This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug uprobes/10595] uprobe return probes causes selinux failures


------- Additional Comments From mjw at redhat dot com  2009-09-03 14:18 -------
We discussed a bit on irc (and I had a little help interpreting what happened
from eparis). Some extra info:

- allow_execstack implies allow_execmem.
  The failure is not really about anything stack related.
  It comes from setting writable memory executable.
- The most likely candidate triggering this issue is in
  uprobe_setup_ssol_vma:
      addr = do_mmap_pgoff(NULL, addr, nbytes, PROT_EXEC,
                                    MAP_PRIVATE|MAP_ANONYMOUS, 0);

As http://people.redhat.com/drepper/selinux-mem.html explains:
execmem
   There are two situations when this error can appear:
      * The program maps anonymous memory with mmap with PROT_EXEC.
        Note that because anonymous memory is zero'd out by the system
        it makes not much sense to not have it writable as well.

For user space working around that issue is also explained on that page.
That might not be completely trivial in kernel space since it involves mmaping a
file twice (we could do that with do_mmap_pgoff where user space uses mmap).

ananth suggested we might want to look how vdso/vmap areas get around these
restrictions.

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=10595

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]