Created attachment 325350 [details] libffi gentoo patch of the upstream patch Libffi fail to use PROT_EXEC in mmap and creat files to use when TPE is enable or if the filesystem is readonly systems. For now all apps that use the lib need MPROTECT disable. This patch make it work with MPROTECT on. We use the EMUTRAMP option. The patch is send upstream but looks like it is ignored.
Created attachment 325352 [details, diff] diff of the ebuild Diff of the ebuild.
(In reply to comment #1) i'm not sure why this is a configure option at all. wouldn't it be better to check the return of the mmap and the errno value ? seems like all code using libffi will continue to crash unless someone exports FFI_DISABLE_EMUTRAMP ahead of time. that isn't a good user interface.
(In reply to comment #2) > (In reply to comment #1) > > i'm not sure why this is a configure option at all. wouldn't it be better > to check the return of the mmap and the errno value ? > > seems like all code using libffi will continue to crash unless someone > exports FFI_DISABLE_EMUTRAMP ahead of time. that isn't a good user > interface. yes you're right, it would be better to check the return value. this also addresses the situation where someone doesn't enable the configure option because they don't think they'll be running a pax kernel and then they boot into one and suddenly libffi is borked.
this fix is in tree as 3.0.12_rc3, the final is out like within days