On Wed, Aug 29, 2007 at 10:40:41PM +0400, Alexander Vodomerov wrote:
On Wed, Aug 29, 2007 at 08:41:12AM -0700, Bryan O'Sullivan wrote:
The underlying problem is harder to fix: the default SELinux policy doesn't allow PROT_EXEC pages to be mapped with PROT_WRITE, for obvious reasons. The solution is expensive in terms of address space and TLB entries: map the same pages twice, once only with PROT_EXEC, and once only with PROT_WRITE. Just for experiment I've removed PROT_EXEC from my_mmap function in rts/MBlock.c and recompiled GHC. The resulting GHC was able to compile itself and my code. Binaries, produced by it worked fine with SELinux. However, another problem related to GHCi ocurred. More details are available at the 738 ticket you mentioned.
So it is not clear if GHC does really need this PROT_EXEC. Can someone familiar with GHC internals answer why PROT_EXEC is used in getMBlocks?
It's not possible to correctly implement 'foreign import ccall "wrapper"' without self-modifying code on any mainstream computer architecture. Does this program work on your no-PROT_EXEC ghc? : {-# OPTIONS_GHC -ffi #-} import Foreign foreign import ccall "wrapper" wrap :: IO () -> IO (FunPtr (IO ())) foreign import ccall "dynamic" call :: FunPtr (IO ()) -> IO () main = call =<< wrap (print "hi!") Stefan