Re: [gtk-vnc-devel] Fix mmap permissions for coroutine stacks



Daniel P. Berrange wrote:
On Wed, Sep 26, 2007 at 04:00:28PM -0500, Anthony Liguori wrote:
Daniel P. Berrange wrote:
Our current code mmaps a region with PROT_EXEC for use as stack space in the swapcontext() calls. This is bogus because the stack should not be
executable. On any Fedora / RHEL system with SELinux enabled this results
in the process being terminated with extreme prejudice the moment we do
the swapcontext() call.

The attach patch removes the use of PROT_EXEC, and it also switches to use
MAP_PRIVATE instead of MAP_SHARED since ther is no reason for stack to be
shared across processes, and finally removes MAP_GROWSDOWN since it is a
broken concept that should not be used according to GLibC guys.
Very interesting patch. GROWSDOWN seemed like the Right Thing to do but I'm not surprised if it's broken. Removing EXEC seems sane to me. It was just a guess as what the right permissions should be.

>From my understanding, GORWSDOWN may have been relevant in older kernels (eg on 2.4 era) but today it is not. It is linux specific anyway.

BTW, if the coroutine stuff ever gets too weird, we can very easily switch over to lock-step threads. I know that there's been some concerns about the portability of coroutines in the context of the gnome community before (gstreamer initialized used a coroutine mechanism). I'd still want to stick with lock-step execution of threads b/c I think it simplifies locking.

Personally I'd like to avoid threads. The coroutine stuff is a little
odd if you're not familiar with the idea, but it works well in practice.
If portability becomes an issue we can deal with it later - perhaps even
fake the current coroutine API using pthreads on platforms without the
swapcontext() stuff.

Yeah, that's exactly what I was thinking too.

Regards,

Anthony Liguori

Dan.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]