Merge release-20190806.1-217-g53cc72d (automated)

author: gVisor bot <gvisor-bot@google.com> 2019-10-01 18:34:15 +0000
committer: gVisor bot <gvisor-bot@google.com> 2019-10-01 18:34:15 +0000
commit: a4451bf8f04dee416c0e0424d5912645e58203e9 (patch)
tree: 3c07adebd52dd801baafb126193239dd6f7527e2
parent: 6a442e95092635b0b14085caaa5e8cb5b1fed58e (diff)
parent: 53cc72da90f5b5a76b024b47fe4e38a81b495eb4 (diff)
1 files changed, 11 insertions, 7 deletions
diff --git a/pkg/sentry/loader/elf.go b/pkg/sentry/loader/elf.go
index ba9c9ce12..2d9251e92 100644
--- a/pkg/sentry/loader/elf.go
+++ b/pkg/sentry/loader/elf.go
@@ -323,18 +323,22 @@ func mapSegment(ctx context.Context, m *mm.MemoryManager, f *fs.File, phdr *elf.
 			return syserror.ENOEXEC
 		}
 
+		// N.B. Linux uses vm_brk_flags to map these pages, which only
+		// honors the X bit, always mapping at least RW. ignoring These
+		// pages are not included in the final brk region.
+		prot := usermem.ReadWrite
+		if phdr.Flags&elf.PF_X == elf.PF_X {
+			prot.Execute = true
+		}
+
 		if _, err := m.MMap(ctx, memmap.MMapOpts{
 			Length: uint64(anonSize),
 			Addr:   anonAddr,
 			// Fixed without Unmap will fail the mmap if something is
 			// already at addr.
-			Fixed:   true,
-			Private: true,
-			// N.B. Linux uses vm_brk to map these pages, ignoring
-			// the segment protections, instead always mapping RW.
-			// These pages are not included in the final brk
-			// region.
-			Perms:    usermem.ReadWrite,
+			Fixed:    true,
+			Private:  true,
+			Perms:    prot,
 			MaxPerms: usermem.AnyAccess,
 		}); err != nil {
 			ctx.Infof("Error mapping PT_LOAD segment %v anonymous memory: %v", phdr, err)
author	gVisor bot <gvisor-bot@google.com>	2019-10-01 18:34:15 +0000
committer	gVisor bot <gvisor-bot@google.com>	2019-10-01 18:34:15 +0000
commit	a4451bf8f04dee416c0e0424d5912645e58203e9 (patch)
tree	3c07adebd52dd801baafb126193239dd6f7527e2
parent	6a442e95092635b0b14085caaa5e8cb5b1fed58e (diff)
parent	53cc72da90f5b5a76b024b47fe4e38a81b495eb4 (diff)