| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130720152246.GA588@redhat.com> Date: Sat, 20 Jul 2013 17:22:46 +0200 From: Oleg Nesterov <oleg@...hat.com> To: Hugh Dickins <hughd@...gle.com>, Andrew Morton <akpm@...ux-foundation.org> Cc: Al Viro <viro@...iv.linux.org.uk>, Colin Cross <ccross@...roid.com>, David Rientjes <rientjes@...gle.com>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, linux-kernel@...r.kernel.org Subject: [PATCH v2 0/1] mm: shift VM_GROWS* check from mmap_region() to do_mmap_pgoff() Andrew, This patch replaces the buggy mm-shift-vm_grows-check-from-mmap_region-to-do_mmap_pgoff.patch I do not send the *-fix.patch because I'd like to update the changelog. However it needs the explicit ack from Hugh. On 07/19, Hugh Dickins wrote: > > On Tue, 16 Jul 2013, Andrew Morton wrote: > > On Sun, 14 Jul 2013 18:54:51 +0200 Oleg Nesterov <oleg@...hat.com> wrote: > > > > > mmap() doesn't allow the non-anonymous mappings with VM_GROWS* bit set. > > > In particular this means that mmap_region()->vma_merge(file, vm_flags) > > > must always fail if vm_flags & VM_GROWS. > > I didn't understand that sentence: if file is non-NULL perhaps? Yes, this looks confusing, sorry. I meant, vma_merge() must fail if "vm_flags & VM_GROWS" is set incorrectly. is_mergeable_vma() compares both vm_file and vm_flags. Even if file == NULL (at this stage), "VM_SHARED | VM_GROWS" is not correct too, and vma_merge() can't succeed. And, to clarify, I only mentioned this because I tried to convince myself that this change (if correct) can't make any difference except "avoid the not-really-correct do_munmap". > > > So it does not make sense to > > > check VM_GROWS* after we already allocated the new vma, the only caller, > > > do_mmap_pgoff(), which can pass this flag can do the check itself. > > > > > > And this looks a bit more correct, mmap_region() already unmapped the > > > old mapping at this stage. But if mmap() is going to fail, it should > > > avoid do_munmap() if possible. > > I agree with the sentiment, but the patch looks wrong to me. Heh. You are right of course. > It did need staring, yes, but it looks NOK to me: this change permits > mmap(addr, len, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_GROWSDOWN, fd, off) > where fd is for a real file: And note that "Only MAP_PRIVATE|MAP_ANONYMOUS can use MAP_GROWS" even tries to document that "MAP_PRIVATE && file" is not allowed too. I have no idea how I managed to forget that MAP_PRIVATE never sets VM_MAYSHARE. Thanks a lot Hugh. Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists