NetBSD Problem Report #52658
From www@NetBSD.org Thu Oct 26 14:55:28 2017
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 827577A0F3
for <gnats-bugs@gnats.NetBSD.org>; Thu, 26 Oct 2017 14:55:28 +0000 (UTC)
Message-Id: <20171026145527.A78017A1F3@mollari.NetBSD.org>
Date: Thu, 26 Oct 2017 14:55:27 +0000 (UTC)
From: n54@gmx.com
Reply-To: n54@gmx.com
To: gnats-bugs@NetBSD.org
Subject: mmap() a file PaX MPROTECT can produce an unkillable process
X-Send-Pr-Version: www-1.0
>Number: 52658
>Category: kern
>Synopsis: mmap() a file PaX MPROTECT can produce an unkillable process
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Oct 26 15:00:00 +0000 2017
>Closed-Date: Mon Nov 06 04:35:04 +0000 2017
>Last-Modified: Mon Nov 06 04:35:04 +0000 2017
>Originator: Kamil Rytarowski
>Release: NetBSD/amd64 8.99.4
>Organization:
TNF
>Environment:
NetBSD qemu 8.99.4 NetBSD 8.99.4 (GENERIC) #0: Sat Oct 14 16:12:26 CEST 2017 root@chieftec:/public/netbsd-root/sys/arch/amd64/compile/GENERIC amd64
>Description:
Under enabled PaX MPROTECT, mmap(2) call for a file descriptor and WRITE|EXEC protection request fails as expected with EACCES. However the process is unkillable on exit. It is also partly invisible to ptrace(2), missing in /proc.. however we can still see it with ps(1).
ktruss ./a.out [16/68]
1863 1 ktruss fcntl(0x4, 0x3, 0) = 4194305
1863 1 ktruss emul(netbsd)
1863 1 ktruss fcntl(0x4, 0x4, 0x400001) = 0
1863 1 a.out execve("/root/./a.out", 0x7f7fffffe898, 0x7f7fffffe8a8) JUSTRETURN
1863 1 a.out emul(netbsd)
1863 1 a.out mmap(0, 0x8000, 0x3, 0x1002, 0xffffffff, 0, 0) = 0x7f7ff7ef7000
1863 1 a.out open("/etc/ld.so.conf", 0, 0x7f7ff7e10780) Err#2 ENOENT
1863 1 a.out open("/usr/lib/libc.so.12", 0, 0x3) = 3
1863 1 a.out __fstat50(0x3, 0x7f7fffffdfb8) = 0
1863 1 a.out mmap(0, 0x1000, 0x1, 0x1, 0x3, 0, 0) = 0x7f7ff7ef6000
1863 1 a.out munmap(0x7f7ff7ef6000, 0x1000) = 0
1863 1 a.out mmap(0, 0x35a000, 0x5, 0x15000002, 0x3, 0, 0) = 0x7f7ff7800000
1863 1 a.out mmap(0x7f7ff7b3a000, 0xd000, 0x3, 0x12, 0x3, 0, 0x13a000) = 0x7f7ff7b3a000
1863 1 a.out mmap(0x7f7ff7b47000, 0x13000, 0x3, 0x1012, 0xffffffff, 0, 0) = 0x7f7ff7b47000
1863 1 a.out mprotect(0x7f7ff793b000, 0x1ff000, 0) = 0
1863 1 a.out close(0x3) = 0
1863 1 a.out mprotect(0x7f7ff7b3a000, 0x7000, 0x1) = 0
1863 1 a.out _lwp_setprivate(0x7f7ff7efc040) = 0
1863 1 a.out _lwp_self() = 1
1863 1 a.out __sigprocmask14(0x1, 0x7f7fffffe7c0, 0x7f7fffffe830) = 0
1863 1 a.out __sigprocmask14(0x3, 0x7f7fffffe830, 0) = 0
1863 1 a.out __sysctl(0x7f7ff790f410, 0x2, 0x7f7ff7b57ae0, 0x7f7fffffe758, 0, 0) = 0
1863 1 a.out _lwp_self() = 1
1863 1 a.out __sigprocmask14(0x1, 0x7f7fffffe770, 0x7f7fffffe830) = 0
1863 1 a.out __sigprocmask14(0x3, 0x7f7fffffe830, 0) = 0
1863 1 a.out open("1234567", 0x200, 0x8) = 3
1863 1 a.out mmap(0x200000, 0x2000, 0x6, 0, 0x3, 0, 0) Err#13 EACCES
1863 1 a.out _lwp_self() = 1
