Peter Beutner p.beutner@gmx.net writes:
But as linux can't just switch on/off the protection for specific processes, wine has to emulate it by marking all readable memory as executable as well. And as all this happens behind the application's back, I would still go with my first proposal to just pair every PROT_READ with a PROT_EXEC in dlls/ntdll/virtual.c:VIRTUAL_GetUnixProt().
Does that sound acceptable?
Given your investigations that sounds reasonable, yes, thanks for taking the time to look into this. Does something like this work for you?
diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c index 99c90c4..4d15779 100644 --- a/dlls/ntdll/loader.c +++ b/dlls/ntdll/loader.c @@ -2126,6 +2126,8 @@ void WINAPI LdrInitializeThunk( ULONG unknown1, ULONG unknown2, ULONG unknown3,
peb->ProcessParameters->ImagePathName = wm->ldr.FullDllName; version_init( wm->ldr.FullDllName.Buffer ); + if (!(nt->OptionalHeader.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_NX_COMPAT)) + VIRTUAL_SetForceExec( TRUE );
/* the main exe needs to be the first in the load order list */ RemoveEntryList( &wm->ldr.InLoadOrderModuleList ); diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h index 781afa5..a7ef8df 100644 --- a/dlls/ntdll/ntdll_misc.h +++ b/dlls/ntdll/ntdll_misc.h @@ -112,6 +112,7 @@ extern NTSTATUS DIR_get_unix_cwd( char **cwd ); /* virtual memory */ extern NTSTATUS VIRTUAL_HandleFault(LPCVOID addr); extern BOOL VIRTUAL_HasMapping( LPCVOID addr ); +extern void VIRTUAL_SetForceExec( BOOL enable ); extern void VIRTUAL_UseLargeAddressSpace(void);
extern BOOL is_current_process( HANDLE handle ); diff --git a/dlls/ntdll/virtual.c b/dlls/ntdll/virtual.c index 573072e..5da929b 100644 --- a/dlls/ntdll/virtual.c +++ b/dlls/ntdll/virtual.c @@ -143,6 +143,9 @@ static void *user_space_limit = USER_SPACE_LIMIT; static void *preload_reserve_start; static void *preload_reserve_end; static int use_locks; +static int force_exec_prot; /* whether to force PROT_EXEC on all PROT_READ mmaps */ + +static int VIRTUAL_GetUnixProt( BYTE vprot );
/*********************************************************************** @@ -391,6 +394,7 @@ static NTSTATUS create_view( struct file_view **view_ret, void *base, size_t siz { struct file_view *view; struct list *ptr; + int unix_prot = VIRTUAL_GetUnixProt( vprot );
assert( !((UINT_PTR)base & page_mask) ); assert( !(size & page_mask) ); @@ -446,6 +450,12 @@ static NTSTATUS create_view( struct file_view **view_ret, void *base, size_t siz
*view_ret = view; VIRTUAL_DEBUG_DUMP_VIEW( view ); + + if (force_exec_prot && (unix_prot & PROT_READ) && !(unix_prot & PROT_EXEC)) + { + TRACE( "forcing exec permission on %p-%p\n", base, (char *)base + size - 1 ); + mprotect( base, size, unix_prot | PROT_EXEC ); + } return STATUS_SUCCESS; }
@@ -555,12 +565,22 @@ static BOOL VIRTUAL_SetProt( FILE_VIEW *view, /* [in] Pointer to view */ size_t size, /* [in] Size in bytes */ BYTE vprot ) /* [in] Protections to use */ { + int unix_prot = VIRTUAL_GetUnixProt(vprot); + TRACE("%p-%p %s\n", base, (char *)base + size - 1, VIRTUAL_GetProtStr( vprot ) );
- if (mprotect( base, size, VIRTUAL_GetUnixProt(vprot) )) - return FALSE; /* FIXME: last error */ + if (force_exec_prot && (unix_prot & PROT_READ) && !(unix_prot & PROT_EXEC)) + { + TRACE( "forcing exec permission on %p-%p\n", base, (char *)base + size - 1 ); + if (!mprotect( base, size, unix_prot | PROT_EXEC )) goto done; + /* exec + write may legitimately fail, in that case fall back to write only */ + if (!(unix_prot & PROT_WRITE)) return FALSE; + }
+ if (mprotect( base, size, unix_prot )) return FALSE; /* FIXME: last error */ + +done: memset( view->prot + (((char *)base - (char *)view->base) >> page_shift), vprot, size >> page_shift ); VIRTUAL_DEBUG_DUMP_VIEW( view ); @@ -1285,6 +1305,61 @@ BOOL VIRTUAL_HasMapping( LPCVOID addr )
/*********************************************************************** + * VIRTUAL_SetForceExec + * + * Whether to force exec prot on all views. + */ +void VIRTUAL_SetForceExec( BOOL enable ) +{ + struct file_view *view; + + RtlEnterCriticalSection( &csVirtual ); + if (!force_exec_prot != !enable) /* change all existing views */ + { + force_exec_prot = enable; + + LIST_FOR_EACH_ENTRY( view, &views_list, struct file_view, entry ) + { + UINT i, count; + int unix_prot; + char *addr = view->base; + BYTE prot = view->prot[0]; + + for (count = i = 1; i < view->size >> page_shift; i++, count++) + { + if (view->prot[i] == prot) continue; + unix_prot = VIRTUAL_GetUnixProt( prot ); + if ((unix_prot & PROT_READ) && !(unix_prot & PROT_EXEC)) + { + TRACE( "%s exec prot for %p-%p\n", + force_exec_prot ? "enabling" : "disabling", + addr, addr + (count << page_shift) - 1 ); + mprotect( addr, count << page_shift, + unix_prot | (force_exec_prot ? PROT_EXEC : 0) ); + } + addr += (count << page_shift); + prot = view->prot[i]; + count = 0; + } + if (count) + { + unix_prot = VIRTUAL_GetUnixProt( prot ); + if ((unix_prot & PROT_READ) && !(unix_prot & PROT_EXEC)) + { + TRACE( "%s exec prot for %p-%p\n", + force_exec_prot ? "enabling" : "disabling", + addr, addr + (count << page_shift) - 1 ); + mprotect( addr, count << page_shift, + unix_prot | (force_exec_prot ? PROT_EXEC : 0) ); + } + } + } + } + RtlLeaveCriticalSection( &csVirtual ); +} + + +/*********************************************************************** * VIRTUAL_UseLargeAddressSpace * * Increase the address space size for apps that support it.