On 2022/05/07 21:10, Rafael Sadowski wrote: > On Sat May 07, 2022 at 08:50:45AM +0100, Stuart Henderson wrote: > > On 2022/05/07 00:08, Rafael Sadowski wrote: > > > CVSROOT: /cvs > > > Module name: ports > > > Changes by: rsadow...@cvs.openbsd.org 2022/05/07 00:08:10 > > > > > > Modified files: > > > x11/qt5/qtdeclarative: Makefile > > > Added files: > > > x11/qt5/qtdeclarative/patches: patch-src_qml_configure_json > > > > > > Log message: > > > Disable QML just-in-time compiler > > > > > > Makes it a little slower but safer > > > > I thought it wasn't getting enabled anyway, just testing if W+X worked > > and disabling the JIT anyway? > > From my understanding it was always ON. And some QML applications require > wxallowed otherwise the JIT will crash at runtime. > > That's why we have USE_WXNEEDED in some QML apps, right? > > This should only allow many more QML apps to runs without wxallowed.
>From the comment in the patch in kn@'s alternative diff +canAllocateExecutableMemory() maps memory W^X to see if that is allowed, +which triggers our kern.wxabort sysctl(2); always return false to neuter +that mmap(2) test call and have (at least libQt5Qml) always fall back to +non-W^X mappings. The standard behaviour is to fail the mapping therefore it will (at runtime) decide not to use the JIT. I'm not objecting to the commit but the commit log wasn't right, maybe it's a good idea to write this up in a comment in the patch? e.g. "Forcibly disable the JIT on OpenBSD. The W+X mapping was rejected anyway unless the binary using this library has an OPENBSD_WXNEEDED ELF section, but avoids SIGABRT if the user has set kern.wxabort=1." The commit is a trade-off. Previously a port using this library could decide whether or not to allow the JIT to work by setting or not setting USE_WXNEEDED. The patch means that this is no longer possible but it means that someone setting the kern.wxabort debug sysctl can still run that software. (It's not a security sysctl because the w+x mapping is rejected whichever way it is set).
