| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4DFCF13F.50401@cslab.ece.ntua.gr>
Date: Sat, 18 Jun 2011 21:41:03 +0300
From: Vasileios Karakasis <bkk@...ab.ece.ntua.gr>
To: Andi Kleen <andi@...stfloor.org>
CC: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
linux-numa@...r.kernel.org
Subject: Re: [BUG] Invalid return address of mmap() followed by mbind() in
multithreaded context
That's right, but what I want to demonstrate is that the address
returned by mmap() is invalid and the dereference crashes the program,
while it shouldn't. I could equally omit this statement, in which case
mbind() would fail with EFAULT.
On 06/18/2011 09:12 PM, Andi Kleen wrote:
>> for (i = 0; i < NR_ITER; i++) {
>> addr = mmap(0, PAGE_SIZE, PROT_READ | PROT_WRITE,
>> MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
>> if (addr == (void *) -1) {
>> assert(0 && "mmap failed");
>> }
>> *addr = 0;
>>
>> err = mbind(addr, PAGE_SIZE, MPOL_BIND, &node, sizeof(node), 0);
>
> mbind() can be only done before the first touch. you're not actually testing
> numa policy.
>
> -andi
--
V.K.
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists