pass -z wxneeded or -Wl,-zwxneeded for linking on OpenBSD
ClosedPublic

Authored by kgardas on Aug 13 2016, 11:53 AM.

Details

Summary

This patch fixes issue with abort in GHCi on OpenBSD current
as of Aug 12 2016. The OpenBSD is more and more strict about usage
of writable and executable memory. Programs/applications which
requires such functionality need to be linked with -z wxneeded linker
flag and need to be run from the file-system mounted with wxallowed
mount option. If either of those options in not met, then problematic
program/application usually fail on some mmap/mprotect call which fail.

Diff Detail

Repository
rGHC Glasgow Haskell Compiler
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
kgardas updated this revision to Diff 8410.Aug 13 2016, 11:53 AM
kgardas retitled this revision from to pass -z wxneeded or -Wl,-zwxneeded for linking on OpenBSD.
kgardas updated this object.
kgardas edited the test plan for this revision. (Show Details)
kgardas added reviewers: austin, bgamari.
kili added a subscriber: kili.Aug 13 2016, 4:27 PM

Please don't apply this upstream.

-z wxneeded is a workaround meant to get over mandatory W^X in OpenBSD in a quick and dirty way.

A real fix is to stop using PROT_EXEC in mmapForLinker() and to use mprotect after loading the object.

I'm currently working on such a fix.

erikd added a comment.Aug 13 2016, 4:30 PM

@kgardas Should we wait for @kili 's fix?

@erikd of course let's wait for @kili 's patch(es). I'm not sure, but I think he is working on OpenBSD's GHC 7.10.x base so either he or I'll attempt to forward port his patch(es) to HEAD and provide better solution. Anyway, let's keep this open for few next days and see what kili/me can bring... After all, this is really just workaround to get things running better on OpenBSD-current...

kili added a comment.Aug 14 2016, 3:15 PM

Looks like i didn't take newDynCAF into account (ghci now segfaults there with my changes), so this will take longer to fix for real.

So if you really want, go ahead with he workaround, but don't forge to remove it when a real fix is avaulable ;-)

kgardas updated this revision to Diff 8417.Aug 14 2016, 3:37 PM
kgardas edited edge metadata.

replace tabs with spaces

@kili thanks for the info. If I may add some note on this matter. It looks like OpenBSD-current which will be released as 6.1 in 2017 will contain several big applications which will require wxallowed file-system and be linked with -z wxneeded. IMHO those will be web browsers with javascripts JITs at least (or am I mistakenly reading openbsd's mailing lists? Please correct me if I'm wrong here!). If we do the same with GHC's own GHCi, nobody will probably kill us. Please note that the wxneeded param is put into the GHC's settings file and so all linked Haskell apps are linked with -z wxneeded. On the other hand this is not necessary and it is always possible to remove -z wxneeded from the GHC's settings during installation step to prevent this hack from ordinary Haskell app which does not require it anyway. At least I've tested bindisttest's HelloWorld.lhs with and without -z wxneeded and in both static and dynamic versions and all were working well.
So if I may ask, I would go with this forward till the time we do have proper patch for W^X. Thanks!

kili added a comment.Aug 14 2016, 5:03 PM

Yes, please go forward with the workaround. I'm doing something sinilar in the current OpenBSD port (still at ghc-7.10.3).

You're right about wxneeded used especially in programs using JITs,

In ghc, it's just a linke -- should be simple to make it really W^X, I thought. But I was wrong, at least it's not super trivial to do ;-)

For tagging too much binares as wxneeded: not a problem for now. For example, the python ports are over-annotating even more, see the commit message of

http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/python/Makefile.inc?rev=1.116&content-type=text/x-cvsweb-markup

So again, this is ok for now.

bgamari accepted this revision.Aug 17 2016, 4:14 PM
bgamari edited edge metadata.

Thanks everyone! I'll move ahead with merging this and create a ticket so we don't forget to revert it when the time comes.

This revision is now accepted and ready to land.Aug 17 2016, 4:14 PM
This revision was automatically updated to reflect the committed changes.