From: Cyrill Gorcunov <gorcunov@openvz.org>
To: Kees Cook <keescook@chromium.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Tejun Heo <tj@kernel.org>,
Serge Hallyn <serge.hallyn@canonical.com>,
Pavel Emelyanov <xemul@parallels.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Subject: Re: [PATCH c/r -mm] c/r: prctl: Simplify PR_SET_MM on mm::code/data assignment
Date: Tue, 17 Apr 2012 23:19:16 +0400 [thread overview]
Message-ID: <20120417191916.GQ1906@moon> (raw)
In-Reply-To: <CAGXu5jKnfOsXGTx8QbKCCH9C9c+szFwi5oA1R99pjCue9kfpWg@mail.gmail.com>
On Tue, Apr 17, 2012 at 11:22:06AM -0700, Kees Cook wrote:
> On Mon, Apr 16, 2012 at 3:55 PM, Cyrill Gorcunov <gorcunov@openvz.org> wrote:
> > The mm::start_code, end_code, start_data, end_data members
> > are set during startup of executable file and are not changed
> > after.
> >
> > But the program itself might map new executable or/and data areas in
> > time so the original values written into mm fields mentioned above
> > might not have correspond VMA area at all, thus if one try to
> > use this prctl codes without underlied VMA, the error will be
> > returned.
> >
> > Drop this requirement. This shrinks the code and eliminates
> > redundant calls to vma_flags_mismatch. The worst thing one can
> > do (if say to write some bad values here) -- the weird results
> > will be shown in /proc/$pid/statm or in /proc/pid/stat.
> >
> > Still, assignement of data on stack (such as command line and
> > environment variables) requires the underlied VMA to exist.
> >
> > Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
>
> Since this is CAP_SYS_RESOURCE, and mmap_min_addr is CAP_SYS_RAWIO,
> how about a lower-bounds check against mmap_min_addr? (We're already
> doing the TASK_SIZE upper check, so this additional sanity checking
> seems reasonable to me.)
I think this is good idea, thanks Kees. I'll check it out.
Cyrill
next prev parent reply other threads:[~2012-04-17 19:19 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-16 22:55 [PATCH c/r -mm] c/r: prctl: Simplify PR_SET_MM on mm::code/data assignment Cyrill Gorcunov
2012-04-17 16:26 ` Kees Cook
2012-04-17 16:28 ` Cyrill Gorcunov
2012-04-17 16:32 ` Pavel Emelyanov
2012-04-17 16:48 ` Cyrill Gorcunov
2012-04-17 18:22 ` Kees Cook
2012-04-17 19:19 ` Cyrill Gorcunov [this message]
2012-04-17 19:49 ` Cyrill Gorcunov
2012-04-17 19:53 ` Kees Cook
2012-04-20 14:12 ` Serge Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120417191916.GQ1906@moon \
--to=gorcunov@openvz.org \
--cc=akpm@linux-foundation.org \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=serge.hallyn@canonical.com \
--cc=tj@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.