[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.0.999.0711010809171.3342@woody.linux-foundation.org>
Date: Thu, 1 Nov 2007 08:14:47 -0700 (PDT)
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Nick Piggin <npiggin@...e.de>
cc: Duane Griffin <duaneg@...da.com>,
linux-kernel Mailing List <linux-kernel@...r.kernel.org>,
stable@...nel.org
Subject: Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb
causes unkillable spinning
On Thu, 1 Nov 2007, Nick Piggin wrote:
> On Wed, Oct 31, 2007 at 04:08:21PM -0700, Linus Torvalds wrote:
> >
> > We made much bigger changes to ptrace support when we disallowed writing
> > to read-only shared memory areas (we used to do the magic per-page COW
> > thing).
>
> Really? No, we still do that magic COW thing which creates anonymous
> pages in MAP_SHARED vmas, don't we?
No, we don't. I'm pretty sure. It didn't work with the VM cleanups, since
the MAP_SHARED vma's won't be on the anonymous list any more, and cannot
be swapped out.
So now, if you try to write to a read-only shared page through ptrace,
you'll get "Unable to access".
Of course, I didn't really look closely, so maybe I just don't remember
things right..
> > access_vm_pages() (things like core-dumping comes to mind - although I
> > think we don't dump pure file mappings at all, do we?) it would certainly
> > be good to run any such tests on the current -git tree...
>
> We do for MAP_SHARED|MAP_ANONYMOUS, by the looks.
Well, as we should. There's no way for a debugger to get those pages back.
So that all looks sane.
> - vm_flags |= VM_SHARED | VM_MAYSHARE;
> - if (!(file->f_mode & FMODE_WRITE))
> - vm_flags &= ~(VM_MAYWRITE | VM_SHARED);
> + vm_flags |= VM_MAYSHARE;
> + if (file->f_mode & FMODE_WRITE)
> + vm_flags |= VM_SHARED;
> + if (!(vm_flags & VM_WRITE))
> + vm_flags &= ~VM_MAYWRITE;
This looks totally bogus. What was the intent of this patch?
The VM_MAYWRITE flag is *not* supposed to track the VM_WRITE flag: that
would defeat the whole purpose of it! The whole point of that flag is to
say whether mprotect() could turn it into a VM_WRITE mapping, and it
depends on the file mode, not VM_WRITE!
> vm_flags |= VM_SHARED | VM_MAYSHARE;
> + if (!(vm_flags & VM_WRITE))
> + vm_flags &= ~VM_MAYWRITE;
More apparent bogosities.
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists