Fix alternate stack for Alpine docker on SELinux (#17936)submit/tizen_4.0_base/20180907.133527accepted/tizen/4.0/base/20180907.192026

Change-Id: Iafe8300a8f6318a047d30e67ecbc3007b01208e6

2 files changed, 78 insertions, 1 deletions

diff --git a/packaging/0001-Fix-alternate-stack-for-Alpine-docker-on-SELinux-179.patch b/packaging/0001-Fix-alternate-stack-for-Alpine-docker-on-SELinux-179.patch
new file mode 100644
index 0000000000..f0320931f0
--- /dev/null
+++ b/packaging/0001-Fix-alternate-stack-for-Alpine-docker-on-SELinux-179.patch
@@ -0,0 +1,75 @@
+From 9bfa48bafefa5735887570cbc219279513eef26d Mon Sep 17 00:00:00 2001
+From: Jan Vorlicek <janvorli@microsoft.com>
+Date: Thu, 10 May 2018 15:33:54 +0200
+Subject: [PATCH] Fix alternate stack for Alpine docker on SELinux (#17936)
+
+For some reason, the Alpine docker container running on a SELinux host maps
+heap as RWX. When we allocate alternate stack from the heap, we also
+change the protection of the first page to PROT_NONE so that it can
+serve as a guard page to catch stack overflow. And when we free the
+alternate stack, we restore the protection back to PROT_READ |
+PROT_WRITE. The restoration fails in Alpine docker container running on
+a SELinux host with EPROT failure and the SELinux log reports that an
+attempt to change heap to executable was made. So it looks like the
+kernel has added the PERM_EXEC to the permissions we have passed to the
+mprotect call. There is a code in the mprotect implementation that can
+do that, although I don't fully understand the conditions under which it
+happens. This is driven by the VM_MAYEXEC flag in the internal VMA block
+structure.
+To fix that, I've modified the alternate stack allocation to use mmap /
+munmap instead of C heap allocation.
+---
+ src/pal/src/exception/signal.cpp | 18 ++++++------------
+ 1 file changed, 6 insertions(+), 12 deletions(-)
+
+diff --git a/src/pal/src/exception/signal.cpp b/src/pal/src/exception/signal.cpp
+index 430cd05..9a990cd 100644
+--- a/src/pal/src/exception/signal.cpp
++++ b/src/pal/src/exception/signal.cpp
+@@ -158,9 +158,9 @@ BOOL EnsureSignalAlternateStack()
+         // (see kAltStackSize in compiler-rt/lib/sanitizer_common/sanitizer_posix_libcdep.cc)
+         altStackSize += SIGSTKSZ * 4;
+ #endif
+-        void* altStack;
+-        int st = posix_memalign(&altStack, VIRTUAL_PAGE_SIZE, altStackSize);
+-        if (st == 0)
++        altStackSize = ALIGN_UP(altStackSize, VIRTUAL_PAGE_SIZE);
++        void* altStack = mmap(NULL, altStackSize, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_STACK | MAP_PRIVATE, -1, 0);
++        if (altStack != MAP_FAILED)
+         {
+             // create a guard page for the alternate stack
+             st = mprotect(altStack, VIRTUAL_PAGE_SIZE, PROT_NONE);
+@@ -171,17 +171,12 @@ BOOL EnsureSignalAlternateStack()
+                 ss.ss_size = altStackSize;
+                 ss.ss_flags = 0;
+                 st = sigaltstack(&ss, NULL);
+-                if (st != 0)
+-                {
+-                    // Installation of the alternate stack failed, so revert the guard page protection
+-                    int st2 = mprotect(altStack, VIRTUAL_PAGE_SIZE, PROT_READ | PROT_WRITE);
+-                    _ASSERTE(st2 == 0);
+-                }
+             }
+ 
+             if (st != 0)
+             {
+-                free(altStack);
++               int st2 = munmap(altStack, altStackSize);
++               _ASSERTE(st2 == 0);
+             }
+         }
+     }
+@@ -208,9 +203,8 @@ void FreeSignalAlternateStack()
+     int st = sigaltstack(&ss, &oss);
+     if ((st == 0) && (oss.ss_flags != SS_DISABLE))
+     {
+-        int st = mprotect(oss.ss_sp, VIRTUAL_PAGE_SIZE, PROT_READ | PROT_WRITE);
++        int st = munmap(oss.ss_sp, oss.ss_size);
+         _ASSERTE(st == 0);
+-        free(oss.ss_sp);
+     }
+ }
+ #endif // !HAVE_MACH_EXCEPTIONS
+-- 
+2.7.4
+
diff --git a/packaging/coreclr.spec b/packaging/coreclr.spec
index e643b35085..bbe3fbccb6 100755
--- a/packaging/coreclr.spec
+++ b/packaging/coreclr.spec
@@ -23,7 +23,7 @@ Source1000: downloaded_files.tar.gz
 Source1001: %{name}.manifest
 Source1002: libicu.tar.gz
 Source1003: dep_libs.tar.gz
-# Gbp-Ignore-Patches: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
+# Gbp-Ignore-Patches: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128
 Patch0:     0001-Add-project.assets.json-files.patch
 Patch1:     0001-ARM-Linux-Support-unaligned-struct-read-write-11290.patch
 Patch2:     0002-x86-Linux-Thread-safe-UMThunkMarshInfo-RunTimeInit-1.patch
@@ -152,6 +152,7 @@ Patch124:    0047-Launching-the-Memory-Profiler-on-x86-emulator-may-le.patch
 Patch125:    0001-Fixed-Bug-with-xmm-registry-on-x86-emulator-183.patch
 Patch126:    0002-Fix-unset-ZapRelocationType-for-fixup-18589.patch
 Patch127:    0001-Tizen-Remove-tizen-release-package-dependency-for-GB.patch
+Patch128:    0001-Fix-alternate-stack-for-Alpine-docker-on-SELinux-179.patch
 
 ExcludeArch: aarch64
 
@@ -381,6 +382,7 @@ cp %{SOURCE1001} .
 %patch125 -p1
 %patch126 -p1
 %patch127 -p1
+%patch128 -p1
 
 cat > os-release <<EOF
 NAME=Tizen