure.ac =================================================================== --- libffi.orig/configure.ac +++ libffi/configure.ac @@ -352,6 +352,13 @@ if test x$TARGET = xX86_WIN64; then fi fi +# On PaX enable kernels that have MPROTECT enable we can't use PROT_EXEC. +AC_ARG_ENABLE(pax_emutramp, + [ --enable-pax_emutramp enable pax emulated trampolines, for we can't use PROT_EXEC], + if test "$enable_pax_emutramp" = "yes"; then + AC_DEFINE(FFI_MMAP_EXEC_EMUTRAMP_PAX, 1, + [Define this if you want to enable pax emulated trampolines]) + fi) FFI_EXEC_TRAMPOLINE_TABLE=0 case "$target" in Index: libffi/src/closures.c =================================================================== --- libffi.orig/src/closures.c +++ libffi/src/closures.c @@ -172,6 +172,27 @@ selinux_enabled_check (void) #endif /* !FFI_MMAP_EXEC_SELINUX */ +/* On PaX enable kernels that have MPROTECT enable we can't use PROT_EXEC. */ +#ifdef FFI_MMAP_EXEC_EMUTRAMP_PAX +#include + +static int emutramp_enabled = -1; + +static int +emutramp_enabled_check (void) +{ + if (getenv ("FFI_DISABLE_EMUTRAMP") == NULL) + return 1; + else + return 0; +} + +#define is_emutramp_enabled() (emutramp_enabled >= 0 ? emutramp_enabled \ + : (emutramp_enabled = emutramp_enabled_check ())) +#else +#define is_emutramp_enabled() 0 +#endif /* FFI_MMAP_EXEC_EMUTRAMP_PAX */ + #elif defined (__CYGWIN__) || defined(__INTERIX) #include @@ -458,6 +479,12 @@ dlmmap (void *start, size_t length, int printf ("mapping in %zi\n", length); #endif + if (execfd == -1 && is_emutramp_enabled ()) + { + ptr = mmap (start, length, prot & ~PROT_EXEC, flags, fd, offset); + return ptr; + } + if (execfd == -1 && !is_selinux_enabled ()) { ptr = mmap (start, length, prot | PROT_EXEC, flags, fd, offset);