[llvm-bugs] [Bug 30905] New: Incorrect size argument to mprotect call

via llvm-bugs llvm-bugs at lists.llvm.org
Thu Nov 3 14:25:03 PDT 2016 

https://llvm.org/bugs/show_bug.cgi?id=30905

            Bug ID: 30905
           Summary: Incorrect size argument to mprotect call
           Product: libraries
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Support Libraries
          Assignee: unassignedbugs at nondot.org
          Reporter: andrew.b.adams at gmail.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

I've been getting a repeatable permission failure when I jump to jit-compiled
code on arm32:

https://buildbot.halide-lang.org/master/builders/arm32-linux-32-trunk/builds/1389/steps/make%20test_performance/logs/stdio

strace + /proc/self/maps tell me that the address I'm jumping to has not been
marked as executable, though there was an mprotect call that marked the page
immediately before as executable. I believe the problem is at the call to
mprotect in lib/Support/Unix/Memory.inc:

  int Result = ::mprotect((void*)((uintptr_t)M.Address & ~(PageSize-1)),
PageSize*((M.Size+PageSize-1)/PageSize), Protect);

Consider a region of memory with size less than one page that spans a page
boundary. You need to mprotect two pages. The existing code rounds down the
start address to a page boundary, rounds up the size to a multiple of the page
size, and then mprotects only one page (the first one). If I change the code
to:


  uintptr_t start = (uintptr_t)M.Address;
  uintptr_t end = start + M.Size;
  // Round down the start address to a page boundary
  start = start & ~(PageSize - 1);
  // Round up the end address to a page boundary
  end = (end + PageSize - 1) & ~(PageSize - 1);
  int Result = ::mprotect((void*)start, end - start, Protect);


It fixes the crash for me.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20161103/0ee12648/attachment.html>

More information about the llvm-bugs mailing list