-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NetBSD: jit breaks build when PaX MPROTECT enabled #6909
Comments
Thanks for your report! We dual-map code by default and only use RWX pages as a last resort when the former fails. I would've appreciated a report from whomever wrote that pkgsrc package instead of them applying that kludgy workaround, but I guess you can't have everything in life :D Just as a sanity check, it says something like If it says that it can't allocate memory, please file a report to upstream asmjit as that's what we're using for code allocation. I'd do it myself but I don't have any way to test this. |
Thanks for the reply!
I'll file an upstream bug report. |
It think it's better to build with
Thanks :) |
Dumb question - why do you prefer the slower (I guess) non-JIT version to a non-PaX mprotected faster version? |
Personal preference. If I'd set Either way I'm hoping this will get resolved pretty quickly. :) |
Upstream seems to have fixed the problem. I have trouble merging the changes into erlang. Since you will be doing that at some point anyway, could you perhaps do it sooner and make a version of erlang using the latest asmjit that works for you so I can test if it works on NetBSD too? |
Yes, I'll make sure it gets into |
Thank you, that's no problem. |
I've created a PR with the latest asmjit, #6933, feel free to try it out :-) |
Thanks for that. I took the patch from that pull request and applied it to git head. Now I see segfaults. I tried running one of the commands in gdb, but no luck:
|
erlang/otp#6909 has been fixed
Describe the bug
NetBSD provides PaX MPROTECT as a security feature, see https://man.netbsd.org/security.7 for a description.
This enforces that writable pages are not executable to avoid security problems.
On a NetBSD system where this is enabled, erlang 25.2 does not compile (with JIT support).
During the build the JIT is used and this fails, breaking the build.
To Reproduce
Try building erlang 25.2 on NetBSD with
sysctl -w security.pax.mprotect.global=1
set.Expected behavior
The build should succeed.
There is a workaround:
You can mark binaries as not-mprotect-safe (which disables the security feature for these particular binaries). For that, just add
paxctl +m $@
in the$(BINDIR)/$(FLAVOR_EXECUTABLE)
target inerts/emulator/Makefile.in
(which is what the pkgsrc package currently does).Of course, the better solution would be to switch the JIT code to the recommend method of using https://man.netbsd.org/mremap.2 - the linked mremap man page includes an example.
Affected versions
25.2
Additional context
The text was updated successfully, but these errors were encountered: