Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp872323pxu; Wed, 16 Dec 2020 17:32:48 -0800 (PST) X-Google-Smtp-Source: ABdhPJzNAcm6ufyoGNA82VXcFH3F73SobTChNPGRy97mhA3MgRAtYvxfoOoXOz8Y1XXwWR/HYxxX X-Received: by 2002:aa7:cb49:: with SMTP id w9mr37666674edt.357.1608168768475; Wed, 16 Dec 2020 17:32:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608168768; cv=none; d=google.com; s=arc-20160816; b=b5sty2cO54k7O5G1z3Xpa6SJmewq8PFGPRoOJk6jR4lSOFFlpJt4qGH2O0zu553AbZ xLuIJwIV43LAyvYptqAfjrY7H1Oqyz9hs6fXu+tfDzJuQqqEP9FwZmPZBZFfTebpP88I nN+IPYyx2SWYQBqQoh9pYF7Y8GmPiex1I5Gf+rC74j4gHA5yReuT3R7JFyBY18r1tHzf RJqOix94FirU2zQ4SK1flHR/r6gv4dqtBpTeC0MFZG2c6yW8QwV0XRO5crmhdt5yVrcg 2k9L/L0D2BDfRzAWUKuwPt3Ru9/hIZ9dT6HOGb9gyXzWnns/pCe6D/Muiit3pM8B6LOE Wrog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:mime-version :dkim-signature; bh=6dQwp+n3JOcX+nLXSXjNOHWl3D3cLU9xBCqYgREOWb4=; b=AWOMPRcSc6zYys9Qm6erD+WD1tiayDmMyYTy6DpYwsIUDgDuQilPwhHRqcnzif2imw p5XdIyeU62grYuL7xmDtb1WywZDVgGIPz9miAdcd2TMi785/ywhTQsiDJ7T+BZva/pAy YYkVpziPCrpScHi16DrP3jDFHSgF80dg28rIHcWa26beLvhArWodDYW8A1Q7kIh+//yO qM8JNI4QwrygK+dUC0xebC1YGL+qejXnlisz6Dw6sXmIFP4dXOQdw7B+vaEUd08WcaB6 +zF65IXRlncZFf00ynuwi3CTL363VMQ/e9lFCTtPmNG/X7TSlCK2qd5MhnJpjlEPxPkE q8Iw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@juliacomputing.com header.s=google header.b="ZX4EJ9/O"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y17si3658392edm.386.2020.12.16.17.32.26; Wed, 16 Dec 2020 17:32:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@juliacomputing.com header.s=google header.b="ZX4EJ9/O"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727857AbgLQBar (ORCPT + 99 others); Wed, 16 Dec 2020 20:30:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725988AbgLQBar (ORCPT ); Wed, 16 Dec 2020 20:30:47 -0500 Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E195AC061794 for ; Wed, 16 Dec 2020 17:30:06 -0800 (PST) Received: by mail-io1-xd29.google.com with SMTP id z136so25953589iof.3 for ; Wed, 16 Dec 2020 17:30:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juliacomputing.com; s=google; h=mime-version:from:date:message-id:subject:to:cc; bh=6dQwp+n3JOcX+nLXSXjNOHWl3D3cLU9xBCqYgREOWb4=; b=ZX4EJ9/Ocdmd7IhRX8jQhFjf4hMjSTgDjilQnqsmpoL5ZCjlyMETnIPYGCPnXiwIRb s5VqKC6wxrGqjF1GCxt3JXOr7nraDXdOwD0OcslGBbELo8wseFfXvzzRDIKLgSJnjh9A NLole1g3xWlD7ufoyVvZvnzzv8kKPDVTLJOpADdT9m3NTzUlKX5lcyutlFFDB37/GZ83 vudjC/fPf5pEo/tspUAIcB4nJ3uTYgjVswkiS30xDBDBhDPOCTLSolFVrJQ3ejZYbU2e h50z5l3GzomgjwVBOvrX/Gkcny7wDysKiIbNvmSqZdRWzp0eixWr+Dfouo5qGvTHW4kt kAHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=6dQwp+n3JOcX+nLXSXjNOHWl3D3cLU9xBCqYgREOWb4=; b=CgPNJ5Zpb2Nj/ixOMAo4ZB43md7yjY7I5dCVrf1o605SbxxmZfQqYYcbxhwn1rdPst ZvpWSWv3oGbUBgtrXD4olFvl5eFaxcdXe2A8JyNSOXwOw2SEoctVF1ikKP7Z7eeq4OQS kuJOA8lZ8STqHZ3kxXx16+pHrzozoNvH9Xjg9zfTZHAdmXSkS74cdhMRvix/5vHvriqF btLH9RsxAx0jxFkv+MIFec0B24lqxsMqxGJkRjl6RZNgS+No8sjvzBFT2pH2a9e189dX u8v++t1XRnB0s/6K+D2I53ywvBY+eg7FgAhuUKqnP7kSMAJBdrggqgmGU0t2SiLVZzXM bC7g== X-Gm-Message-State: AOAM533GP0vChtCh4PdQkrNUpXhUZ63kn5NQfOTVoErTAESX02zuRlvN ETudJ27cxaT9C/45QVjMUl/4Ck8z2WW29fVyX6brszGVhd4oBQ== X-Received: by 2002:a5e:d70e:: with SMTP id v14mr44715814iom.75.1608168606099; Wed, 16 Dec 2020 17:30:06 -0800 (PST) MIME-Version: 1.0 From: Keno Fischer Date: Wed, 16 Dec 2020 20:29:30 -0500 Message-ID: Subject: brk checks in PR_SET_MM code To: Linux Kernel Mailing List Cc: gorcunov@openvz.org, Andrew Morton , mkoutny@suse.com, ktkhai@virtuozzo.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi all, The code in prctl(PR_SET_MM, ...) performs a number of sanity checks, among them ``` /* * @brk should be after @end_data in traditional maps. */ if (prctl_map->start_brk <= prctl_map->end_data || prctl_map->brk <= prctl_map->end_data) goto out; ``` The original commit that introduces this check (f606b77f1a9e362451aca8f81d8f36a3a112139e) says: ``` 4) As in regular Elf loading procedure we require that @start_brk and @brk be greater than @end_data. ``` However, it does not appear that this invariant is actually enforced during regular ELF loading. In particular, at least on my linux distribution, it does not appear to be satisfied when invoking the dynamic linker directly. For example, consider the following test application: ``` #include #include #include int main(void) { int err = prctl(PR_SET_MM, PR_SET_MM_BRK, sbrk(0), 0, 0); assert(err == 0); return 0; } ``` ``` $ su # ./a.out # /lib64/ld-linux-x86-64.so.2 ./a.out a.out: test.c:7: main: Assertion `err == 0' failed. Aborted ``` I don't understand this code well enough to know what the intended behavior is, but unfortunately this causes some processes to be non-restorable using the PR_SET_MM mechanism, which defeats the whole purpose of that API. Could somebody clarify whether this situation is indeed supposed to be impossible and if not whether said checks in PR_SET_MM are actually supposed to be there? I suppose this is also technically a regression when the old PR_SET_MM commands were refactored to use this new validation. Previously only the commands that changed the brk validated this invariant, but these days it tries to validate the entire structure at once, so all the PR_SET_MM calls will fail in a process whose layout violates the sanity check. Thanks, Keno