| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Mar 2015 11:37:33 +0100
From: Laurent Dufour <ldufour@...ux.vnet.ibm.com>
To: Ingo Molnar <mingo@...nel.org>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>
CC: Paul Mackerras <paulus@...ba.org>,
Michael Ellerman <mpe@...erman.id.au>,
Jeff Dike <jdike@...toit.com>,
Richard Weinberger <richard@....at>,
Guan Xuetao <gxt@...c.pku.edu.cn>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
Arnd Bergmann <arnd@...db.de>, linuxppc-dev@...ts.ozlabs.org,
linux-kernel@...r.kernel.org, linux-s390@...r.kernel.org,
user-mode-linux-devel@...ts.sourceforge.net,
user-mode-linux-user@...ts.sourceforge.net,
linux-arch@...r.kernel.org, linux-mm@...ck.org, cov@...eaurora.org,
criu@...nvz.org
Subject: Re: [PATCH v3 2/2] powerpc/mm: Tracking vDSO remap
On 26/03/2015 10:43, Ingo Molnar wrote:
>
> * Benjamin Herrenschmidt <benh@...nel.crashing.org> wrote:
>
>> On Wed, 2015-03-25 at 19:36 +0100, Ingo Molnar wrote:
>>> * Ingo Molnar <mingo@...nel.org> wrote:
>>>
>>>>> +#define __HAVE_ARCH_REMAP
>>>>> +static inline void arch_remap(struct mm_struct *mm,
>>>>> + unsigned long old_start, unsigned long old_end,
>>>>> + unsigned long new_start, unsigned long new_end)
>>>>> +{
>>>>> + /*
>>>>> + * mremap() doesn't allow moving multiple vmas so we can limit the
>>>>> + * check to old_start == vdso_base.
>>>>> + */
>>>>> + if (old_start == mm->context.vdso_base)
>>>>> + mm->context.vdso_base = new_start;
>>>>> +}
>>>>
>>>> mremap() doesn't allow moving multiple vmas, but it allows the
>>>> movement of multi-page vmas and it also allows partial mremap()s,
>>>> where it will split up a vma.
>>>
>>> I.e. mremap() supports the shrinking (and growing) of vmas. In that
>>> case mremap() will unmap the end of the vma and will shrink the
>>> remaining vDSO vma.
>>>
>>> Doesn't that result in a non-working vDSO that should zero out
>>> vdso_base?
>>
>> Right. Now we can't completely prevent the user from shooting itself
>> in the foot I suppose, though there is a legit usage scenario which
>> is to move the vDSO around which it would be nice to support. I
>> think it's reasonable to put the onus on the user here to do the
>> right thing.
>
> I argue we should use the right condition to clear vdso_base: if the
> vDSO gets at least partially unmapped. Otherwise there's little point
> in the whole patch: either correctly track whether the vDSO is OK, or
> don't ...
That's a good option, but it may be hard to achieve in the case the vDSO
area has been splitted in multiple pieces.
Not sure there is a right way to handle that, here this is a best
effort, allowing a process to unmap its vDSO and having the sigreturn
call done through the stack area (it has to make it executable).
Anyway I'll dig into that, assuming that the vdso_base pointer should be
clear if a part of the vDSO is moved or unmapped. The patch will be
larger since I'll have to get the vDSO size which is private to the
vdso.c file.
> There's also the question of mprotect(): can users mprotect() the vDSO
> on PowerPC?
Yes, mprotect() the vDSO is allowed on PowerPC, as it is on x86, and
certainly all the other architectures.
Furthermore, if it is done on a partial part of the vDSO it is splitting
the vma...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists