From: David Howells <dhowells@redhat.com>
To: Roland McGrath <roland@redhat.com>
Cc: bryan.wu@analog.com, Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH -mm] utrace: nommu fixup support utrace
Date: Fri, 09 Mar 2007 11:41:44 +0000 [thread overview]
Message-ID: <29185.1173440504@redhat.com> (raw)
In-Reply-To: <20070309073711.7105B180063@magilla.sf.frob.com>
Roland McGrath <roland@redhat.com> wrote:
> What I meant to suggest is that I would start from a safety point of view
> with get_user_pages/access_process_vm refusing to do force&&write to
> MAP_PRIVATE pages that are in fact being shared (ETXTBSY or something).
That's a good idea. The other possibility I've thought of is maintaining a
list of the changes made to such a region and deapplying them / reapplying
them as the processes get scheduled. That's probably fine as long as it's
just a few breakpoints and it's a single-CPU system.
But this is irrelevant as it doesn't address the sharing-prevention issue.
> (When it's not being shared, it should do whatever is necessary to make sure
> that page is known dirty and not hand it out for later mappings.)
NOMMU doesn't with pages at this level, but deals with regions of memory
instead. A mapping may be part of a page, a whole page, or several pages.
NOMMU private file mmap() allocates using kmalloc(), so if you allocate a
1-byte buffer, that's all you're guaranteed to get.
As it happens, when the code sees PT_PTRACED, the VMA is marked as being
unshareable by the simple expedient of turning off VM_MAYSHARE, meaning that it
neither shares with already existing mappings, nor will it be shareable by
mappings that have yet to be made - even within the same process.
> Then you can go about trying to make the safe (no sharing) case come about
> when you want it.
Which brings us back to the if-statement you objected to. Its presence is
still required so as to prevent sharing of the executable and loader, and this
seems a good a way to do it as any as far as I can see. Remember that it has
be controlled by something that can be set before the binfmt load_binary() op
runs.
David
prev parent reply other threads:[~2007-03-09 11:42 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-06 7:25 [PATCH -mm] utrace: nommu fixup support utrace Wu, Bryan
2007-03-06 9:37 ` David Howells
2007-03-06 9:49 ` Wu, Bryan
2007-03-07 3:42 ` Roland McGrath
2007-03-07 11:10 ` David Howells
2007-03-09 7:37 ` Roland McGrath
2007-03-09 11:41 ` David Howells [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=29185.1173440504@redhat.com \
--to=dhowells@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=bryan.wu@analog.com \
--cc=linux-kernel@vger.kernel.org \
--cc=roland@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.