Bug 147475

Summary:	Mesa DRI drivers disable exec-shield
Product:	[Fedora] Fedora	Reporter:	Mike A. Harris <mharris>
Component:	xorg-x11	Assignee:	X/OpenGL Maintenance List <xgl-maint>
Status:	CLOSED RAWHIDE	QA Contact:	David Lawrence <dkl>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	3	CC:	gajownik, jdennis, mjc
Target Milestone:	---	Keywords:	Triaged
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2006-01-18 00:30:07 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	150221

Description Mike A. Harris 2005-02-08 12:15:19 UTC

In XFree86 4.3.0, we had to patch the Mesa DRI drivers to call
mprotect and mark memory allocated for runtime code generation
with PROT_EXEC.  John Dennis created our patch that implemented
this, and I believe it was submitted upstream, however a recent
report by Arjan shows that Mesa still disables exec-shield.

xorg-x11-6.8.1-23.EL.i386     
./usr/X11R6/lib/modules/dri/gamma_dri.so: stack=RWE
xorg-x11-6.8.1-23.EL.i386     
./usr/X11R6/lib/modules/dri/i810_dri.so: stack=RWE
xorg-x11-6.8.1-23.EL.i386     
./usr/X11R6/lib/modules/dri/i915_dri.so: stack=RWE
xorg-x11-6.8.1-23.EL.i386      ./usr/X11R6/lib/modules/dri/mga_dri.so:
 stack=RWE
xorg-x11-6.8.1-23.EL.i386     
./usr/X11R6/lib/modules/dri/r128_dri.so: stack=RWE
xorg-x11-6.8.1-23.EL.i386     
./usr/X11R6/lib/modules/dri/r200_dri.so: stack=RWE
xorg-x11-6.8.1-23.EL.i386     
./usr/X11R6/lib/modules/dri/radeon_dri.so: stack=RWE
xorg-x11-6.8.1-23.EL.i386     
./usr/X11R6/lib/modules/dri/tdfx_dri.so: stack=RWE
xorg-x11-libs-6.8.1-23.EL.i386 ./usr/X11R6/lib/libOSMesa.so.4.0:     
  stack=RWE


It appears the patch never got accepted and integrated into Mesa CVS.
The old patch is still present in our current xorg rpm disabled.

Here are my own thoughts on the proper approach for someone to
tackle fixing this:

1) Open a discussion on the topic on Mesa-dev mailing list to find
   out if current Mesa CVS head or any existing stable Mesa releases
   have already fixed this (or look at the CVS code directly).

2) Assuming it is still not fixed in Mesa CVS, propose a solution
   on mesa-dev and discuss it until Brian et al. agree the solution
   will be acceptable into the Mesa CVS tree.

3) If someone goes ahead and does the work, great.  If not, then we
   should implement the solution discussed and agreed upon on
   mesa-dev, and submit it to Mesa.

4) Once the code is checked into Mesa CVS (and no sooner IMHO), we
   should then backport it to the Mesa in Xorg CVS head and get it
   checked into Xorg CVS, and into Mesa CVS stable branch of same
   Mesa release.

5) Once it is in Xorg CVS head, we should backport it to 6.8.x,
   and get it checked into both Mesa and Xorg CVS stable branches
   assuming it's accepted.


The final step is applying the patches to our rpms, which I would
place at step 6, to ensure that this is fully handled upstream
before we ship patched rpms again, so that we know we wont have
to port it again and again and again forever.

Comment 2 Mike A. Harris 2005-02-08 12:27:21 UTC

*** Bug 147474 has been marked as a duplicate of this bug. ***

Comment 7 Mike A. Harris 2006-01-18 00:30:07 UTC

Fedora Core 3 is now transferred to the Fedora Legacy project.  This problem
should be resolved in rawhide X11R7 now, with Mesa 6.4.2, however there is
no plan on backporting this to older Fedora Core releases, as the code in
Mesa has changed significantly over time.

Users who desire an exec-shield friendly Mesa implementation, are encouraged
to upgrade to Fedora Core 5 once it is released.

Setting status to "RAWHIDE"