From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Monjalon Subject: Re: [PATCH] eal: fix crash on mmap error in rte_eal_hugepage_attach() Date: Mon, 03 Oct 2016 16:06:49 +0200 Message-ID: <12194979.gyyuPCJTAZ@xps13> References: <1475059977-27370-1-git-send-email-maciej.czekaj@caviumnetworks.com> <6c2618d5-3f54-7c84-aa92-498461842f6a@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit Cc: dev@dpdk.org, Sergio Gonzalez Monroy , david.marchand@6wind.com To: maciej.czekaj@caviumnetworks.com Return-path: Received: from mail-wm0-f41.google.com (mail-wm0-f41.google.com [74.125.82.41]) by dpdk.org (Postfix) with ESMTP id A19C068D1 for ; Mon, 3 Oct 2016 16:06:51 +0200 (CEST) Received: by mail-wm0-f41.google.com with SMTP id b201so83777622wmb.0 for ; Mon, 03 Oct 2016 07:06:51 -0700 (PDT) In-Reply-To: <6c2618d5-3f54-7c84-aa92-498461842f6a@intel.com> List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 2016-10-03 14:04, Sergio Gonzalez Monroy: > On 28/09/2016 11:52, maciej.czekaj@caviumnetworks.com wrote: > > From: Maciej Czekaj > > > > In ASLR-enabled system, it is possible that selected > > virtual space is occupied by program segments. Therefore, > > error path should not blindly unmap all memmory segments > > but only those already mapped. > > > > Steps that lead to crash: > > 1. memeseg 0 in secondary process overlaps > > with libc.so > > 2. mmap of /dev/zero fails for virtual space of memseg 0 > > 3. munmap of memseg 0 leads to unmapping libc.so itself > > 4. app gets SIGSEGV after returning from syscall to libc > > > > Fixes: ea329d7f8e34 ("mem: fix leak after mapping failure") > > > > Signed-off-by: Maciej Czekaj > > --- > > lib/librte_eal/linuxapp/eal/eal_memory.c | 11 ++++++----- > > 1 file changed, 6 insertions(+), 5 deletions(-) > > Acked-by: Sergio Gonzalez Monroy Applied, thanks