Disable PAX mprotect for native executables (#13940)

This change adds marking native executables that coreclr build produces
(corerun, coreconsole, crossgen, ilasm, ildasm, crashdump) to using the
paxctl tool to allow them running on systems with PAX configured so that
creating executable memory mappings by applications is prohibited.

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9e1d16dffb59028f55fb88c9d842aeaf447dda32..5dfbc4031097ccbf1fcea0b65b1dbfdc3bde55e9 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -92,6 +92,11 @@ else (WIN32)
     if (AWK STREQUAL "AWK-NOTFOUND")
         message(FATAL_ERROR "AWK not found")
     endif()
+
+    # Try to locate the paxctl tool. Failure to find it is not fatal,
+    # but the generated executables won't work on a system where PAX is set
+    # to prevent applications to create executable memory mappings.
+    find_program(PAXCTL paxctl)
  
     if (CMAKE_SYSTEM_NAME STREQUAL Darwin)
 

diff --git a/functions.cmake b/functions.cmake
index 3ed95366218209f6c4393cd685c4ae7be1444cc9..182a69b2f538036b54eeaa759e80fa83b5d85d21 100644 (file)
--- a/functions.cmake
+++ b/functions.cmake
@@ -192,9 +192,28 @@ function(install_clr targetName)
   endif()  
 endfunction()
 
+# Disable PAX mprotect that would prevent JIT and other codegen in coreclr from working.
+# PAX mprotect prevents:
+# - changing the executable status of memory pages that were
+#   not originally created as executable,
+# - making read-only executable pages writable again,
+# - creating executable pages from anonymous memory,
+# - making read-only-after-relocations (RELRO) data pages writable again.
+function(disable_pax_mprotect targetName)
+  if (NOT PAXCTL STREQUAL "PAXCTL-NOTFOUND")
+    add_custom_command(
+      TARGET ${targetName}
+      POST_BUILD
+      VERBATIM
+      COMMAND ${PAXCTL} -c -m $<TARGET_FILE:${targetName}>
+    )
+  endif()
+endfunction()
+
 function(_add_executable)
     if(NOT WIN32)
       add_executable(${ARGV} ${VERSION_FILE_PATH})
+      disable_pax_mprotect(${ARGV})
     else()
       add_executable(${ARGV})
     endif(NOT WIN32)
@@ -239,28 +258,12 @@ function(verify_dependencies targetName errorMessage)
 endfunction()
 
 function(add_library_clr)
-    if(NOT WIN32)
-      add_library(${ARGV} ${VERSION_FILE_PATH})
-    else()
-      add_library(${ARGV})
-    endif(NOT WIN32)
     add_dependencies(${ARGV0} GeneratedEventingFiles)
-    list(FIND CLR_CROSS_COMPONENTS_LIST ${ARGV0} INDEX)  
-    if (DEFINED CLR_CROSS_COMPONENTS_LIST AND ${INDEX} EQUAL -1)  
-     set_target_properties(${ARGV0} PROPERTIES EXCLUDE_FROM_ALL 1)  
-    endif()  
+    _add_library(${ARGV})
 endfunction()
 
 function(add_executable_clr)
-    if(NOT WIN32)
-      add_executable(${ARGV} ${VERSION_FILE_PATH})
-    else()
-      add_executable(${ARGV})
-    endif(NOT WIN32)
     add_dependencies(${ARGV0} GeneratedEventingFiles)
-    list(FIND CLR_CROSS_COMPONENTS_LIST ${ARGV0} INDEX)  
-    if (DEFINED CLR_CROSS_COMPONENTS_LIST AND ${INDEX} EQUAL -1)  
-     set_target_properties(${ARGV0} PROPERTIES EXCLUDE_FROM_ALL 1)  
-    endif()  
+    _add_executable(${ARGV})
 endfunction()