[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Libunwind-devel] Crash in libunwind 0.99 on x86_64
|
From: |
Konstantin Belousov |
|
Subject: |
Re: [Libunwind-devel] Crash in libunwind 0.99 on x86_64 |
|
Date: |
Wed, 21 Apr 2010 19:50:02 +0300 |
|
User-agent: |
Mutt/1.4.2.3i |
On Wed, Apr 21, 2010 at 09:34:07AM -0700, Arun Sharma wrote:
> On Wed, Apr 21, 2010 at 5:44 AM, Konstantin Belousov <address@hidden>wrote:
>
> >
> > I think that access validation currently done by msync(2) is not enough
> > for rare case of unaligned access at the end of the page with next page
> > unmapped.
> >
> > Also, mincore(2) looks like as a better way to test the presence of a
> > mapping at some address. I use the patch below.
> >
> >
> The reason why I picked msync instead of mincore had to do with minor
> faults. If the address can be accessed with a minor fault, mincore returns
> false and we end up doing validation that was not strictly necessary.
>
> The linux kernel implementation of mincore() involves:
>
> /* ..and we need to be passed a valid user-space range */
> if (!access_ok(VERIFY_READ, (void __user *) start, len))
> return -ENOMEM;
>
> In the ideal world, what validate_mem() wants is the
> access_ok(VERIFY_READ,..) syscall.
>
> Perhaps we can ignore the output value (mvec) and just test for errno ==
> ENOMEM. Wait, that's what your patch is doing (mostly) :)
>
> Another corner case we need to test: check if the technique works for
> PROT_NONE regions (msync says its ok to access when in fact it isn't safe).
It cannot be easily checked this way, as well as mappings with only
PROT_EXECUTE permission (not an x86* issue, but if this method is ever
extended to other arches).
pgpDOBJ5iPxFq.pgp
Description: PGP signature