| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Jun 2017 17:57:30 +0200
From: Oleg Nesterov <oleg@...hat.com>
To: Cyrill Gorcunov <gorcunov@...il.com>
Cc: Hugh Dickins <hughd@...gle.com>, Andrey Vagin <avagin@...nvz.org>,
LKML <linux-kernel@...r.kernel.org>,
Pavel Emelyanov <xemul@...tuozzo.com>,
Dmitry Safonov <dsafonov@...tuozzo.com>,
Andrew Morton <akpm@...uxfoundation.org>,
Adrian Reber <areber@...hat.com>
Subject: Re: [criu] 1M guard page ruined restore
(add Adrian)
On 06/21, Cyrill Gorcunov wrote:
>
> The patches for criu are on the fly. Still one of the test case
> start failing with the new kernels. Basically the test does
> the following:
Cyrill, please read the last email I sent you in another (private) discussion.
Most probably you should throw out some tests which assume the kernel has the
stack-guard-page hack, it was replaced by the stack-guard-hole hack ;)
> - allocate growsdown memory area
> - touch first byte (which before the patch force the kernel
> to extend the stack allocating new page)
> - touch first-1 byte
>
> ---
> int main(int argc, char **argv)
> {
> char *start_addr, *start_addr1, *fake_grow_down, *test_addr, *grow_down;
> volatile char *p;
>
> start_addr = mmap(NULL, PAGE_SIZE * 10, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
> if (start_addr == MAP_FAILED) {
> printf("Can't mal a new region");
> return 1;
> }
> printf("start_addr %lx\n", start_addr);
> munmap(start_addr, PAGE_SIZE * 10);
>
> fake_grow_down = mmap(start_addr + PAGE_SIZE * 5, PAGE_SIZE,
> PROT_READ | PROT_WRITE,
> MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED | MAP_GROWSDOWN, -1, 0);
> if (fake_grow_down == MAP_FAILED) {
> printf("Can't mal a new region");
> return 1;
> }
> printf("start_addr %lx\n", fake_grow_down);
>
> p = fake_grow_down;
> *p-- = 'c';
I guess this works? I mean, *p-- = 'c' should not fail...
> *p = 'b';
OK, now we need to expand the stack. This can fail or not. This depends on
whether this vma (created by mmap(MAP_GROWSDOWN) has a stack_guard_gap hole
between its ->vm_prev.
> function get dropped off. Hugh, it is done on intent and
> userspace programs have to extend stack manually?
No. a MAP_GROWSDOWN area should grow automatically. Unless the hole between
vm_prev becomes less than stack_guard_gap.
This is the whole point of guard hole, or guard page we had before. Just the
previous implementation was not accurate, that is why criu had to have some
hacks to workaround.
It no longer needs to know about guard hole/page/whatever. Just remove
(conditionalize) all the MAP_GROWSDOWN code. Except, of course, you still
need to record MAP_GROWSDOWN in vma_area->e->flags (_vmflag_match), in order
to restore this vma correctly.
Oleg.
Powered by blists - more mailing lists