Hi
On Sat, Apr 18, 2015 at 12:45 AM, Michael Tirado <mtirado418@xxxxxxxxx> wrote:
> On Fri, 17 Apr 2015 12:48:44 +0200
> David Herrmann <dh.herrmann@xxxxxxxxx> wrote:
>
>> Where's the problem? Just pass the read-only file-descriptor to your
>> peers and make sure the access-mode of the memfd is 0600. No other
>> user will be able to gain a writable file-descriptor, but you.
>
> I see what you mean now, This does make sense. I started writing a test
> and it seems like the write on a duplicated O_RDONLY fd does not fail
> properly, and is causing a general protection error. Here is the output
> and test code:
>
>
> memfd: a dup test
> expected EPERM on write(), but got 4: Operation not permitted
> back in main thread
> [ 8.563759] traps: memfd_test[548] general protection ip:b75b638c sp:bffdbbe0 error:0 in libc-2.20.so[b7589000+1ae000]
> bash-4.3#
>
> note that the return value 4 indicates successful write.
>
>
>
> static void test_dup()
> {
> pid_t pid;
> int status;
> int fd_seal;
> int fd_rdonly = 99;
>
> fd_seal = mfd_assert_new("kern_memfd_seal_write",
> MFD_DEF_SIZE,
> MFD_CLOEXEC | MFD_ALLOW_SEALING);
>
> fd_rdonly = dup3(fd_seal, fd_rdonly, O_RDONLY);
> mfd_assert_add_seals(fd_seal, F_SEAL_SEAL);
> if (fd_rdonly != 99) {
> printf("dup3 error: %m\n");
> abort();
> }
You cannot use dup3() to change access-flags. See fcntl(2) for F_SETFL
(which is what dup3(2) basically does). You must create that new
file-descriptor via /proc. Instead, please use:
fd_rdonly = memfd_assert_open(fd_seal, O_RDONLY, 0);
Also, there is no reason to pass MFD_ALLOW_SEALING, nor do you need to
set F_SEAL_SEAL.
Thanks
David
>
> pid = fork();
> if (pid == 0)
> {
> int fd_peer = 97;
>
> /*mfd_fail_write(fd_seal);*/
> /* this does not fail properly? */
> mfd_fail_write(fd_rdonly);
>
> /* this will fail with, invalid argument */
> /*fd_peer = dup3(fd_rdonly, fd_peer, O_RDWR);
> if (fd_peer == -1) {
> printf("dup3 error: %m\n");
> abort();
> }
> mfd_fail_write(fd_peer);*/
> printf("exiting normally\n");
> exit(0);
> }
>
> usleep(100000);
> printf("back in main thread\n");
> mfd_assert_write(fd_seal);
> /*mfd_fail_write(fd_rdonly);*/
> usleep(1000000);
>
> /* this seems to trigger general protection crash */
> pid = waitpid(pid, &status, 0);
> if (!WIFEXITED(status))
> abort();
> }
>
>
> I don't have time right now to dig deep into this, but will look into it more
> in the next few days, and report back.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>