lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170621155730.GA32554@redhat.com>
Date:   Wed, 21 Jun 2017 17:57:30 +0200
From:   Oleg Nesterov <oleg@...hat.com>
To:     Cyrill Gorcunov <gorcunov@...il.com>
Cc:     Hugh Dickins <hughd@...gle.com>, Andrey Vagin <avagin@...nvz.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Pavel Emelyanov <xemul@...tuozzo.com>,
        Dmitry Safonov <dsafonov@...tuozzo.com>,
        Andrew Morton <akpm@...uxfoundation.org>,
        Adrian Reber <areber@...hat.com>
Subject: Re: [criu] 1M guard page ruined restore

(add Adrian)

On 06/21, Cyrill Gorcunov wrote:
>
> The patches for criu are on the fly. Still one of the test case
> start failing with the new kernels. Basically the test does
> the following:

Cyrill, please read the last email I sent you in another (private) discussion.
Most probably you should throw out some tests which assume the kernel has the
stack-guard-page hack, it was replaced by the stack-guard-hole hack ;)

>  - allocate growsdown memory area
>  - touch first byte (which before the patch force the kernel
>    to extend the stack allocating new page)
>  - touch first-1 byte
> 
> ---
> int main(int argc, char **argv)
> {
> 	char *start_addr, *start_addr1, *fake_grow_down, *test_addr, *grow_down;
> 	volatile char *p;
> 
> 	start_addr = mmap(NULL, PAGE_SIZE * 10, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
> 	if (start_addr == MAP_FAILED) {
> 		printf("Can't mal a new region");
> 		return 1;
> 	}
> 	printf("start_addr %lx\n", start_addr);
> 	munmap(start_addr, PAGE_SIZE * 10);
> 
> 	fake_grow_down = mmap(start_addr + PAGE_SIZE * 5, PAGE_SIZE,
> 			 PROT_READ | PROT_WRITE,
> 			 MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED | MAP_GROWSDOWN, -1, 0);
> 	if (fake_grow_down == MAP_FAILED) {
> 		printf("Can't mal a new region");
> 		return 1;
> 	}
> 	printf("start_addr %lx\n", fake_grow_down);
> 
> 	p = fake_grow_down;
> 	*p-- = 'c';

I guess this works? I mean, *p-- = 'c' should not fail...

> 	*p = 'b';

OK, now we need to expand the stack. This can fail or not. This depends on
whether this vma (created by mmap(MAP_GROWSDOWN) has a stack_guard_gap hole
between its ->vm_prev.

> function get dropped off. Hugh, it is done on intent and
> userspace programs have to extend stack manually?

No. a MAP_GROWSDOWN area should grow automatically. Unless the hole between
vm_prev becomes less than stack_guard_gap.

This is the whole point of guard hole, or guard page we had before. Just the
previous implementation was not accurate, that is why criu had to have some
hacks to workaround.

It no longer needs to know about guard hole/page/whatever. Just remove
(conditionalize) all the MAP_GROWSDOWN code. Except, of course, you still
need to record MAP_GROWSDOWN in vma_area->e->flags (_vmflag_match), in order
to restore this vma correctly.

Oleg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