diff options
author | Alexander Soldatov <soldatov.a@samsung.com> | 2018-09-07 16:22:47 +0300 |
---|---|---|
committer | Alexander Soldatov <soldatov.a@samsung.com> | 2018-09-07 16:22:47 +0300 |
commit | bbfc6eaf3761ed2222b0946845a84a7c46d3f2b0 (patch) | |
tree | bfb43f66602891ddf87ebe33ed63458ff5a9ca6a | |
parent | 7fd5fa2e58123dbadf0084b0e3eaf6dfc90b2ed0 (diff) | |
download | coreclr-bbfc6eaf3761ed2222b0946845a84a7c46d3f2b0.tar.gz coreclr-bbfc6eaf3761ed2222b0946845a84a7c46d3f2b0.tar.bz2 coreclr-bbfc6eaf3761ed2222b0946845a84a7c46d3f2b0.zip |
Fix alternate stack for Alpine docker on SELinux (#17936)submit/tizen_4.0_base/20180907.133527accepted/tizen/4.0/base/20180907.192026
Change-Id: Iafe8300a8f6318a047d30e67ecbc3007b01208e6
-rw-r--r-- | packaging/0001-Fix-alternate-stack-for-Alpine-docker-on-SELinux-179.patch | 75 | ||||
-rwxr-xr-x | packaging/coreclr.spec | 4 |
2 files changed, 78 insertions, 1 deletions
diff --git a/packaging/0001-Fix-alternate-stack-for-Alpine-docker-on-SELinux-179.patch b/packaging/0001-Fix-alternate-stack-for-Alpine-docker-on-SELinux-179.patch new file mode 100644 index 0000000000..f0320931f0 --- /dev/null +++ b/packaging/0001-Fix-alternate-stack-for-Alpine-docker-on-SELinux-179.patch @@ -0,0 +1,75 @@ +From 9bfa48bafefa5735887570cbc219279513eef26d Mon Sep 17 00:00:00 2001 +From: Jan Vorlicek <janvorli@microsoft.com> +Date: Thu, 10 May 2018 15:33:54 +0200 +Subject: [PATCH] Fix alternate stack for Alpine docker on SELinux (#17936) + +For some reason, the Alpine docker container running on a SELinux host maps +heap as RWX. When we allocate alternate stack from the heap, we also +change the protection of the first page to PROT_NONE so that it can +serve as a guard page to catch stack overflow. And when we free the +alternate stack, we restore the protection back to PROT_READ | +PROT_WRITE. The restoration fails in Alpine docker container running on +a SELinux host with EPROT failure and the SELinux log reports that an +attempt to change heap to executable was made. So it looks like the +kernel has added the PERM_EXEC to the permissions we have passed to the +mprotect call. There is a code in the mprotect implementation that can +do that, although I don't fully understand the conditions under which it +happens. This is driven by the VM_MAYEXEC flag in the internal VMA block +structure. +To fix that, I've modified the alternate stack allocation to use mmap / +munmap instead of C heap allocation. +--- + src/pal/src/exception/signal.cpp | 18 ++++++------------ + 1 file changed, 6 insertions(+), 12 deletions(-) + +diff --git a/src/pal/src/exception/signal.cpp b/src/pal/src/exception/signal.cpp +index 430cd05..9a990cd 100644 +--- a/src/pal/src/exception/signal.cpp ++++ b/src/pal/src/exception/signal.cpp +@@ -158,9 +158,9 @@ BOOL EnsureSignalAlternateStack() + // (see kAltStackSize in compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cc) + altStackSize += SIGSTKSZ * 4; + #endif +- void* altStack; +- int st = posix_memalign(&altStack, VIRTUAL_PAGE_SIZE, altStackSize); +- if (st == 0) ++ altStackSize = ALIGN_UP(altStackSize, VIRTUAL_PAGE_SIZE); ++ void* altStack = mmap(NULL, altStackSize, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_STACK | MAP_PRIVATE, -1, 0); ++ if (altStack != MAP_FAILED) + { + // create a guard page for the alternate stack + st = mprotect(altStack, VIRTUAL_PAGE_SIZE, PROT_NONE); +@@ -171,17 +171,12 @@ BOOL EnsureSignalAlternateStack() + ss.ss_size = altStackSize; + ss.ss_flags = 0; + st = sigaltstack(&ss, NULL); +- if (st != 0) +- { +- // Installation of the alternate stack failed, so revert the guard page protection +- int st2 = mprotect(altStack, VIRTUAL_PAGE_SIZE, PROT_READ | PROT_WRITE); +- _ASSERTE(st2 == 0); +- } + } + + if (st != 0) + { +- free(altStack); ++ int st2 = munmap(altStack, altStackSize); ++ _ASSERTE(st2 == 0); + } + } + } +@@ -208,9 +203,8 @@ void FreeSignalAlternateStack() + int st = sigaltstack(&ss, &oss); + if ((st == 0) && (oss.ss_flags != SS_DISABLE)) + { +- int st = mprotect(oss.ss_sp, VIRTUAL_PAGE_SIZE, PROT_READ | PROT_WRITE); ++ int st = munmap(oss.ss_sp, oss.ss_size); + _ASSERTE(st == 0); +- free(oss.ss_sp); + } + } + #endif // !HAVE_MACH_EXCEPTIONS +-- +2.7.4 + diff --git a/packaging/coreclr.spec b/packaging/coreclr.spec index e643b35085..bbe3fbccb6 100755 --- a/packaging/coreclr.spec +++ b/packaging/coreclr.spec @@ -23,7 +23,7 @@ Source1000: downloaded_files.tar.gz Source1001: %{name}.manifest Source1002: libicu.tar.gz Source1003: dep_libs.tar.gz -# Gbp-Ignore-Patches: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 +# Gbp-Ignore-Patches: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 Patch0: 0001-Add-project.assets.json-files.patch Patch1: 0001-ARM-Linux-Support-unaligned-struct-read-write-11290.patch Patch2: 0002-x86-Linux-Thread-safe-UMThunkMarshInfo-RunTimeInit-1.patch @@ -152,6 +152,7 @@ Patch124: 0047-Launching-the-Memory-Profiler-on-x86-emulator-may-le.patch Patch125: 0001-Fixed-Bug-with-xmm-registry-on-x86-emulator-183.patch Patch126: 0002-Fix-unset-ZapRelocationType-for-fixup-18589.patch Patch127: 0001-Tizen-Remove-tizen-release-package-dependency-for-GB.patch +Patch128: 0001-Fix-alternate-stack-for-Alpine-docker-on-SELinux-179.patch ExcludeArch: aarch64 @@ -381,6 +382,7 @@ cp %{SOURCE1001} . %patch125 -p1 %patch126 -p1 %patch127 -p1 +%patch128 -p1 cat > os-release <<EOF NAME=Tizen |