From 95e8ffa97e413c19c7257c9e6dc9511e98347b68 Mon Sep 17 00:00:00 2001
From: Micah Elizabeth Scott <beth@torproject.org>
Date: Fri, 25 Aug 2023 10:31:33 -0700
Subject: [PATCH] hashx: Fix compiled hash function on NetBSD

NetBSD includes the idea of a 'maximum protection' per-region,
and an mprotect which exceeds the max protection will be denied.

If we explicitly ask for a maximum which includes execute permission, we
can successfully swap our code buffer's permissions between read-write
and read-execute when each hash program is compiled.

With this patch, the crypto/hashx tests pass on NetBSD 9.
This addresses bug #40844
---
 src/ext/equix/hashx/src/virtual_memory.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/ext/equix/hashx/src/virtual_memory.c b/src/ext/equix/hashx/src/virtual_memory.c
index a3a68f44b9..564325b641 100644
--- a/src/ext/equix/hashx/src/virtual_memory.c
+++ b/src/ext/equix/hashx/src/virtual_memory.c
@@ -18,6 +18,11 @@
 #define PAGE_READWRITE (PROT_READ | PROT_WRITE)
 #define PAGE_EXECUTE_READ (PROT_READ | PROT_EXEC)
 #define PAGE_EXECUTE_READWRITE (PROT_READ | PROT_WRITE | PROT_EXEC)
+#if defined(__NetBSD__) && defined(PROT_MPROTECT)
+#define PAGE_MMAP_PROT (PAGE_READWRITE | PROT_MPROTECT(PROT_EXEC))
+#else
+#define PAGE_MMAP_PROT PAGE_READWRITE
+#endif
 #endif
 
 #ifdef HASHX_WIN
@@ -57,7 +62,7 @@ void* hashx_vm_alloc(size_t bytes) {
 #ifdef HASHX_WIN
 	mem = VirtualAlloc(NULL, bytes, MEM_COMMIT, PAGE_READWRITE);
 #else
-	mem = mmap(NULL, bytes, PAGE_READWRITE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
+	mem = mmap(NULL, bytes, PAGE_MMAP_PROT, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
 	if (mem == MAP_FAILED)
 		return NULL;
 #endif