Re: [PATCH] mm/shmem.c: Add new seal to memfd: F_SEAL_WRITE_NONCREATOR

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 17 Apr 2015 12:48:44 +0200
David Herrmann <dh.herrmann@xxxxxxxxx> wrote:

> Where's the problem? Just pass the read-only file-descriptor to your
> peers and make sure the access-mode of the memfd is 0600. No other
> user will be able to gain a writable file-descriptor, but you.

I see what you mean now, This does make sense. I started writing a test
and it seems like the write on a duplicated O_RDONLY fd  does not fail
properly,  and is causing a general protection error.  Here is the output
and test code:


memfd: a dup test
expected EPERM on write(), but got 4: Operation not permitted
back in main thread
[    8.563759] traps: memfd_test[548] general protection ip:b75b638c sp:bffdbbe0 error:0 in libc-2.20.so[b7589000+1ae000]
bash-4.3# 

note that the return value 4 indicates successful write.



static void test_dup()
{
	pid_t pid;
	int status;
	int fd_seal;
	int fd_rdonly = 99;

	fd_seal = mfd_assert_new("kern_memfd_seal_write",
					MFD_DEF_SIZE,
					MFD_CLOEXEC | MFD_ALLOW_SEALING);

	fd_rdonly = dup3(fd_seal, fd_rdonly, O_RDONLY);
	mfd_assert_add_seals(fd_seal, F_SEAL_SEAL);
	if (fd_rdonly != 99) {
		printf("dup3 error: %m\n");
		abort();
	}

	pid = fork();
	if (pid == 0)
	{
		int fd_peer = 97;
		
		/*mfd_fail_write(fd_seal);*/
		/* this does not fail properly? */
		mfd_fail_write(fd_rdonly);
		
		/* this will fail with, invalid argument */
		/*fd_peer = dup3(fd_rdonly, fd_peer, O_RDWR);
		if (fd_peer == -1) {
			printf("dup3 error: %m\n");
			abort();
		}
		mfd_fail_write(fd_peer);*/
		printf("exiting normally\n");
		exit(0);
	}

	usleep(100000);
	printf("back in main thread\n");
	mfd_assert_write(fd_seal);
	/*mfd_fail_write(fd_rdonly);*/
	usleep(1000000);
	
	/* this seems to trigger general protection crash */
	pid = waitpid(pid, &status, 0);
	if (!WIFEXITED(status))
		abort();
}


I don't have time right now to dig deep into this, but will look into it more
in the next few days,  and report back.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]