| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jul 2019 06:07:21 +0000
From: Song Liu <songliubraving@...com>
To: Oleg Nesterov <oleg@...hat.com>
CC: lkml <linux-kernel@...r.kernel.org>, Linux-MM <linux-mm@...ck.org>,
Andrew Morton <akpm@...ux-foundation.org>,
"matthew.wilcox@...cle.com" <matthew.wilcox@...cle.com>,
"kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
"peterz@...radead.org" <peterz@...radead.org>,
"rostedt@...dmis.org" <rostedt@...dmis.org>,
"Kernel Team" <Kernel-team@...com>,
"william.kucharski@...cle.com" <william.kucharski@...cle.com>
Subject: Re: [PATCH v8 2/4] uprobe: use original page when all uprobes are
removed
Hi Oleg,
>>
>> No. Yes, deny_write_access() protects mm->exe_file, but not the dynamic
>> libraries or other files which can be mmaped.
>
> I see. Let me see how we can cover this.
>
>>
>>>> and I am worried this code can try to lock the same page twice...
>>>> Say, the probed application does MADV_DONTNEED and then writes "int3"
>>>> into vma->vm_file at the same address to fool verify_opcode().
>>>>
>>>
>>> Do you mean the case where old_page == new_page?
>>
>> Yes,
>>
>>> I think this won't
>>> happen, because in uprobe_write_opcode() we only do orig_page for
>>> !is_register case.
>>
>> See above.
>>
>> !is_register doesn't necessarily mean the original page was previously cow'ed.
>> And even if it was cow'ed, MADV_DONTNEED can restore the original mapping.
>
> I guess I know the case now. We can probably avoid this with an simp.le
> check for old_page == new_page?
I decided to follow your suggestion of "unmap old_page; fault in orig_page".
Please see v9 of the set.
Thanks,
Song
Powered by blists - more mailing lists