lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Jun 2017 20:53:51 +0300 From: Cyrill Gorcunov <gorcunov@...il.com> To: Oleg Nesterov <oleg@...hat.com> Cc: Hugh Dickins <hughd@...gle.com>, Andrey Vagin <avagin@...nvz.org>, LKML <linux-kernel@...r.kernel.org>, Pavel Emelyanov <xemul@...tuozzo.com>, Dmitry Safonov <dsafonov@...tuozzo.com>, Andrew Morton <akpm@...uxfoundation.org>, Adrian Reber <areber@...hat.com> Subject: Re: [criu] 1M guard page ruined restore On Wed, Jun 21, 2017 at 07:15:45PM +0200, Oleg Nesterov wrote: > On 06/21, Oleg Nesterov wrote: > > > > On 06/21, Cyrill Gorcunov wrote: > > > > > > On Wed, Jun 21, 2017 at 05:57:30PM +0200, Oleg Nesterov wrote: > > > > > > > > > > p = fake_grow_down; > > > > > *p-- = 'c'; > > > > > > > > I guess this works? I mean, *p-- = 'c' should not fail... > > > > > > It fails. > > > > Hmm. Impossible ;) could you add the additional printf's to re-check? > > Yes, please... I meant of course second store, sorry for confusion :) > > > > p = fake_grow_down; > > > *p-- = 'c'; > > > > once again, I can't believe this STORE can fail... > > > > > *p = 'b'; > > > > Ah. I forgot about another kernel "feature" ;) not related to the recent guard > > page changes... > > On the second thought it is actually connected, and it seems we really need to > remove this code in do_page_fault... I'll re-check tomorrow, need to run away. > > > Could you test the patch below? > > > > Oleg. > > > > > > diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c > > index 8ad91a0..edc5d68 100644 > > --- a/arch/x86/mm/fault.c > > +++ b/arch/x86/mm/fault.c > > @@ -1416,7 +1416,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, > > * and pusha to work. ("enter $65535, $31" pushes > > * 32 pointers and then decrements %sp by 65535.) > > */ > > - if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) { > > +if (0) if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < regs->sp)) { > > bad_area(regs, error_code, address); > > return; > > } It does the trick [root@fc2 ~]# ~/st2 start_addr 7fce7c3f8000 start_addr 7fce7c529000 test_addr 7fce7c527000 grow_down 7fce7c526000 Cyrill
Powered by blists - more mailing lists