Latest libffi master deprecated ffi_prep_closure for ffi_prep_closure_loc
124 views
Skip to first unread message
Richard Moseley
Nov 11, 2016, 1:21:07 PM11/11/16
to python-cffi
I have a library that is using cffi to call into a legacy Informix/IBM CISAM library using the latest source code from the git repository for libffi, due to become 4.x.x.
This has made the ffi_prep_closure function deprecated in preference for ffi_prep_closure_loc since it does not handle the situation where the memory allocated for the ffi_cif and the function execution address are not the same.
The library is still in alpha stage and has both a ctypes and cffi backend (both of course using libffi), and is available from https://github.com/rpmoseley/pyisam.git.
There is a comment in the source code that mentions an undocumented function ffi_prep_closure_loc, which is documented in the latest code for libffi.
Looking at the implementation of cffi, there is code to provide instances of the ffi_closure object that does not use the new ffi_closure_alloc and ffi_closure_free functions which have been added to support the separation of memory allocation and execution of code which means they may be different, and may answer why it is not possible to mmap an area with PROT_EXEC in some situations.
Not knowing in detail how this code works, I was wondering what would be the best way to provide a forward compatible way of calling functions at runtime, like the CISAM library functions.
Richard Moseley
This has made the ffi_prep_closure function deprecated in preference for ffi_prep_closure_loc since it does not handle the situation where the memory allocated for the ffi_cif and the function execution address are not the same.
The library is still in alpha stage and has both a ctypes and cffi backend (both of course using libffi), and is available from https://github.com/rpmoseley/pyisam.git.
There is a comment in the source code that mentions an undocumented function ffi_prep_closure_loc, which is documented in the latest code for libffi.
Looking at the implementation of cffi, there is code to provide instances of the ffi_closure object that does not use the new ffi_closure_alloc and ffi_closure_free functions which have been added to support the separation of memory allocation and execution of code which means they may be different, and may answer why it is not possible to mmap an area with PROT_EXEC in some situations.
Not knowing in detail how this code works, I was wondering what would be the best way to provide a forward compatible way of calling functions at runtime, like the CISAM library functions.
Richard Moseley
Armin Rigo
Nov 12, 2016, 8:28:32 AM11/12/16
to pytho...@googlegroups.com
Hi Richard,
On 11 November 2016 at 19:21, Richard Moseley <richard...@gmail.com> wrote:
> Looking at the implementation of cffi, there is code to provide instances of
> the ffi_closure object that does not use the new ffi_closure_alloc and
> ffi_closure_free functions which have been added to support the separation
> of memory allocation and execution of code which means they may be
> different, and may answer why it is not possible to mmap an area with
> PROT_EXEC in some situations.
The reason cffi doesn't use the ffi_prep_closure_loc function is that
it is completely broken in the presence of fork(). A program using
fork() and ffi_prep_closure_loc() can crash completely. See
https://bitbucket.org/cffi/cffi/issues/231/writeable-memory-execution-execmem-with
and the pages it links to for more details.
If the situation in libffi has changed and the bug was fixed, it'd
love to hear about it. Otherwise, cffi will continue to provide the
current situation: SELinux users must configure a parameter in order
to use cffi's old-style callbacks or call C function *pointers* from
Python. This parameter, deny_execmem=off, lowers the security level
but is (as far as I can tell) less bad than the fork() crash opening
the door to more serious security issues.
A bientôt,
Armin.
On 11 November 2016 at 19:21, Richard Moseley <richard...@gmail.com> wrote:
> Looking at the implementation of cffi, there is code to provide instances of
> the ffi_closure object that does not use the new ffi_closure_alloc and
> ffi_closure_free functions which have been added to support the separation
> of memory allocation and execution of code which means they may be
> different, and may answer why it is not possible to mmap an area with
> PROT_EXEC in some situations.
it is completely broken in the presence of fork(). A program using
fork() and ffi_prep_closure_loc() can crash completely. See
https://bitbucket.org/cffi/cffi/issues/231/writeable-memory-execution-execmem-with
and the pages it links to for more details.
If the situation in libffi has changed and the bug was fixed, it'd
love to hear about it. Otherwise, cffi will continue to provide the
current situation: SELinux users must configure a parameter in order
to use cffi's old-style callbacks or call C function *pointers* from
Python. This parameter, deny_execmem=off, lowers the security level
but is (as far as I can tell) less bad than the fork() crash opening
the door to more serious security issues.
A bientôt,
Armin.
Reply all
Reply to author
Forward
0 new messages