[MLton] reason for mprotect with PROT_EXEC ?

Wesley W. Terpstra wesley at terpstra.ca
Thu Feb 7 05:07:07 PST 2008


On Feb 7, 2008, at 2:26 AM, Adam Goode wrote:
> runtime/platform/mmap-protect.c line 10 contains an mprotect with
> PROT_READ | PROT_WRITE | PROT_EXEC.
>
> Is PROT_EXEC needed? I'm asking because MLton compiled executables  
> will
> fail on Fedora 9 with this.

Why does it fail? This must be possible because mprotect is also used  
to setup the maps of the executable itself.

> The function is GC_mmapAnon_safe_protect, and it looks like it is only
> called once, through GC_init and initSignalStack. I doubt the signal
> stack needs to be executable, but I am not totally sure. Am I right  
> that
> profiling is the only thing that uses the signal stack?

On some platforms the linux kernel places a "trampoline" on the stack  
as part of invoking a signal handler. If the stack is not executable,  
this will cause the program to segfault. In MLton, having an  
executable stack isn't as much of a concern as it would be in most  
programs, since hopefully the usage of C is small and stack overflows  
are impossible in ML.

> I think we should take out the PROT_EXEC. If we don't, all MLton
> compiled executables will need to be given special privileges to run  
> on
> Fedora 9.

What architecture are we talking about? i386 and amd64? If so, then I  
see no harm in removing PROT_EXEC for those specifically, but you  
can't get rid of it.

Is Fedora 9 using some sort of SELinux? Since when does using  
PROT_EXEC require extra privileges?




More information about the MLton mailing list