* [Bug 1875702] [NEW] madvise reports success, but doesn't implement WIPEONFORK.
@ 2020-04-28 17:22 agl
2020-04-30 14:04 ` [Bug 1875702] " Laurent Vivier
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: agl @ 2020-04-28 17:22 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
The implementation of madvise (linux-user/syscall.c:11331, tag
v5.0.0-rc4) always returns zero (i.e. success). However, an application
requesting (at least) MADV_WIPEONFORK may need to know whether the call
was actually successful. If not (because the kernel doesn't support
WIPEONFORK) then it will need to take other measures to provide fork-
safety (such as drawing entropy from the kernel in every case). But, if
the application believes that WIPEONFORK is supported (because madvise
returned zero), but it actually isn't (as in qemu), then it may forego
those protections on the assumption that WIPEONFORK will provide fork-
safety.
Roughly, the comment in qemu that says "This is a hint, so ignoring and
returning success is ok." is no longer accurate in the presence of
MADV_WIPEONFORK.
(This is not purely academic: BoringSSL is planning on acting in this
way. We found the qemu behaviour in pre-release testing and are planning
on making an madvise call with advice=-1 first to test whether unknown
advice values actually produce EINVAL.)
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1875702
Title:
madvise reports success, but doesn't implement WIPEONFORK.
Status in QEMU:
New
Bug description:
The implementation of madvise (linux-user/syscall.c:11331, tag
v5.0.0-rc4) always returns zero (i.e. success). However, an
application requesting (at least) MADV_WIPEONFORK may need to know
whether the call was actually successful. If not (because the kernel
doesn't support WIPEONFORK) then it will need to take other measures
to provide fork-safety (such as drawing entropy from the kernel in
every case). But, if the application believes that WIPEONFORK is
supported (because madvise returned zero), but it actually isn't (as
in qemu), then it may forego those protections on the assumption that
WIPEONFORK will provide fork-safety.
Roughly, the comment in qemu that says "This is a hint, so ignoring
and returning success is ok." is no longer accurate in the presence of
MADV_WIPEONFORK.
(This is not purely academic: BoringSSL is planning on acting in this
way. We found the qemu behaviour in pre-release testing and are
planning on making an madvise call with advice=-1 first to test
whether unknown advice values actually produce EINVAL.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1875702/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1875702] Re: madvise reports success, but doesn't implement WIPEONFORK.
2020-04-28 17:22 [Bug 1875702] [NEW] madvise reports success, but doesn't implement WIPEONFORK agl
@ 2020-04-30 14:04 ` Laurent Vivier
2021-05-06 13:33 ` Thomas Huth
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Laurent Vivier @ 2020-04-30 14:04 UTC (permalink / raw)
To: qemu-devel
** Changed in: qemu
Assignee: (unassigned) => Laurent Vivier (laurent-vivier)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1875702
Title:
madvise reports success, but doesn't implement WIPEONFORK.
Status in QEMU:
New
Bug description:
The implementation of madvise (linux-user/syscall.c:11331, tag
v5.0.0-rc4) always returns zero (i.e. success). However, an
application requesting (at least) MADV_WIPEONFORK may need to know
whether the call was actually successful. If not (because the kernel
doesn't support WIPEONFORK) then it will need to take other measures
to provide fork-safety (such as drawing entropy from the kernel in
every case). But, if the application believes that WIPEONFORK is
supported (because madvise returned zero), but it actually isn't (as
in qemu), then it may forego those protections on the assumption that
WIPEONFORK will provide fork-safety.
Roughly, the comment in qemu that says "This is a hint, so ignoring
and returning success is ok." is no longer accurate in the presence of
MADV_WIPEONFORK.
(This is not purely academic: BoringSSL is planning on acting in this
way. We found the qemu behaviour in pre-release testing and are
planning on making an madvise call with advice=-1 first to test
whether unknown advice values actually produce EINVAL.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1875702/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1875702] Re: madvise reports success, but doesn't implement WIPEONFORK.
2020-04-28 17:22 [Bug 1875702] [NEW] madvise reports success, but doesn't implement WIPEONFORK agl
2020-04-30 14:04 ` [Bug 1875702] " Laurent Vivier
@ 2021-05-06 13:33 ` Thomas Huth
2021-05-06 13:50 ` Peter Maydell
2021-05-18 23:45 ` Thomas Huth
3 siblings, 0 replies; 5+ messages in thread
From: Thomas Huth @ 2021-05-06 13:33 UTC (permalink / raw)
To: qemu-devel
The QEMU project is currently moving its bug tracking to another system.
For this we need to know which bugs are still valid and which could be
closed already. Thus we are setting older bugs to "Incomplete" now.
If you still think this bug report here is valid, then please switch
the state back to "New" within the next 60 days, otherwise this report
will be marked as "Expired". Or please mark it as "Fix Released" if
the problem has been solved with a newer version of QEMU already.
Thank you and sorry for the inconvenience.
** Changed in: qemu
Status: New => Incomplete
** Tags added: linux-user
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1875702
Title:
madvise reports success, but doesn't implement WIPEONFORK.
