This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[Bug uprobes/10595] uprobe return probes causes selinux failures
- From: "mjw at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: systemtap at sources dot redhat dot com
- Date: 3 Sep 2009 14:18:19 -0000
- Subject: [Bug uprobes/10595] uprobe return probes causes selinux failures
- References: <20090903122458.10595.mjw@redhat.com>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From mjw at redhat dot com 2009-09-03 14:18 -------
We discussed a bit on irc (and I had a little help interpreting what happened
from eparis). Some extra info:
- allow_execstack implies allow_execmem.
The failure is not really about anything stack related.
It comes from setting writable memory executable.
- The most likely candidate triggering this issue is in
uprobe_setup_ssol_vma:
addr = do_mmap_pgoff(NULL, addr, nbytes, PROT_EXEC,
MAP_PRIVATE|MAP_ANONYMOUS, 0);
As http://people.redhat.com/drepper/selinux-mem.html explains:
execmem
There are two situations when this error can appear:
* The program maps anonymous memory with mmap with PROT_EXEC.
Note that because anonymous memory is zero'd out by the system
it makes not much sense to not have it writable as well.
For user space working around that issue is also explained on that page.
That might not be completely trivial in kernel space since it involves mmaping a
file twice (we could do that with do_mmap_pgoff where user space uses mmap).
ananth suggested we might want to look how vdso/vmap areas get around these
restrictions.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=10595
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.