Re: vma-iter: Detect executable memory segments on Haiku (regr. 2011-01-25).
Hi Collin, > Therefore, I applied the attached patch to vma-iter > that fixes the test. Thanks! I verified that it compiles fine (and passes the test) also on older Haiku from 3 years ago. > I guess when the original code here was written: > >if (info.protection & B_READ_AREA) > flags |= VMA_PROT_READ | VMA_PROT_EXECUTE; > > the assumption was that readable memory was also executable? > [1] https://www.haiku-os.org/legacy-docs/bebook/TheKernelKit_Areas.html Yes, when this book was written (in 2000), the general assumption was that read and execute access on a memory page are equivalent. W^X came years later [1]. Bruno [1] https://en.wikipedia.org/wiki/W%5EX
Re: vma-iter: Detect executable memory segments on Haiku (regr. 2011-01-25).
On Thu, Mar 13, 2025 at 10:23 PM Collin Funk wrote: > > On Haiku, test-vma-prot fails with the following: > > ../../gltests/test-vma-prot.c:68: assertion 'prot == (VMA_PROT_READ | > VMA_PROT_WRITE)' failed > Abort > FAIL test-vma-prot (exit status: 149) > > At this point, the following instead is true: > > prot == (VMA_PROT_READ | VMA_PROT_WRITE | VMA_PROT_EXECUTE) > > I guess when the original code here was written: > >if (info.protection & B_READ_AREA) > flags |= VMA_PROT_READ | VMA_PROT_EXECUTE; > > the assumption was that readable memory was also executable? For modern Linux, I believe the preferred state is written as W^X, meaning the page is either WRITE or EXEC, but not both. It is a defense for attacks like buffer overflows and heap spraying. Linux used to set READ, WRITE and/or EXEC by default on memory, but it changed to W^X back around 2010 or 2012 or so. I think setting both READ and EXEC by default is probably an architectural bug on Haiku. > The only documentation I could find for this BeOS/Haiku API only > mentions B_READ_AREA and B_WRITE_AREA [1]. > > But I see that when mmap was added in 2008 to Haiku it also sets > B_EXECUTE_AREA [2]. Therefore, I applied the attached patch to vma-iter > that fixes the test. > > [1] https://www.haiku-os.org/legacy-docs/bebook/TheKernelKit_Areas.html > [2] > https://github.com/haiku/haiku/blame/b989960b81e5826d54acad82a2c4a3e685984f8a/src/system/libroot/posix/sys/mman.cpp#L132 Jeff
vma-iter: Detect executable memory segments on Haiku (regr. 2011-01-25).
On Haiku, test-vma-prot fails with the following: ../../gltests/test-vma-prot.c:68: assertion 'prot == (VMA_PROT_READ | VMA_PROT_WRITE)' failed Abort FAIL test-vma-prot (exit status: 149) At this point, the following instead is true: prot == (VMA_PROT_READ | VMA_PROT_WRITE | VMA_PROT_EXECUTE) I guess when the original code here was written: if (info.protection & B_READ_AREA) flags |= VMA_PROT_READ | VMA_PROT_EXECUTE; the assumption was that readable memory was also executable? The only documentation I could find for this BeOS/Haiku API only mentions B_READ_AREA and B_WRITE_AREA [1]. But I see that when mmap was added in 2008 to Haiku it also sets B_EXECUTE_AREA [2]. Therefore, I applied the attached patch to vma-iter that fixes the test. Collin [1] https://www.haiku-os.org/legacy-docs/bebook/TheKernelKit_Areas.html [2] https://github.com/haiku/haiku/blame/b989960b81e5826d54acad82a2c4a3e685984f8a/src/system/libroot/posix/sys/mman.cpp#L132 >From 5077f67040ab62a3ea1335656ac0b6f76bfbea66 Mon Sep 17 00:00:00 2001 From: Collin Funk Date: Thu, 13 Mar 2025 19:11:08 -0700 Subject: [PATCH] vma-iter: Detect executable memory segments on Haiku (regr. 2011-01-25). * lib/vma-iter.c (vma_iterate) [__BEOS__ || __HAIKU__]: Use the B_EXECUTE_AREA flag. --- ChangeLog | 6 ++ lib/vma-iter.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 55bbf3f5e4..b653fc2914 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2025-03-13 Collin Funk + + vma-iter: Detect executable memory segments on Haiku (regr. 2011-01-25). + * lib/vma-iter.c (vma_iterate) [__BEOS__ || __HAIKU__]: Use the + B_EXECUTE_AREA flag. + 2025-03-12 Collin Funk dup3: Fix behavior for equal file descriptors on Haiku. diff --git a/lib/vma-iter.c b/lib/vma-iter.c index 7510711a32..125606af06 100644 --- a/lib/vma-iter.c +++ b/lib/vma-iter.c @@ -1692,9 +1692,11 @@ vma_iterate (vma_iterate_callback_fn callback, void *data) end = start + info.size; flags = 0; if (info.protection & B_READ_AREA) -flags |= VMA_PROT_READ | VMA_PROT_EXECUTE; +flags |= VMA_PROT_READ; if (info.protection & B_WRITE_AREA) flags |= VMA_PROT_WRITE; + if (info.protection & B_EXECUTE_AREA) +flags |= VMA_PROT_EXECUTE; if (callback (data, start, end, flags)) break; -- 2.48.1
