Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cannot enable executable stack as shared object requires: Permission denied #1993

Closed
leeyiding opened this issue Jan 22, 2024 · 3 comments
Closed

cannot enable executable stack as shared object requires: Permission denied #1993

leeyiding opened this issue Jan 22, 2024 · 3 comments

Comments

@leeyiding
Copy link

Hello, I am trying to run the project wangzhaode/mnn-llm in nanos, but some errors occurred. I cannot search for relevant solutions, so I would like to ask for some help.

According to the project's README, I did the following

# Download models
./script/download_model.sh qwen-1.8b
# Compilation
./script/build.sh
# Execution
./build/web_demo qwen-1.8b web

After that, I try to create the nanos application

{
    "Dirs": [
        "qwen-1.8b",
        "web"
    ],
    "Args": [
        "qwen-1.8b",
        "web"
    ]
}

ops run web_demo -c config.json --show-debug

An error occurred after running:

Manifest:
        &{root:map[arguments:[web_demo qwen-1.8b web] children:map[etc:map[passwd:/tmp/web_demo_temp3937009542/passwd resolv.conf:/tmp/web_demo_temp3937009542/resolv.conf ssl:map[certs:map[ca-certificates.crt:/root/.ops/common/ca-certificates.crt]]] lib:map[x86_64-linux-gnu:map[libc.so.6:/lib/x86_64-linux-gnu/libc.so.6 libgcc_s.so.1:/lib/x86_64-linux-gnu/libgcc_s.so.1 libm.so.6:/lib/x86_64-linux-gnu/libm.so.6 libmvec.so.1:/lib/x86_64-linux-gnu/libmvec.so.1 libnss_dns.so.2:/root/.ops/common/libnss_dns.so.2 libpthread.so.0:/lib/x86_64-linux-gnu/libpthread.so.0 libstdc++.so.6:/lib/x86_64-linux-gnu/libstdc++.so.6]] lib64:map[ld-linux-x86-64.so.2:/lib64/ld-linux-x86-64.so.2] proc:map[sys:map[kernel:map[hostname:/tmp/web_demo_temp3937009542/hostname]]] qwen-1.8b:map[block_0.mnn:qwen-1.8b/block_0.mnn block_1.mnn:qwen-1.8b/block_1.mnn block_10.mnn:qwen-1.8b/block_10.mnn block_11.mnn:qwen-1.8b/block_11.mnn block_12.mnn:qwen-1.8b/block_12.mnn block_13.mnn:qwen-1.8b/block_13.mnn block_14.mnn:qwen-1.8b/block_14.mnn block_15.mnn:qwen-1.8b/block_15.mnn block_16.mnn:qwen-1.8b/block_16.mnn block_17.mnn:qwen-1.8b/block_17.mnn block_18.mnn:qwen-1.8b/block_18.mnn block_19.mnn:qwen-1.8b/block_19.mnn block_2.mnn:qwen-1.8b/block_2.mnn block_20.mnn:qwen-1.8b/block_20.mnn block_21.mnn:qwen-1.8b/block_21.mnn block_22.mnn:qwen-1.8b/block_22.mnn block_23.mnn:qwen-1.8b/block_23.mnn block_3.mnn:qwen-1.8b/block_3.mnn block_4.mnn:qwen-1.8b/block_4.mnn block_5.mnn:qwen-1.8b/block_5.mnn block_6.mnn:qwen-1.8b/block_6.mnn block_7.mnn:qwen-1.8b/block_7.mnn block_8.mnn:qwen-1.8b/block_8.mnn block_9.mnn:qwen-1.8b/block_9.mnn embedding.mnn:qwen-1.8b/embedding.mnn lm.mnn:qwen-1.8b/lm.mnn tokenizer.txt:qwen-1.8b/tokenizer.txt] root:map[nanos:map[mnn-llm:map[MNN:map[build:map[libMNN.so:/root/nanos/mnn-llm/MNN/build/libMNN.so]] build:map[libllm.so:/root/nanos/mnn-llm/build/libllm.so] libs:map[libMNN_Express.so:/root/nanos/mnn-llm/libs/libMNN_Express.so]]]] web:map[css:map[github-markdown-light.min.css:web/css/github-markdown-light.min.css github.min.css:web/css/github.min.css katex.min.css:web/css/katex.min.css texmath.css:web/css/texmath.css] index.html:web/index.html js:map[highlight.min.js:web/js/highlight.min.js katex.min.js:web/js/katex.min.js markdown-it-link-attributes.min.js:web/js/markdown-it-link-attributes.min.js markdown-it.min.js:web/js/markdown-it.min.js texmath.js:web/js/texmath.js]] web_demo:web_demo] environment:map[IMAGE_NAME:web_demo NANOS_VERSION:0.1.48 OPS_VERSION:0.1.40 PWD:/ USER:root] program:/web_demo] boot:map[children:map[kernel:/root/.ops/0.1.48/kernel.img]] targetRoot: klibHostDir:/root/.ops/0.1.48/klibs}
running local instance
booting /root/.ops/images/web_demo ...
en1: assigned 10.0.2.15
web_demo: error while loading shared libraries: libMNN.so: cannot enable executable stack as shared object requires: Permission denied

According to the search engine results, it may be caused by selinux, but the Ubuntu I am using does not enable selinux.
@eyberg
Copy link
Contributor

eyberg commented Jan 22, 2024

I would need to look further into this project specifically but we disable stack execution by default, https://github.com/nanovms/nanos/blob/master/SECURITY.md as it's a massive security issue

@eyberg
Copy link
Contributor

eyberg commented Feb 9, 2024
edited

sorry - just coming back to this now..

if you change this line:

https://github.com/nanovms/nanos/blob/master/src/unix/exec.c#L74

to

 ivmap(VMAP_FLAG_STACK | VMAP_FLAG_READABLE | VMAP_FLAG_WRITABLE | VMAP_FLAG_EXEC,

you can disable the stack exec protection; although this is not recommended from a security pov

then I was able to bump the memory and run it:

ops run build/web_demo -p 8080 -c config.json -m 4g

also on src/tokenizer.cpp in mnn-llm I had to throw in:

#include <climits>

@leeyiding
Copy link
Author

Thank you very much for your answer, I will try it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eyberg @leeyiding