linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: William Lee Irwin III <wli@holomorphy.com>
To: Alex Riesen <fork0@users.sourceforge.net>,
	Ulrich Drepper <drepper@redhat.com>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	Andrew Morton <akpm@osdl.org>, Jon Smirl <jonsmirl@yahoo.com>
Subject: Re: [PATCH] FIx 'noexec' behavior
Date: Sun, 7 Dec 2003 04:17:37 -0800	[thread overview]
Message-ID: <20031207121737.GX8039@holomorphy.com> (raw)
In-Reply-To: <20031207120634.GA1258@steel.home>

On Sun, Dec 07, 2003 at 01:06:34PM +0100, Alex Riesen wrote:
>  mozilla-bin   D 00000001     0  1225      1          1245  1393 (NOTLB)
>  eba79df4 00000082 c18dac80 00000001 00000003 5a5a5a5a 5a5a5a5a 5a5a5a5a 
>         5a5a5a5a 5a5a5a5a 5a5a5a5a 5a5a5a5a 5a5a5a5a 5a5a5a5a c18dac80 00008714 
>         65e68354 00000130 f6efd940 f689d4dc f6efd940 fffeffff eba79e14 c01bcd27 

Slab poison on the stack is likely from uninitialized stack variables.


On Sun, Dec 07, 2003 at 01:06:34PM +0100, Alex Riesen wrote:
>  Call Trace:
>   [rwsem_down_failed_common+157/342] rwsem_down_failed_common+0x9d/0x156
>   [<c01bcd27>] rwsem_down_failed_common+0x9d/0x156
>   [do_page_fault+0/1416] do_page_fault+0x0/0x588
>   [<c011d6b1>] do_page_fault+0x0/0x588
>   [rwsem_down_read_failed+41/50] rwsem_down_read_failed+0x29/0x32
>   [<c01bca95>] rwsem_down_read_failed+0x29/0x32
>   [.text.lock.fault+27/131] .text.lock.fault+0x1b/0x83
>   [<c011dc54>] .text.lock.fault+0x1b/0x83
>   [buffered_rmqueue+237/404] buffered_rmqueue+0xed/0x194
>   [<c01433c8>] buffered_rmqueue+0xed/0x194
>   [pte_chain_alloc+143/148] pte_chain_alloc+0x8f/0x94
>   [<c015480b>] pte_chain_alloc+0x8f/0x94
>   [__alloc_pages+167/818] __alloc_pages+0xa7/0x332
>   [<c0143516>] __alloc_pages+0xa7/0x332
>   [__get_free_pages+34/69] __get_free_pages+0x22/0x45
>   [<c01437c3>] __get_free_pages+0x22/0x45

This looks like mostly garbage from an attempt to handle a fault and
then blocking on mm->mmap_sem.


On Sun, Dec 07, 2003 at 01:06:34PM +0100, Alex Riesen wrote:
>   [do_page_fault+0/1416] do_page_fault+0x0/0x588
>   [<c011d6b1>] do_page_fault+0x0/0x588
>   [error_code+45/56] error_code+0x2d/0x38
>   [<c010aec1>] error_code+0x2d/0x38
>   [do_mmap_pgoff+83/1656] do_mmap_pgoff+0x53/0x678
>   [<c01511fc>] do_mmap_pgoff+0x53/0x678
>   [pipe_read+516/628] pipe_read+0x204/0x274
>   [<c016ac01>] pipe_read+0x204/0x274
>   [sys_mmap2+155/210] sys_mmap2+0x9b/0xd2
>   [<c01111a4>] sys_mmap2+0x9b/0xd2
>   [syscall_call+7/11] syscall_call+0x7/0xb
>   [<c010a437>] syscall_call+0x7/0xb

You took a fault in do_mmap_pgoff().


-- wli


===== mm/mmap.c 1.95 vs edited =====
--- 1.95/mm/mmap.c	Sat Dec  6 14:34:36 2003
+++ edited/mm/mmap.c	Sun Dec  7 04:17:04 2003
@@ -479,8 +479,10 @@
 		if (!file->f_op || !file->f_op->mmap)
 			return -ENODEV;
 
-		if ((prot & PROT_EXEC) && (file->f_vfsmnt->mnt_flags & MNT_NOEXEC))
-			return -EPERM;
+		if (file->f_vfsmnt && (prot & PROT_EXEC)) {
+			if (file->f_vfsmnt->mnt_flags & MNT_NOEXEC)
+				return -EPERM;
+		}
 	}
 
 	if (!len)
-- wli

  reply	other threads:[~2003-12-07 12:17 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-07 12:06 [PATCH] FIx 'noexec' behavior Alex Riesen
2003-12-07 12:17 ` William Lee Irwin III [this message]
  -- strict thread matches above, loose matches on Subject: below --
2003-12-07 13:39 Alex Riesen
2003-12-07 13:42 ` William Lee Irwin III
2003-12-07 16:19 ` Alex Riesen
     [not found] <20031206200322.86264.qmail@web14902.mail.yahoo.com>
2003-12-06 20:07 ` Ulrich Drepper
2003-12-06 19:18 Jon Smirl
2003-12-06 19:34 ` Ulrich Drepper
2003-12-06 19:57   ` OGAWA Hirofumi
2003-12-06 20:15     ` Jon Smirl
2003-12-06 17:27 Jon Smirl
2003-12-06 18:20 ` Ulrich Drepper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20031207121737.GX8039@holomorphy.com \
    --to=wli@holomorphy.com \
    --cc=akpm@osdl.org \
    --cc=drepper@redhat.com \
    --cc=fork0@users.sourceforge.net \
    --cc=jonsmirl@yahoo.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).