Re: [Tinycc-devel] Use an anonymous file to back mmap

[Michael Matz]

Hi,

On Sat, 11 Jan 2014, Michael Matz wrote:

> > I just submitted a tentative patch to the mob branch about mmap. When 
> > selinux is enabled, tccrun.c uses mmap to hold the dynamically 
> > generated code/data. It is backed by a randomly named file under /tmp 
> > directory. My patch is to use an anonymous file in mmap instead, so 
> > that the generated code/data only resides in memory, and tcc does not 
> > depend on a writable /tmp anymore.
>
> It's customary to actually test changes before committing.  In your case:
>
> % ./configure --with-selinux
> % make && make test
> ...
> ------------ test3 ------------
> ../tcc -B.. -I.. -I.. -I../include -DCONFIG_LDDIR="\"lib64\"" 
> -DTCC_TARGET_X86_64 -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include 
> -DCONFIG_LDDIR="\"lib64\"" -DTCC_TARGET_X86_64 -DONE_SOURCE -run ../tcc.c 
> -B.. -I.. -I.. -I../include -DCONFIG_LDDIR="\"lib64\"" -DTCC_TARGET_X86_64 
> -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include -run tcctest.c > 
> test.out3
> /bin/sh: line 1: 15954 Segmentation fault      ../tcc -B.. -I.. -I.. 
> -I../include -DCONFIG_LDDIR="\"lib64\"" -DTCC_TARGET_X86_64 -DONE_SOURCE -run 
> ../tcc.c -B.. -I.. -I.. -I../include -DCONFIG_LDDIR="\"lib64\"" 
> -DTCC_TARGET_X86_64 -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include 
> -DCONFIG_LDDIR="\"lib64\"" -DTCC_TARGET_X86_64 -DONE_SOURCE -run ../tcc.c 
> -B.. -I.. -I.. -I../include -run tcctest.c > test.out3
> make[1]: *** [test3] Error 139

Actually I take back that this is caused by your change (it's not).  I'll 
maintain that the change you introduced would break a very confined 
SElinux system for the stated reasons, _if it were working at all before 
your change_.  But after some more poking I conclude the whole SElinux 
support seems to have either bitrotted or never was complete.  In 
particular ->runtime_mem (the mapping that's supposed to point to 
non-writable executable memory reflecting the same data as ->write_mem) is 
never used anywhere in the SElinux case except for munmapping it again, 
and tcc tries to mprotect ->write_mem also in the SElinux case to be 
WRITE|EXEC, which won't work for the reasons I mentioned in a very closed 
down SElinux system.

That is all a preexisting problem, and from that perspective the whole 
initialization and separation of ->runtime_mem and ->write_mem is useless 
and merely confusing; it would probably be better to just do away with 
that and use just one mapping (WRITE|EXEC, and because it's only one it 
can then indeed be ANON) also in the SElinux case even though it wouldn't 
work for all situations, like before (well, of course even better would be 
to make the whole thing work for real even in a confined system :) ).


Ciao,
Michael.