apply text read+execute permissions, only after post linker does its thing. If there are no delayed relocations then we can apply it early on after the module image has been created

Author: elfmaster

shiva_module.c

@@ -2614,6 +2614,18 @@ set_linker_mode(struct shiva_module *linker)
 	}
 	return;
 }
+static bool
+apply_memory_protection(struct shiva_module *linker)
+{
+	if (mprotect(linker->text_mem,
+	    ELF_PAGEALIGN(linker->text_size, PAGE_SIZE),
+	    PROT_READ|PROT_EXEC) < 0) {
+		perror("mprotect");
+		return false;
+	}
+	return true;
+}
+
 /*
  * NOTE: const char *path: path to the ELF module
  */
@@ -2715,6 +2727,12 @@ shiva_module_loader(struct shiva_ctx *ctx, const char *path, struct shiva_module
 		shiva_debug("Failed to resolve PLTGOT entries\n");
 		return false;
 	}
+	if ((linker->flags & SHIVA_MODULE_F_DELAYED_RELOCS) == 0) {
+		if (apply_memory_protection(linker) == false) {
+			shiva_debug("Failed to apply module segment memory protection\n");
+			return false;
+		}
+	}
 
 	/*
 	 * If we are linking a Shiva module, then we pass control to the

shiva_post_linker.c

@@ -53,6 +53,18 @@ shiva_post_linker(void)
 	shiva_debug("Transfering control to %#lx\n", ctx_global->ulexec.entry_point);
 	test_mark();
 
+	/*
+	 * Mark the text segment as writable now that there won't
+	 * be any final fixups in the modules .text.
+	 */
+	if (mprotect(ctx_global->module.runtime->text_mem,
+	    ELF_PAGEALIGN(ctx_global->module.runtime->text_size,
+	    PAGE_SIZE),
+	    PROT_READ|PROT_EXEC) < 0) {
+		perror("mprotect");
+		return false;
+	}
+
 	__asm__ __volatile__ ("mov x21, %0" :: "r"(ctx_global->ulexec.entry_point));
 	return;
 }