On Thu, 11 Oct 2007 14:36:07 +0200 "jan rinze" <[EMAIL PROTECTED]> wrote:
> On 10/11/07, Kai Thomsen <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > when running a DynaRec version of RPCemu on an x86-64 Linux system > > or an x86 one with the Physical Address Extension (PAE) enabled by > > the kernel, it's possible that RPCemu instantly fails with a > > segmentation fault when it attempts to execute DynaRec-generated > > code that resides in memory pages marked as non-executable by > > default. > > > > Distributions on which I've observed this include Fedora 7 and the > > development version of Fedora 8, both using SELinux in enforcing > > mode. > > > > Patch summary: > > > > * On x86 and x86-64 Linux, mark the memory pages containing > > DynaRec code blocks as executable. This prevents a segmentation > > fault on kernels that enable the CPU's NX/XD feature (No eXecute / > > eXecute Disable). > > > > (Authors: Christof Efkemann, Kai Thomsen) > > > > On SELinux-using distributions like Fedora, it's also necessary to > > actually allow RPCemu to mark any of its own memory pages as > > executable, otherwise the mprotect() call fails with EPERM > > (permission denied). On Fedora, you can toggle a particular SELinux > > boolean to permit this operation for all processes: > > > > $ su -c "/usr/sbin/setsebool -P allow_execmem=1" > > > > I realize that this compromises the system's security, but it's at > > least better than disabling SELinux as a whole. > > > > By the way, in Fedora's graphical configuration tool > > `system-config-selinux', this SELinux boolean can be found under > > "Memory Protection" -> "Allow unconfined executables to map a memory > > region as both executable and writable. [...]". > > > > Assuming the patch is OK to be committed, perhaps the preceding > > paragraphs should be adapted for inclusion in readme.txt? > > > > A clean solution that handles the RPCemu executable specifically > > would be preferrable, of course. > > > > > > --Kai > > When mapping memory under Linux one needs to specifically set the > executable bit. That's what the patch introduces for RPCemu's dynamic recompilers on x86 and x86-64 Linux. > If this does not work with SELinux or 64bit then report that as a bug! Actually, restricting mprotect() operations is a feature of SELinux. Please see this (technical) page, for example: http://people.redhat.com/drepper/selinux-mem.html If the RPCemu executable's security context is set appropriately (`unconfined_execmem_exec_t' in Fedora 7+) or if SELinux is configured to allow all programs to mark writable memory as executable (see command line given above), RPCemu should run as expected. --Kai _______________________________________________ Rpcemu mailing list [email protected] http://www.riscos.info/cgi-bin/mailman/listinfo/rpcemu
