Drracket crash

[DUOLabs333]

Trying to open drracket (Racket IDE) fails with

Error: error reading from ~a
("petite")
Aborted (core dumped)

[Sonicadvance1]

Looks like this is a result of our self-modifying code messing with page permissions.
The application allocations RWX memory early:
mmap(0x7fa62000, 2113536, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED_NOREPLACE, -1, 0) = 0x7fa62000

The application then loads some code in to that mapped range, it then executes some code in that range. At which point FEX's SMC tracking changes the pages from RWX to Readonly.

Later the application tries relocating its executable in the same space by using syscall reads directly in to that mapped space. At some point it hits the page that FEX mapped as Readonly, this causes the read syscall to return EFAULT, and then the whole thing goes down.

FEX might be able to retry reads when EFAULT occurs and mess with with the code invalidation, but right now it's a bug that we can't work around.

[DUOLabs333]

Why does "FEX's SMC tracking" mark the page as Read-only?

[Sonicadvance1]

It's currently only way to detect when writes occur to a page that has code in it to signal to our self-modifying-code handling that the code has changed.
We catch the SIGSEGV that most code generates (Not syscalls), and then it runs through our invalidation logic, resets the permissions to RWX, and then continues execution safely.
Syscalls bypass this by returning EFAULT, which we don't have a mechanism for yet.

[DUOLabs333]

Ah, makes sense. So why can't you just catch EFAULT (I'm assuming because EFAULT could mean a variety of reasons, not necessarily a write to a Read-only page)?