From: Michael Tirado <mtirado418@gmail.com>
To: David Herrmann <dh.herrmann@gmail.com>
Cc: linux-mm@kvack.org
Subject: Re: [PATCH] mm/shmem.c: Add new seal to memfd: F_SEAL_WRITE_NONCREATOR
Date: Fri, 17 Apr 2015 18:45:12 -0400 [thread overview]
Message-ID: <20150417184512.67015809@yak.slack> (raw)
In-Reply-To: <CANq1E4RebX=feEtgpHa4v_C_PkKwDmDWG+jm98kUUj5yYV4ipg@mail.gmail.com>
On Fri, 17 Apr 2015 12:48:44 +0200
David Herrmann <dh.herrmann@gmail.com> wrote:
> Where's the problem? Just pass the read-only file-descriptor to your
> peers and make sure the access-mode of the memfd is 0600. No other
> user will be able to gain a writable file-descriptor, but you.
I see what you mean now, This does make sense. I started writing a test
and it seems like the write on a duplicated O_RDONLY fd does not fail
properly, and is causing a general protection error. Here is the output
and test code:
memfd: a dup test
expected EPERM on write(), but got 4: Operation not permitted
back in main thread
[ 8.563759] traps: memfd_test[548] general protection ip:b75b638c sp:bffdbbe0 error:0 in libc-2.20.so[b7589000+1ae000]
bash-4.3#
note that the return value 4 indicates successful write.
static void test_dup()
{
pid_t pid;
int status;
int fd_seal;
int fd_rdonly = 99;
fd_seal = mfd_assert_new("kern_memfd_seal_write",
MFD_DEF_SIZE,
MFD_CLOEXEC | MFD_ALLOW_SEALING);
fd_rdonly = dup3(fd_seal, fd_rdonly, O_RDONLY);
mfd_assert_add_seals(fd_seal, F_SEAL_SEAL);
if (fd_rdonly != 99) {
printf("dup3 error: %m\n");
abort();
}
pid = fork();
if (pid == 0)
{
int fd_peer = 97;
/*mfd_fail_write(fd_seal);*/
/* this does not fail properly? */
mfd_fail_write(fd_rdonly);
/* this will fail with, invalid argument */
/*fd_peer = dup3(fd_rdonly, fd_peer, O_RDWR);
if (fd_peer == -1) {
printf("dup3 error: %m\n");
abort();
}
mfd_fail_write(fd_peer);*/
printf("exiting normally\n");
exit(0);
}
usleep(100000);
printf("back in main thread\n");
mfd_assert_write(fd_seal);
/*mfd_fail_write(fd_rdonly);*/
usleep(1000000);
/* this seems to trigger general protection crash */
pid = waitpid(pid, &status, 0);
if (!WIFEXITED(status))
abort();
}
I don't have time right now to dig deep into this, but will look into it more
in the next few days, and report back.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2015-04-17 22:45 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-16 7:23 [PATCH] mm/shmem.c: Add new seal to memfd: F_SEAL_WRITE_NONCREATOR Michael Tirado
2015-04-16 8:14 ` Konstantin Khlebnikov
2015-04-16 12:01 ` David Herrmann
2015-04-17 4:28 ` Michael Tirado
2015-04-17 10:48 ` David Herrmann
2015-04-17 22:45 ` Michael Tirado [this message]
2015-04-18 12:13 ` David Herrmann
2015-04-17 4:18 ` Michael Tirado
2015-04-28 13:28 ` [PATCH] mm/shmem.c: Add new seal to memfd: F_SEAL_WRITE_PEER Michael Tirado
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150417184512.67015809@yak.slack \
--to=mtirado418@gmail.com \
--cc=dh.herrmann@gmail.com \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).