Fix EXEC permission of the volume mount when calling mmap with PROT_EXEC

[Yhinner]

Background

This is Xuzhou (Joe) from Snowflake Inc. We are currently working on utilizing gVisor internally as our secured sandboxing mechanism. We have met in-person with gVisor team last October sharing our use case and experiences with the gVisor team. As part of the meeting, we (Snowflake team) committed to contribute our internal fixes/improvements back to the upstream.

As part of compatibility testing with our previous mechanism, we found some behavior discrepancies between gVisor-emulated kernel and native linux kernel when making mmap system calls. Thus wanted to raise a pull request and see if this makes sense.

Issue we observed

On native linux kernel, when calling mmap syscall with PROT_EXEC on a file, linux kernel checks if the volume/file system backing the file is executable (ie. Has NOEXEC flag or not). If the volume has NOEXEC flag set, the syscall will fail with EPERM.

However, this behavior is not observed when running under gVisor. Instead, gvisor allows this system call to be made without any issue.

Thus this pull request aims to bring the same parity to gvisor implemented mmap syscall.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[Yhinner]

@nixprime Hey Jamie! Could you please help us review this pull request when you get time? Thank you!

[ayushr2]

LGTM, just nits.

[ayushr2]

I think the right check here would be EXPECT_NE(mmapRet, MAP_FAILED);

Also, rename mmapRet to addr

[Yhinner]

Thanks, I've updated the code now

[ayushr2]

Please wrap these comments to 80 chars as well.