Status in QEMU:
Incomplete
Bug description:
The implementation of madvise (linux-user/syscall.c:11331, tag
v5.0.0-rc4) always returns zero (i.e. success). However, an
application requesting (at least) MADV_WIPEONFORK may need to know
whether the call was actually successful. If not (because the kernel
doesn't support WIPEONFORK) then it will need to take other measures
to provide fork-safety (such as drawing entropy from the kernel in
every case). But, if the application believes that WIPEONFORK is
supported (because madvise returned zero), but it actually isn't (as
in qemu), then it may forego those protections on the assumption that
WIPEONFORK will provide fork-safety.
Roughly, the comment in qemu that says "This is a hint, so ignoring
and returning success is ok." is no longer accurate in the presence of
MADV_WIPEONFORK.
(This is not purely academic: BoringSSL is planning on acting in this
way. We found the qemu behaviour in pre-release testing and are
planning on making an madvise call with advice=-1 first to test
whether unknown advice values actually produce EINVAL.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1875702/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1875702] Re: madvise reports success, but doesn't implement WIPEONFORK.
2020-04-28 17:22 [Bug 1875702] [NEW] madvise reports success, but doesn't implement WIPEONFORK agl
2020-04-30 14:04 ` [Bug 1875702] " Laurent Vivier
2021-05-06 13:33 ` Thomas Huth
@ 2021-05-06 13:50 ` Peter Maydell
2021-05-18 23:45 ` Thomas Huth
3 siblings, 0 replies; 5+ messages in thread
From: Peter Maydell @ 2021-05-06 13:50 UTC (permalink / raw)
To: qemu-devel
Still relevant. See also bug #1926521 -- MADV_DONTNEED is another
madvise() value that can't be ignored as "just a hint".
** Changed in: qemu
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1875702
Title:
madvise reports success, but doesn't implement WIPEONFORK.
Status in QEMU:
Confirmed
Bug description:
The implementation of madvise (linux-user/syscall.c:11331, tag
v5.0.0-rc4) always returns zero (i.e. success). However, an
application requesting (at least) MADV_WIPEONFORK may need to know
whether the call was actually successful. If not (because the kernel
doesn't support WIPEONFORK) then it will need to take other measures
to provide fork-safety (such as drawing entropy from the kernel in
every case). But, if the application believes that WIPEONFORK is
supported (because madvise returned zero), but it actually isn't (as
in qemu), then it may forego those protections on the assumption that
WIPEONFORK will provide fork-safety.
Roughly, the comment in qemu that says "This is a hint, so ignoring
and returning success is ok." is no longer accurate in the presence of
MADV_WIPEONFORK.
(This is not purely academic: BoringSSL is planning on acting in this
way. We found the qemu behaviour in pre-release testing and are
planning on making an madvise call with advice=-1 first to test
whether unknown advice values actually produce EINVAL.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1875702/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug 1875702] Re: madvise reports success, but doesn't implement WIPEONFORK.
2020-04-28 17:22 [Bug 1875702] [NEW] madvise reports success, but doesn't implement WIPEONFORK agl
` (2 preceding siblings ...)
2021-05-06 13:50 ` Peter Maydell
@ 2021-05-18 23:45 ` Thomas Huth
3 siblings, 0 replies; 5+ messages in thread
From: Thomas Huth @ 2021-05-18 23:45 UTC (permalink / raw)
To: qemu-devel
This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:
https://gitlab.com/qemu-project/qemu/-/issues/343
** Changed in: qemu
Status: Confirmed => Expired
** Changed in: qemu
Assignee: Laurent Vivier (laurent-vivier) => (unassigned)
** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #343
https://gitlab.com/qemu-project/qemu/-/issues/343
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1875702
Title:
madvise reports success, but doesn't implement WIPEONFORK.
Status in QEMU:
Expired
Bug description:
The implementation of madvise (linux-user/syscall.c:11331, tag
v5.0.0-rc4) always returns zero (i.e. success). However, an
application requesting (at least) MADV_WIPEONFORK may need to know
whether the call was actually successful. If not (because the kernel
doesn't support WIPEONFORK) then it will need to take other measures
to provide fork-safety (such as drawing entropy from the kernel in
every case). But, if the application believes that WIPEONFORK is
supported (because madvise returned zero), but it actually isn't (as
in qemu), then it may forego those protections on the assumption that
WIPEONFORK will provide fork-safety.
Roughly, the comment in qemu that says "This is a hint, so ignoring
and returning success is ok." is no longer accurate in the presence of
MADV_WIPEONFORK.
(This is not purely academic: BoringSSL is planning on acting in this
way. We found the qemu behaviour in pre-release testing and are
planning on making an madvise call with advice=-1 first to test
whether unknown advice values actually produce EINVAL.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1875702/+subscriptions
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-05-18 23:57 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-28 17:22 [Bug 1875702] [NEW] madvise reports success, but doesn't implement WIPEONFORK agl
2020-04-30 14:04 ` [Bug 1875702] " Laurent Vivier
2021-05-06 13:33 ` Thomas Huth
2021-05-06 13:50 ` Peter Maydell
2021-05-18 23:45 ` Thomas Huth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).