From: Cyrill Gorcunov <gorcunov@gmail.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Sasha Levin <sasha.levin@oracle.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Dave Jones <davej@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
Pavel Emelyanov <xemul@parallels.com>
Subject: Re: mm: NULL ptr deref handling mmaping of special mappings
Date: Thu, 15 May 2014 23:53:20 +0400 [thread overview]
Message-ID: <20140515195320.GR28328@moon> (raw)
In-Reply-To: <CALCETrWwWXEoNparvhx4yJB8YmiUBZCuR6yQxJOTjYKuA8AdqQ@mail.gmail.com>
On Thu, May 15, 2014 at 12:46:34PM -0700, Andy Lutomirski wrote:
> On Thu, May 15, 2014 at 1:45 AM, Cyrill Gorcunov <gorcunov@gmail.com> wrote:
> > On Wed, May 14, 2014 at 03:23:27PM -0700, Andy Lutomirski wrote:
> >> I can summarize:
> >>
> >> On 3.14 and before, the vdso is just a bunch of ELF headers and
> >> executable data. When executed by 64-bit binaries, it reads from the
> >> fixmap to do its thing. That is, it reads from kernel addresses that
> >> don't have vmas. When executed by 32-bit binaries, it doesn't read
> >> anything, since there was no 32-bit timing code.
> >>
> >> On 3.15, the x86_64 vdso is unchanged. The 32-bit vdso is preceded by
> >> a separate vma containing two pages worth of time-varying read-only
> >> data. The vdso reads those pages using PIC references.
> >
> > Andy, could you please point me where is the code which creates a second vma?
> > latest 3.15 master branch
>
> Search for _install_special_mapping in arch/x86/vdso. It's in a
> different place in 3.15-rc and -next.
As far as I see _install_special_mapping allocates one vma from cache and
vma->vm_start = addr;
vma->vm_end = addr + len;
so where is the second one?
>
> >
> > [root@fc ~]# cat /proc/self/maps
> > ...
> > 7fff57b6e000-7fff57b8f000 rw-p 00000000 00:00 0 [stack]
> > 7fff57bff000-7fff57c00000 r-xp 00000000 00:00 0 [vdso]
> > ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
> > [root@fc ~]#
> >
>
> What version and bitness is this?
x86-64, 3.15-rc5
>
> > Or you mean vsyscall area? If yes, then in criu we don't dump vsyscall zone.
> > On restore we don't touch vsyscall either but for vdso there are two cases
>
> vsyscalls are almost gone now :)
Good to know ;)
>
> >
> > - if there were no kernel change on vdso contents we simply use vdso provided
> > by the kernel at the moment of criu startup
> >
> > - if vdso has been changed and looks different from one saved in image during
> > checkpoint, we map it from image but then patch (push jmp instruction) so
> > when application calls for some of vdso function it jumps into vdso code
> > saved in image and then jumps into vdso mapped by the kernel (ie kind of
> > proxy calls) This force us to do own Elf parsing inside criu to calculate
> > proper offsets.
>
> Yuck :)
Yeah, I know, we simply had no choise.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Cyrill Gorcunov <gorcunov@gmail.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Sasha Levin <sasha.levin@oracle.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Dave Jones <davej@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
Pavel Emelyanov <xemul@parallels.com>
Subject: Re: mm: NULL ptr deref handling mmaping of special mappings
Date: Thu, 15 May 2014 23:53:20 +0400 [thread overview]
Message-ID: <20140515195320.GR28328@moon> (raw)
In-Reply-To: <CALCETrWwWXEoNparvhx4yJB8YmiUBZCuR6yQxJOTjYKuA8AdqQ@mail.gmail.com>
On Thu, May 15, 2014 at 12:46:34PM -0700, Andy Lutomirski wrote:
> On Thu, May 15, 2014 at 1:45 AM, Cyrill Gorcunov <gorcunov@gmail.com> wrote:
> > On Wed, May 14, 2014 at 03:23:27PM -0700, Andy Lutomirski wrote:
> >> I can summarize:
> >>
> >> On 3.14 and before, the vdso is just a bunch of ELF headers and
> >> executable data. When executed by 64-bit binaries, it reads from the
> >> fixmap to do its thing. That is, it reads from kernel addresses that
> >> don't have vmas. When executed by 32-bit binaries, it doesn't read
> >> anything, since there was no 32-bit timing code.
> >>
> >> On 3.15, the x86_64 vdso is unchanged. The 32-bit vdso is preceded by
> >> a separate vma containing two pages worth of time-varying read-only
> >> data. The vdso reads those pages using PIC references.
> >
> > Andy, could you please point me where is the code which creates a second vma?
> > latest 3.15 master branch
>
> Search for _install_special_mapping in arch/x86/vdso. It's in a
> different place in 3.15-rc and -next.
