| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Nov 2007 08:14:47 -0700 (PDT) From: Linus Torvalds <torvalds@...ux-foundation.org> To: Nick Piggin <npiggin@...e.de> cc: Duane Griffin <duaneg@...da.com>, linux-kernel Mailing List <linux-kernel@...r.kernel.org>, stable@...nel.org Subject: Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning On Thu, 1 Nov 2007, Nick Piggin wrote: > On Wed, Oct 31, 2007 at 04:08:21PM -0700, Linus Torvalds wrote: > > > > We made much bigger changes to ptrace support when we disallowed writing > > to read-only shared memory areas (we used to do the magic per-page COW > > thing). > > Really? No, we still do that magic COW thing which creates anonymous > pages in MAP_SHARED vmas, don't we? No, we don't. I'm pretty sure. It didn't work with the VM cleanups, since the MAP_SHARED vma's won't be on the anonymous list any more, and cannot be swapped out. So now, if you try to write to a read-only shared page through ptrace, you'll get "Unable to access". Of course, I didn't really look closely, so maybe I just don't remember things right.. > > access_vm_pages() (things like core-dumping comes to mind - although I > > think we don't dump pure file mappings at all, do we?) it would certainly > > be good to run any such tests on the current -git tree... > > We do for MAP_SHARED|MAP_ANONYMOUS, by the looks. Well, as we should. There's no way for a debugger to get those pages back. So that all looks sane. > - vm_flags |= VM_SHARED | VM_MAYSHARE; > - if (!(file->f_mode & FMODE_WRITE)) > - vm_flags &= ~(VM_MAYWRITE | VM_SHARED); > + vm_flags |= VM_MAYSHARE; > + if (file->f_mode & FMODE_WRITE) > + vm_flags |= VM_SHARED; > + if (!(vm_flags & VM_WRITE)) > + vm_flags &= ~VM_MAYWRITE; This looks totally bogus. What was the intent of this patch? The VM_MAYWRITE flag is *not* supposed to track the VM_WRITE flag: that would defeat the whole purpose of it! The whole point of that flag is to say whether mprotect() could turn it into a VM_WRITE mapping, and it depends on the file mode, not VM_WRITE! > vm_flags |= VM_SHARED | VM_MAYSHARE; > + if (!(vm_flags & VM_WRITE)) > + vm_flags &= ~VM_MAYWRITE; More apparent bogosities. Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists