Re: kern/57624: bpfjit failure when running on any W^X enforcing architecture

[Martin Husemann <martin%duskware.de@localhost>]

The following reply was made to PR kern/57624; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/57624: bpfjit failure when running on any W^X enforcing
 architecture
Date: Thu, 21 Sep 2023 15:56:54 +0200

 mlelstv pointed out that there is obvious bogus code in rump:
 
 int   
 rumpuser_anonmmap(void *prefaddr, size_t size, int alignbit,
         int exec, void **memp)
 {
         void *mem;
         int prot, rv;
             
 #ifndef MAP_ALIGNED
 #define MAP_ALIGNED(a) 0   
         if (alignbit)
                 fprintf(stderr, "rumpuser_anonmmap: warning, requested "
                     "alignment not supported by hypervisor\n");
 #endif   
         
         prot = PROT_READ|PROT_WRITE;
         if (exec)
                 prot |= PROT_EXEC;
         mem = mmap(prefaddr, size, prot,
             MAP_PRIVATE | MAP_ANON | MAP_ALIGNED(alignbit), -1, 0);
 
 
 ... and here it actually gets called with the exec flag set, so
 prot becomes PROT_READ|PROT_WRITE|PROT_EXEC - which of course will make
 the mmap() fail on any sane arch :-)
 
 Running the i386 version on amd64 shows this:
 
 Thread 1 "" hit Breakpoint 1, rumpuser_anonmmap (prefaddr=prefaddr@entry=0x0, 
     size=size@entry=65536, alignbit=12, exec=exec@entry=32, 
     memp=memp@entry=0xfffe11f8) at /work/src/lib/librumpuser/rumpuser_mem.c:95
 95      /work/src/lib/librumpuser/rumpuser_mem.c: No such file or directory.
 (gdb) p mem
 $1 = (void *) 0xf44d1000
 
 
 and pmap for that process has:
 
 00000000F44D1000     64K read/write/exec     [ heap ]
 
 
 I'm not sure how to fix this though - the bpfjit code only does this if
 build in the kernel (but has no proper userland handling either AFAICT).
 
 Obvious hack: recognize the issue in the test code and skip the affected tests.
 
 Anyone have better ideas?
 
 Martin