[PATCH] grep: fall back to interpreter mode if JIT fails

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Mathias Krause <minipli@grsecurity.net>
To: git@vger.kernel.org
Cc: "Mathias Krause" <minipli@grsecurity.net>,
	"Carlo Marcelo Arenas Belón" <carenas@gmail.com>
Subject: [PATCH] grep: fall back to interpreter mode if JIT fails
Date: Fri, 16 Dec 2022 13:15:57 +0100	[thread overview]
Message-ID: <20221216121557.30714-1-minipli@grsecurity.net> (raw)

From: Carlo Marcelo Arenas Belón <carenas@gmail.com>

Under Linux systems with SELinux's 'deny_execmem' or PaX's MPROTECT
enabled, the allocation of PCRE2's JIT rwx memory may be prohibited,
making pcre2_jit_compile() fail with PCRE2_ERROR_NOMEMORY (-48):

  [user@fedora git]$ git grep -c PCRE2_JIT
  grep.c:1

  [user@fedora git]$ # Enable SELinux's W^X policy
  [user@fedora git]$ sudo semanage boolean -m -1 deny_execmem

  [user@fedora git]$ # JIT memory allocation fails, breaking 'git grep'
  [user@fedora git]$ git grep -c PCRE2_JIT
  fatal: Couldn't JIT the PCRE2 pattern 'PCRE2_JIT', got '-48'

Instead of failing hard in this case and making 'git grep' unusable on
such systems, simply fall back to interpreter mode, leading to a much
better user experience.

Such a change was already proposed 4 years ago [1] but wasn't merged for
unknown reasons.

1. https://lore.kernel.org/r/20181209230024.43444-3-carenas@gmail.com

Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
Signed-off-by: Mathias Krause <minipli@grsecurity.net>	# tweaked changelog, added comment
---
 grep.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/grep.c b/grep.c
index 06eed694936c..f2ada528b21d 100644
--- a/grep.c
+++ b/grep.c
@@ -317,8 +317,21 @@ static void compile_pcre2_pattern(struct grep_pat *p, const struct grep_opt *opt
 	pcre2_config(PCRE2_CONFIG_JIT, &p->pcre2_jit_on);
 	if (p->pcre2_jit_on) {
 		jitret = pcre2_jit_compile(p->pcre2_pattern, PCRE2_JIT_COMPLETE);
-		if (jitret)
-			die("Couldn't JIT the PCRE2 pattern '%s', got '%d'\n", p->pattern, jitret);
+		if (jitret) {
+			/*
+			 * Even though pcre2_config(PCRE2_CONFIG_JIT, ...)
+			 * indicated JIT support, the library might still
+			 * fail to generate JIT code for various reasons,
+			 * e.g. when SELinux's 'deny_execmem' or PaX's
+			 * MPROTECT prevent creating W|X memory mappings.
+			 *
+			 * Instead of faling hard, fall back to interpreter
+			 * mode, just as if the pattern was prefixed with
+			 * '(*NO_JIT)'.
+			 */
+			p->pcre2_jit_on = 0;
+			return;
+		}
 
 		/*
 		 * The pcre2_config(PCRE2_CONFIG_JIT, ...) call just
-- 
2.35.1

next             reply	other threads:[~2022-12-16 12:16 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-16 12:15 Mathias Krause [this message]
2022-12-16 16:12 ` [PATCH] grep: fall back to interpreter mode if JIT fails Ævar Arnfjörð Bjarmason
2022-12-16 19:26   ` Mathias Krause
2022-12-16 23:09     ` Junio C Hamano
2022-12-17  2:50       ` Carlo Arenas
2022-12-19  9:00         ` Ævar Arnfjörð Bjarmason
2022-12-20 19:29           ` Mathias Krause
2022-12-20 21:11             ` Ævar Arnfjörð Bjarmason
2023-01-18 14:22               ` Mathias Krause
2023-01-18 15:44                 ` Ævar Arnfjörð Bjarmason
2023-01-19  9:19                   ` Mathias Krause
2022-12-16 22:52 ` Junio C Hamano
2022-12-20 20:40   ` Mathias Krause
2023-01-27 15:49 ` [PATCH v2] grep: fall back to interpreter if JIT memory allocation fails Mathias Krause
2023-01-27 16:34   ` Junio C Hamano
2023-01-27 17:39     ` Junio C Hamano
2023-01-27 18:46       ` Junio C Hamano
2023-01-29 13:37         ` Mathias Krause
2023-01-29 13:36       ` Mathias Krause
2023-01-29 17:15         ` Junio C Hamano
2023-01-30 10:56           ` Ævar Arnfjörð Bjarmason
2023-01-30 18:49             ` Junio C Hamano
2023-01-31  8:34               ` Ævar Arnfjörð Bjarmason
2023-01-30 11:08           ` Mathias Krause
2023-01-30 18:54             ` Junio C Hamano
2023-01-30 20:08               ` Junio C Hamano
2023-01-30 21:21                 ` Junio C Hamano
2023-01-30 22:30                   ` Ramsay Jones
2023-01-30 23:27                     ` Junio C Hamano
2023-01-31  7:48                   ` Mathias Krause
2023-01-31 16:41                     ` Junio C Hamano
2023-01-31 18:34                       ` Mathias Krause
2023-01-31  7:30                 ` Mathias Krause
2023-01-29 12:28     ` Mathias Krause
2023-01-31 18:56   ` [PATCH v3] " Mathias Krause
2023-01-31 21:05     ` Junio C Hamano

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:06eed694936 dfblob:f2ada528b21 )
 OR (
bs:"[PATCH] grep: fall back to interpreter mode if JIT fails" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221216121557.30714-1-minipli@grsecurity.net \
    --to=minipli@grsecurity.net \
    --cc=carenas@gmail.com \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).