Re: MT_HIGH_VECTOR mapping set read-only creating illegal access

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michael Bohan <mbohan@codeaurora.org>
To: Nicolas Pitre <nico@fluxnic.net>
Cc: Russell King - ARM Linux <linux@arm.linux.org.uk>,
	linux-arm-msm@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org
Subject: Re: MT_HIGH_VECTOR mapping set read-only creating illegal access
Date: Tue, 19 Apr 2011 18:44:46 -0700	[thread overview]
Message-ID: <4DAE3A8E.1000903@codeaurora.org> (raw)
In-Reply-To: <alpine.LFD.2.00.1104191956290.24613@xanadu.home>

On 4/19/2011 5:21 PM, Nicolas Pitre wrote:
> Are you saying that your user space libc was reading at 0xffff0ff0
> directly?  I hope not, because if you did so, you clearly abused the
> interface and the contract between user space and the kernel.  Here's
> what I wrote in the comment right above the related code:
>
>   * These are segment of kernel provided user code reachable from user space
>   * at a fixed address in kernel memory.  This is used to provide user space
>   * with some operations which require kernel help because of unimplemented
>   * native feature and/or instructions in many ARM CPUs. The idea is for
>   * this code to be executed directly in user mode for best efficiency but
>   * which is too intimate with the kernel counter part to be left to user
>   * libraries.  In fact this code might even differ from one CPU to another
>   * depending on the available  instruction set and restrictions like on
>   * SMP systems.  In other words, the kernel reserves the right to change
>   * this code as needed without warning. Only the entry points and their
>   * results are guaranteed to be stable.
>
> This has been there since April 29th 2005 i.e. 6 years ago.

Yes, unfortunately Android appears to do this as an 'optimization' in 
the case of dynamically linked execs. That is, it skips the helper code 
all together.

Mike

-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum

WARNING: multiple messages have this Message-ID (diff)

From: mbohan@codeaurora.org (Michael Bohan)
To: linux-arm-kernel@lists.infradead.org
Subject: MT_HIGH_VECTOR mapping set read-only creating illegal access
Date: Tue, 19 Apr 2011 18:44:46 -0700	[thread overview]
Message-ID: <4DAE3A8E.1000903@codeaurora.org> (raw)
In-Reply-To: <alpine.LFD.2.00.1104191956290.24613@xanadu.home>

On 4/19/2011 5:21 PM, Nicolas Pitre wrote:
> Are you saying that your user space libc was reading at 0xffff0ff0
> directly?  I hope not, because if you did so, you clearly abused the
> interface and the contract between user space and the kernel.  Here's
> what I wrote in the comment right above the related code:
>
>   * These are segment of kernel provided user code reachable from user space
>   * at a fixed address in kernel memory.  This is used to provide user space
>   * with some operations which require kernel help because of unimplemented
>   * native feature and/or instructions in many ARM CPUs. The idea is for
>   * this code to be executed directly in user mode for best efficiency but
>   * which is too intimate with the kernel counter part to be left to user
>   * libraries.  In fact this code might even differ from one CPU to another
>   * depending on the available  instruction set and restrictions like on
>   * SMP systems.  In other words, the kernel reserves the right to change
>   * this code as needed without warning. Only the entry points and their
>   * results are guaranteed to be stable.
>
> This has been there since April 29th 2005 i.e. 6 years ago.

Yes, unfortunately Android appears to do this as an 'optimization' in 
the case of dynamically linked execs. That is, it skips the helper code 
all together.

Mike

-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum

next prev parent reply	other threads:[~2011-04-20  1:44 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-04-13  0:42 MT_HIGH_VECTOR mapping set read-only creating illegal access Michael Bohan
2011-04-13  0:42 ` Michael Bohan
2011-04-13  3:31 ` Nicolas Pitre
2011-04-13  3:31   ` Nicolas Pitre
2011-04-19 22:34   ` Michael Bohan
2011-04-19 22:34     ` Michael Bohan
2011-04-20  0:21     ` Nicolas Pitre
2011-04-20  0:21       ` Nicolas Pitre
2011-04-20  1:44       ` Michael Bohan [this message]
2011-04-20  1:44         ` Michael Bohan
2011-04-20  3:01         ` Nicolas Pitre
2011-04-20  3:01           ` Nicolas Pitre
2011-04-20  3:26           ` Colin Cross
2011-04-20  3:26             ` Colin Cross
2011-04-13  7:26 ` Russell King - ARM Linux
2011-04-13  7:26   ` Russell King - ARM Linux

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DAE3A8E.1000903@codeaurora.org \
    --to=mbohan@codeaurora.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-arm-msm@vger.kernel.org \
    --cc=linux@arm.linux.org.uk \
    --cc=nico@fluxnic.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.