From: Dave Jones <davej@redhat.com>
To: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
linux-mm@kvack.org,
Linus Torvalds <torvalds@linux-foundation.org>,
zohar@linux.vnet.ibm.com
Subject: Re: ima_mmap_file returning 0 to userspace as mmap result.
Date: Thu, 5 Jun 2014 11:56:58 -0400 [thread overview]
Message-ID: <20140605155658.GA22673@redhat.com> (raw)
In-Reply-To: <538FF4C4.5090300@gmail.com>
On Thu, Jun 05, 2014 at 06:40:36AM +0200, Michael Kerrisk (man-pages) wrote:
> On 06/05/2014 01:31 AM, Dave Jones wrote:
> > I just noticed that trinity was freaking out in places when mmap was
> > returning zero. This surprised me, because I had the mmap_min_addr
> > sysctl set to 64k, so it wasn't a MAP_FIXED mapping that did it.
> >
> > There's no mention of this return value in the man page, so I dug
> > into the kernel code, and it appears that we do..
> >
> > sys_mmap
> > vm_mmap_pgoff
> > security_mmap_file
> > ima_file_mmap <- returns 0 if not PROT_EXEC
> >
> > and then the 0 gets propagated up as a retval all the way to userspace.
> >
> > It smells to me like we might be violating a standard or two here, and
> > instead of 0 ima should be returning -Esomething
> >
> > thoughts?
>
> Seems like either EACCESS or ENOTSUP is appropriate; here's the pieces
> from POSIX:
>
> EACCES The fildes argument is not open for read, regardless of
> the protection specified, or fildes is not open for
> write and PROT_WRITE was specified for a MAP_SHARED type
> mapping.
>
> ENOTSUP
> The implementation does not support the combination
> of accesses requested in the prot argument.
>
> ENOTSUP seems to be more appropriate in my reading of the above, though
> I'd somehow more have expected EACCES.
I just realised that this affects even kernels with CONFIG_IMA unset,
because there we just do 'return 0' unconditionally.
Also, it appears that kernels with CONFIG_SECURITY unset will also
return a zero for the same reason.
This is kind of a mess, and has been that way for a long time.
Fixing this will require user-visible breakage, but in this case
I think it's justified as there's no way an app can do the right thing
if it gets a 0 back. Linus ?
Dave
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Dave Jones <davej@redhat.com>
To: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
linux-mm@kvack.org,
Linus Torvalds <torvalds@linux-foundation.org>,
zohar@linux.vnet.ibm.com
Subject: Re: ima_mmap_file returning 0 to userspace as mmap result.
Date: Thu, 5 Jun 2014 11:56:58 -0400 [thread overview]
Message-ID: <20140605155658.GA22673@redhat.com> (raw)
In-Reply-To: <538FF4C4.5090300@gmail.com>
On Thu, Jun 05, 2014 at 06:40:36AM +0200, Michael Kerrisk (man-pages) wrote:
> On 06/05/2014 01:31 AM, Dave Jones wrote:
> > I just noticed that trinity was freaking out in places when mmap was
> > returning zero. This surprised me, because I had the mmap_min_addr
> > sysctl set to 64k, so it wasn't a MAP_FIXED mapping that did it.
> >
> > There's no mention of this return value in the man page, so I dug
> > into the kernel code, and it appears that we do..
> >
> > sys_mmap
> > vm_mmap_pgoff
> > security_mmap_file
> > ima_file_mmap <- returns 0 if not PROT_EXEC
> >
> > and then the 0 gets propagated up as a retval all the way to userspace.
> >
> > It smells to me like we might be violating a standard or two here, and
> > instead of 0 ima should be returning -Esomething
> >
> > thoughts?
>
> Seems like either EACCESS or ENOTSUP is appropriate; here's the pieces
> from POSIX:
>
> EACCES The fildes argument is not open for read, regardless of
> the protection specified, or fildes is not open for
> write and PROT_WRITE was specified for a MAP_SHARED type
> mapping.
>
> ENOTSUP
> The implementation does not support the combination
> of accesses requested in the prot argument.
>
> ENOTSUP seems to be more appropriate in my reading of the above, though
> I'd somehow more have expected EACCES.
I just realised that this affects even kernels with CONFIG_IMA unset,
because there we just do 'return 0' unconditionally.
Also, it appears that kernels with CONFIG_SECURITY unset will also
return a zero for the same reason.
This is kind of a mess, and has been that way for a long time.
Fixing this will require user-visible breakage, but in this case
I think it's justified as there's no way an app can do the right thing
if it gets a 0 back. Linus ?
Dave
next prev parent reply other threads:[~2014-06-05 15:57 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-04 23:31 ima_mmap_file returning 0 to userspace as mmap result Dave Jones
2014-06-04 23:31 ` Dave Jones
2014-06-05 4:40 ` Michael Kerrisk (man-pages)
2014-06-05 4:40 ` Michael Kerrisk (man-pages)
2014-06-05 15:56 ` Dave Jones [this message]
2014-06-05 15:56 ` Dave Jones
2014-06-05 16:20 ` Dave Jones
2014-06-05 16:20 ` Dave Jones
2014-06-06 1:49 ` Mimi Zohar
2014-06-06 1:49 ` Mimi Zohar
2014-06-06 1:56 ` Dave Jones
2014-06-06 1:56 ` Dave Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140605155658.GA22673@redhat.com \
--to=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mtk.manpages@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.