As far as I see _install_special_mapping allocates one vma from cache and
vma->vm_start = addr;
vma->vm_end = addr + len;
so where is the second one?
>
> >
> > [root@fc ~]# cat /proc/self/maps
> > ...
> > 7fff57b6e000-7fff57b8f000 rw-p 00000000 00:00 0 [stack]
> > 7fff57bff000-7fff57c00000 r-xp 00000000 00:00 0 [vdso]
> > ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
> > [root@fc ~]#
> >
>
> What version and bitness is this?
x86-64, 3.15-rc5
>
> > Or you mean vsyscall area? If yes, then in criu we don't dump vsyscall zone.
> > On restore we don't touch vsyscall either but for vdso there are two cases
>
> vsyscalls are almost gone now :)
Good to know ;)
>
> >
> > - if there were no kernel change on vdso contents we simply use vdso provided
> > by the kernel at the moment of criu startup
> >
> > - if vdso has been changed and looks different from one saved in image during
> > checkpoint, we map it from image but then patch (push jmp instruction) so
> > when application calls for some of vdso function it jumps into vdso code
> > saved in image and then jumps into vdso mapped by the kernel (ie kind of
> > proxy calls) This force us to do own Elf parsing inside criu to calculate
> > proper offsets.
>
> Yuck :)
Yeah, I know, we simply had no choise.
next prev parent reply other threads:[~2014-05-15 19:53 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-14 15:55 mm: NULL ptr deref handling mmaping of special mappings Sasha Levin
2014-05-14 15:55 ` Sasha Levin
2014-05-14 20:23 ` Andrew Morton
2014-05-14 20:23 ` Andrew Morton
2014-05-14 20:41 ` Sasha Levin
2014-05-14 20:41 ` Sasha Levin
2014-05-14 21:03 ` Andrew Morton
2014-05-14 21:03 ` Andrew Morton
2014-05-14 21:11 ` Sasha Levin
2014-05-14 21:11 ` Sasha Levin
2014-05-14 21:31 ` Andrew Morton
2014-05-14 21:31 ` Andrew Morton
2014-05-14 21:33 ` Andy Lutomirski
2014-05-14 21:33 ` Andy Lutomirski
2014-05-14 22:11 ` Cyrill Gorcunov
2014-05-14 22:11 ` Cyrill Gorcunov
2014-05-14 22:23 ` Andy Lutomirski
2014-05-14 22:23 ` Andy Lutomirski
2014-05-15 2:36 ` Pavel Emelyanov
2014-05-15 2:36 ` Pavel Emelyanov
2014-05-15 19:42 ` Andy Lutomirski
2014-05-15 19:42 ` Andy Lutomirski
2014-05-19 8:27 ` Pavel Emelyanov
2014-05-19 8:27 ` Pavel Emelyanov
2014-05-19 8:40 ` Cyrill Gorcunov
2014-05-19 8:40 ` Cyrill Gorcunov
2014-05-15 8:45 ` Cyrill Gorcunov
2014-05-15 8:45 ` Cyrill Gorcunov
2014-05-15 19:46 ` Andy Lutomirski
2014-05-15 19:46 ` Andy Lutomirski
2014-05-15 19:53 ` Cyrill Gorcunov [this message]
2014-05-15 19:53 ` Cyrill Gorcunov
2014-05-15 19:59 ` Andy Lutomirski
2014-05-15 19:59 ` Andy Lutomirski
2014-05-15 20:19 ` Cyrill Gorcunov
2014-05-15 20:19 ` Cyrill Gorcunov
2014-05-15 21:31 ` Cyrill Gorcunov
2014-05-15 21:31 ` Cyrill Gorcunov
2014-05-15 21:42 ` Andy Lutomirski
2014-05-15 21:42 ` Andy Lutomirski
2014-05-15 21:57 ` Cyrill Gorcunov
2014-05-15 21:57 ` Cyrill Gorcunov
2014-05-15 22:15 ` Andy Lutomirski
2014-05-15 22:15 ` Andy Lutomirski
2014-05-16 22:40 ` Andy Lutomirski
2014-05-16 22:40 ` Andy Lutomirski
2014-05-16 22:56 ` H. Peter Anvin
2014-05-16 22:56 ` H. Peter Anvin
2014-05-16 23:10 ` Andy Lutomirski
2014-05-17 6:15 ` Cyrill Gorcunov
2014-05-17 6:15 ` Cyrill Gorcunov
2014-05-14 22:51 ` Andy Lutomirski
2014-05-14 22:51 ` Andy Lutomirski
2014-05-14 21:26 ` Andy Lutomirski
2014-05-14 21:26 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140515195320.GR28328@moon \
--to=gorcunov@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@amacapital.net \
--cc=sasha.levin@oracle.com \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.