unix: pass PROT_MPROTECT(PROT_READ|PROT_WRITE) to initial Mmap on netbsd

On NetBSD PAX mprotect prohibits setting protection bits
missing from the original mmap call unless explicitly
requested with PROT_MPROTECT.

Fixes golang/go#58660

Change-Id: I1e97e920bc617ed1674855adaae5047638a30394
Reviewed-on: https://go-review.googlesource.com/c/sys/+/470775
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Auto-Submit: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Than McIntosh <thanm@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>

unix/mmap_unix_test.go

@@ -15,11 +15,21 @@ import (
 )
 
 func TestMmap(t *testing.T) {
-	b, err := unix.Mmap(-1, 0, unix.Getpagesize(), unix.PROT_NONE, unix.MAP_ANON|unix.MAP_PRIVATE)
+	mmapProt := unix.PROT_NONE
+	mprotectProt := unix.PROT_READ | unix.PROT_WRITE
+	// On NetBSD PAX mprotect prohibits setting protection bits
+	// missing from the original mmap call unless explicitly
+	// requested with PROT_MPROTECT.
+	if runtime.GOOS == "netbsd" {
+		// PROT_MPROTECT(x) is defined as ((x) << 3):
+		// https://github.com/NetBSD/src/blob/aba449a55bf91b44bc68f542edd9afa341962b89/sys/sys/mman.h#L73
+		mmapProt = mprotectProt << 3
+	}
+	b, err := unix.Mmap(-1, 0, unix.Getpagesize(), mmapProt, unix.MAP_ANON|unix.MAP_PRIVATE)
 	if err != nil {
 		t.Fatalf("Mmap: %v", err)
 	}
-	if err := unix.Mprotect(b, unix.PROT_READ|unix.PROT_WRITE); err != nil {
+	if err := unix.Mprotect(b, mprotectProt); err != nil {
 		t.Fatalf("Mprotect: %v", err)
 	}