
<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - Incorrect size argument to mprotect call"

   href="https://llvm.org/bugs/show_bug.cgi?id=30905">30905</a>

          </td>

        </tr>


        <tr>

          <th>Summary</th>

          <td>Incorrect size argument to mprotect call

          </td>

        </tr>


        <tr>

          <th>Product</th>

          <td>libraries

          </td>

        </tr>


        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>


        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>


        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>


        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>


        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>


        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>


        <tr>

          <th>Component</th>

          <td>Support Libraries

          </td>

        </tr>


        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>


        <tr>

          <th>Reporter</th>

          <td>andrew.b.adams@gmail.com

          </td>

        </tr>


        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>


        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>I've been getting a repeatable permission failure when I jump to jit-compiled

code on arm32:


<a href="https://buildbot.halide-lang.org/master/builders/arm32-linux-32-trunk/builds/1389/steps/make%20test_performance/logs/stdio">https://buildbot.halide-lang.org/master/builders/arm32-linux-32-trunk/builds/1389/steps/make%20test_performance/logs/stdio</a>


strace + /proc/self/maps tell me that the address I'm jumping to has not been

marked as executable, though there was an mprotect call that marked the page

immediately before as executable. I believe the problem is at the call to

mprotect in lib/Support/Unix/Memory.inc:


  int Result = ::mprotect((void*)((uintptr_t)M.Address & ~(PageSize-1)),

PageSize*((M.Size+PageSize-1)/PageSize), Protect);


Consider a region of memory with size less than one page that spans a page

boundary. You need to mprotect two pages. The existing code rounds down the

start address to a page boundary, rounds up the size to a multiple of the page

size, and then mprotects only one page (the first one). If I change the code

to:


  uintptr_t start = (uintptr_t)M.Address;

  uintptr_t end = start + M.Size;

  // Round down the start address to a page boundary

  start = start & ~(PageSize - 1);

  // Round up the end address to a page boundary

  end = (end + PageSize - 1) & ~(PageSize - 1);

  int Result = ::mprotect((void*)start, end - start, Protect);


It fixes the crash for me.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      
      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>