diff options
| author | Adam Langley <agl@golang.org> | 2009-11-13 10:08:51 -0800 |
|---|---|---|
| committer | Adam Langley <agl@golang.org> | 2009-11-13 10:08:51 -0800 |
| commit | 6462f9307491d37af52007ae41f72c5fc411e769 (patch) | |
| tree | 84d3734c7512711d549eef0400de8e477b391863 | |
| parent | d98afc3f915fef85f2fe65295d685d6b45025333 (diff) | |
| download | golang-6462f9307491d37af52007ae41f72c5fc411e769.tar.gz | |
runtime: warn about SELinux based mmap failures on Linux.
SELinux will cause mmap to fail when we request w+x memory unless the
user has configured their policies. We have a warning in make.bash,
but it's quite likely that the policy will be reset at some point and
then all their binaries start failing.
This patch prints a warning on Linux when mmap fails with EACCES.
R=rsc
CC=golang-dev
http://codereview.appspot.com/152086
| -rwxr-xr-x | src/pkg/runtime/linux/386/sys.s | 5 | ||||
| -rw-r--r-- | src/pkg/runtime/linux/amd64/sys.s | 5 | ||||
| -rw-r--r-- | src/pkg/runtime/malloc.cgo | 13 | ||||
| -rw-r--r-- | src/pkg/runtime/mem.c | 7 | ||||
| -rw-r--r-- | src/pkg/runtime/runtime.h | 7 |
5 files changed, 32 insertions, 5 deletions
diff --git a/src/pkg/runtime/linux/386/sys.s b/src/pkg/runtime/linux/386/sys.s index cc793b420..097dfe915 100755 --- a/src/pkg/runtime/linux/386/sys.s +++ b/src/pkg/runtime/linux/386/sys.s @@ -69,8 +69,9 @@ TEXT runtime·mmap(SB),7,$0 SHRL $12, BP INT $0x80 CMPL AX, $0xfffff001 - JLS 2(PC) - INT $3 + JLS 3(PC) + NOTL AX + INCL AX RET // int32 futex(int32 *uaddr, int32 op, int32 val, diff --git a/src/pkg/runtime/linux/amd64/sys.s b/src/pkg/runtime/linux/amd64/sys.s index a78357fdb..238a423b1 100644 --- a/src/pkg/runtime/linux/amd64/sys.s +++ b/src/pkg/runtime/linux/amd64/sys.s @@ -81,8 +81,9 @@ TEXT runtime·mmap(SB),7,$0-32 MOVL $9, AX // syscall entry SYSCALL CMPQ AX, $0xfffffffffffff001 - JLS 2(PC) - CALL notok(SB) + JLS 3(PC) + NOTQ AX + INCQ AX RET TEXT notok(SB),7,$0 diff --git a/src/pkg/runtime/malloc.cgo b/src/pkg/runtime/malloc.cgo index 6a769c9e0..3b755fc4e 100644 --- a/src/pkg/runtime/malloc.cgo +++ b/src/pkg/runtime/malloc.cgo @@ -208,8 +208,19 @@ mallocinit(void) void* SysAlloc(uintptr n) { + void *p; mstats.sys += n; - return runtime_mmap(nil, n, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_ANON|MAP_PRIVATE, -1, 0); + p = runtime_mmap(nil, n, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_ANON|MAP_PRIVATE, -1, 0); + if(p < (void*)4096) { + if(p == (void*)EACCES) { + printf("mmap: access denied\n"); + printf("If you're running SELinux, enable execmem for this process.\n"); + } else { + printf("mmap: errno=%p\n", p); + } + exit(2); + } + return p; } void diff --git a/src/pkg/runtime/mem.c b/src/pkg/runtime/mem.c index 616d1a0e1..3cb59700f 100644 --- a/src/pkg/runtime/mem.c +++ b/src/pkg/runtime/mem.c @@ -20,6 +20,10 @@ brk(uint32 n) byte *v; v = runtime_mmap(nil, n, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_ANON|MAP_PRIVATE, 0, 0); + if(v < (void *)4096) { + printf("mmap: errno=%p\n", v); + exit(2); + } m->mem.nmmap += n; return v; } @@ -56,6 +60,9 @@ oldmal(uint32 n) m->mem.hunk = runtime_mmap(nil, NHUNK, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_ANON|MAP_PRIVATE, 0, 0); + if(m->mem.hunk < (void*)4096) { + *(uint32*)0xf1 = 0; + } m->mem.nhunk = NHUNK; m->mem.nmmap += NHUNK; } diff --git a/src/pkg/runtime/runtime.h b/src/pkg/runtime/runtime.h index 068e2bea1..83b47b7a3 100644 --- a/src/pkg/runtime/runtime.h +++ b/src/pkg/runtime/runtime.h @@ -447,6 +447,13 @@ void notewakeup(Note*); #endif /* + * This is consistent across Linux and BSD. + * If a new OS is added that is different, move this to + * $GOOS/$GOARCH/defs.h. + */ +#define EACCES 13 + +/* * low level go-called */ uint8* runtime_mmap(byte*, uint32, int32, int32, int32, uint32); |