Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning

On Thu, 1 Nov 2007, Nick Piggin wrote:

> On Wed, Oct 31, 2007 at 04:08:21PM -0700, Linus Torvalds wrote:
> > 
> > We made much bigger changes to ptrace support when we disallowed writing 
> > to read-only shared memory areas (we used to do the magic per-page COW 
> > thing).
> 
> Really? No, we still do that magic COW thing which creates anonymous
> pages in MAP_SHARED vmas, don't we?

No, we don't. I'm pretty sure. It didn't work with the VM cleanups, since 
the MAP_SHARED vma's won't be on the anonymous list any more, and cannot 
be swapped out.

So now, if you try to write to a read-only shared page through ptrace, 
you'll get "Unable to access".

Of course, I didn't really look closely, so maybe I just don't remember 
things right..

> > access_vm_pages() (things like core-dumping comes to mind - although I 
> > think we don't dump pure file mappings at all, do we?) it would certainly 
> > be good to run any such tests on the current -git tree...
> 
> We do for MAP_SHARED|MAP_ANONYMOUS, by the looks.

Well, as we should. There's no way for a debugger to get those pages back. 
So that all looks sane.

> -			vm_flags |= VM_SHARED | VM_MAYSHARE;
> -			if (!(file->f_mode & FMODE_WRITE))
> -				vm_flags &= ~(VM_MAYWRITE | VM_SHARED);
> +			vm_flags |= VM_MAYSHARE;
> +			if (file->f_mode & FMODE_WRITE)
> +				vm_flags |= VM_SHARED;
> +			if (!(vm_flags & VM_WRITE))
> +				vm_flags &= ~VM_MAYWRITE;

This looks totally bogus. What was the intent of this patch?

The VM_MAYWRITE flag is *not* supposed to track the VM_WRITE flag: that 
would defeat the whole purpose of it! The whole point of that flag is to 
say whether mprotect() could turn it into a VM_WRITE mapping, and it 
depends on the file mode, not VM_WRITE!

>  			vm_flags |= VM_SHARED | VM_MAYSHARE;
> +			if (!(vm_flags & VM_WRITE))
> +				vm_flags &= ~VM_MAYWRITE;

More apparent bogosities.

		Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
  - From: Nick Piggin <[email protected]>

References:
- 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
  - From: "Duane Griffin" <[email protected]>
- Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
  - From: Nick Piggin <[email protected]>
- Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
  - From: Linus Torvalds <[email protected]>
- Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
  - From: Nick Piggin <[email protected]>
- Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
  - From: Linus Torvalds <[email protected]>
- Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
  - From: Nick Piggin <[email protected]>
- Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
  - From: Linus Torvalds <[email protected]>
- Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
  - From: Nick Piggin <[email protected]>

Prev by Date: Re: [PATCH 2/2] Char: tty, add tty_schedule_wakeup
Next by Date: Re: [patch] PID namespace design bug, workaround
Previous by thread: Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
Next by thread: Re: 2.6.23 regression: accessing invalid mmap'ed memory from gdb causes unkillable spinning
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]