On 8/20/20 2:40 PM, Cyrill Gorcunov wrote: > On Wed, Aug 19, 2020 at 07:46:50PM +0530, Sumit Semwal wrote: > ... >> Userspace can set the name for a region of memory by calling >> prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, start, len, (unsigned long)name); >> Setting the name to NULL clears it. >> >> The name is stored in a user pointer in the shared union in vm_area_struct >> that points to a null terminated string inside the user process. vmas >> that point to the same address and are otherwise mergeable will be merged, >> but vmas that point to equivalent strings at different addresses will not >> be merged. > ... > > Guys, could you please enlighen me, I don't understand -- we pass some > random user-space pointer and save it in vm_area_struct then in procfs > we treat it as "string" and print out? What prevents me to put some crap > here then unmap this pointer the kernel will cause page fault in procfs > output (in best scenario)? Remember, this is virtually identical to what we do for /proc/$pid/cmdline in get_mm_cmdline(). The kernel goes following a user-provided pointer into the user address space looking for a string. If userspace points it to garbage, access_remote_vm() will fail safely.
