On systems without xonly mmu hardware-enforcement, we can still mitigate

On systems without xonly mmu hardware-enforcement, we can still mitigate
against classic BROP with a range-checking wrapper in front of copyin() and
copyinstr() which ensures the userland source doesn't overlap the main program
text, ld.so text, signal tramp text (it's mapping is hard to distinguish
so it comes along for the ride), or libc.so text.  ld.so tells the kernel
libc.so text range with msyscall(2).  The range checking for 2-4 elements is
done without locking (because all 4 ranges are immutable!) and is inexpensive.

write(sock, &open, 400) now fails with EFAULT.  No programs have been
discovered which require reading their own text segments with a system call.

On a machine without mmu enforcement, a test program reports the following:
                  userland   kernel
ld.so             readable   unreadable
mmap xz           unreadable unreadable
mmap x            readable   readable
mmap nrx          readable   readable
mmap nwx          readable   readable
mmap xnwx         readable   readable
main              readable   unreadable
libc unmapped?    readable   unreadable
libc mapped       readable   unreadable

ok kettenis, additional help from miod