Message-ID: <4048C6B7.7080202@BitWagon.com>
Date: Fri, 05 Mar 2004 10:28:07 -0800
From: John Reiser <jreiser@BitWagon.com>
Organization: -
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225
MIME-Version: 1.0
To: mike@navi.cx
CC: linux-kernel@vger.kernel.org
Subject: Re: Potential bug in fs/binfmt_elf.c?
References: <1078508281.3065.33.camel@linux.littlegreen>
In-Reply-To: <1078508281.3065.33.camel@linux.littlegreen>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1040
Lines: 21

> When mapping a nobits PT_LOAD segment with a memsize > filesize, the
> kernel calls set_brk (which in turns calls do_brk) to map and clear the
> area, but this discards access permissons on the mapping leading to rwx
> protection. This causes a load failure on systems where the VM cannot
> reserve swap space for the segment, unless overcommit is active (on many
> systems it's not on by default).
[snip]

I believe that's not the only problem with binfmt_elf.  If the total address
space described by the PT_LOADs is not exactly one contiguous interval, then
2.6.3 binfmt_elf fills in the gaps with 'prw.' of zero-filled pages, instead
of the intended "holes" with no mapping at all between isolated PT_LOADs.
One example is  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=115913

-- 

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/