sysvshm: Don't mprotect segments with PROT_EXEC

When fixing mprotected (ro) sysvshmems I used the PROT_EXEC flag
to keep the information about whether the segment itself should
be rw or ro. This flag leaked to sys_mprotect and some attachments
of the segment became executable after restore.

Fix this by dropping the EXEC flag.

https://github.com/xemul/criu/issues/180Reported-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>

criu/pie/restorer.c

@@ -505,13 +505,14 @@ static long restore_self_exe_late(struct task_restore_args *args)
 	return ret;
 }
 
-static unsigned long restore_mapping(const VmaEntry *vma_entry)
+static unsigned long restore_mapping(VmaEntry *vma_entry)
 {
 	int prot	= vma_entry->prot;
 	int flags	= vma_entry->flags | MAP_FIXED;
 	unsigned long addr;
 
 	if (vma_entry_is(vma_entry, VMA_AREA_SYSVIPC)) {
+		int att_flags;
 		/*
 		 * See comment in open_shmem_sysv() for what SYSV_SHMEM_SKIP_FD
 		 * means and why we check for PROT_EXEC few lines below.
@@ -519,9 +520,14 @@ static unsigned long restore_mapping(const VmaEntry *vma_entry)
 		if (vma_entry->fd == SYSV_SHMEM_SKIP_FD)
 			return vma_entry->start;
 
+		if (vma_entry->prot & PROT_EXEC) {
+			att_flags = 0;
+			vma_entry->prot &= ~PROT_EXEC;
+		} else
+			att_flags = SHM_RDONLY;
+
 		pr_info("Attach SYSV shmem %d at %"PRIx64"\n", (int)vma_entry->fd, vma_entry->start);
-		return sys_shmat(vma_entry->fd, decode_pointer(vma_entry->start),
-				vma_entry->prot & PROT_EXEC ? 0 : SHM_RDONLY);
+		return sys_shmat(vma_entry->fd, decode_pointer(vma_entry->start), att_flags);
 	}
 
 	/*