1863 1 a.out __sigprocmask14(0x1, 0x7f7fffffe790, 0x7f7fffffe7c0) = 0
1863 1 a.out __sigprocmask14(0x3, 0x7f7fffffe7c0, 0) = 0
1863 1 a.out _lwp_self() = 1
1863 1 a.out __sigprocmask14(0x1, 0x7f7fffffe790, 0x7f7fffffe7c0) = 0
1863 1 a.out __sigprocmask14(0x3, 0x7f7fffffe7c0, 0) = 0
1863 1 a.out exit(0)
// HANGS
>How-To-Repeat:
#include <sys/param.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <string.h>
int
main(int arg, char **argv)
{
mmap((void*)0x200000, 0x2000ul, PROT_WRITE | PROT_EXEC, 0, open("1234567", O_CREAT, 8), 0);
}
>Fix:
N/A
>Release-Note:
>Audit-Trail:
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org, Dmitry Vyukov <dvyukov@google.com>
Cc:
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable
process
Date: Thu, 26 Oct 2017 16:54:29 +0200
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--cBbtMCRHKeEEPooTFPCEH5GXKjJ52fklb
Content-Type: multipart/mixed; boundary="70tJQ8vmS0ptUTBcRJmrqQ6cqR3wFMs68";
protected-headers="v1"
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org, Dmitry Vyukov <dvyukov@google.com>
Message-ID: <b3a475e5-11f9-e2f0-f6a2-c717aa720c0a@gmx.com>
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable
process
References: <pr-kern-52658@gnats.netbsd.org>
<20171026145527.A78017A1F3@mollari.NetBSD.org>
<20171026150000.AF24E7A1DC@mollari.NetBSD.org>
In-Reply-To: <20171026150000.AF24E7A1DC@mollari.NetBSD.org>
--70tJQ8vmS0ptUTBcRJmrqQ6cqR3wFMs68
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
This bug has been found by Dmitry Vyukov (Google) with syzkaller.
Dmitry shared a reproduced that was narrowed down to the offending call
by myself.
Please credit Dmitry and syzkaller in commit message with a fix.
Upstream syzkaller tracks their bug reports.
--70tJQ8vmS0ptUTBcRJmrqQ6cqR3wFMs68--
--cBbtMCRHKeEEPooTFPCEH5GXKjJ52fklb
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQJABAEBCAAqFiEELaxVpweEzw+lMDwuS7MI6bAudmwFAlnx9yUMHG41NEBnbXgu
Y29tAAoJEEuzCOmwLnZsEc0QAJsnEaPbiJa9KR7ej9ejDDGOWqaZ4or5psIaTzL3
QbCxwhN3MlJZTkCi2a1EQJEmy4OscJoJM0EY8R1ErltY8fb/Q15I2CVdU1lTEpmj
+WhX+J1RTCUWxIMX2GDDCWA9PEFD/pMUJBca4Y1sCAWeIuPRPf81BTU3doJVxwia
X9NUFKClgQWQYdKH6gCUlYlKxjY1qym/R6GdcPI84HYL2k7Zgwfnqvx9aeMGLnoT
3uuD6+gZXhCC9LaxddfHHGgomWiell2OKmHiSyCq/LKiKM2YPM+jO1WkwOyDOo49
djBnuHb7GFqvSIHj8l45Kgm7qyhKnfbrdmARdBfecn22tk7ZgRQnrWrTo6HvVzMU
pJSzsptEBKvC7fZ6zHA4xROd9qN0MVnRIvyQ4Elo6WUeXZgHC6Lz6cLjIoFFuiWB
ICFGhDAoFeiYGx19z+OKy+s5jpA01Qg1wvb/BBvinG7MFFMt2F+Q8hGJq3fulnWr
F5V9I7ls6PLvF5lvjdi9S9X1YPiM0f3P+WCcIsyNlgeIPzX4X8AVfaTp+Fmcfrm9
0EvvGJ9D59Vd764zBpHWv0sb58N+YI1PKyxJGuaiZ301gvVkNTlAfF8rOQmjTBk/
ZBO7rh3XDYmilL/F4a9GmpG9mzova80DZyyy5rNESAbeSrWC8e7w5m/Oz0G8hPBW
ULFO
=PCRS
-----END PGP SIGNATURE-----
--cBbtMCRHKeEEPooTFPCEH5GXKjJ52fklb--
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org, Dmitry Vyukov <dvyukov@google.com>,
Utkarsh Anand <uanand009@gmail.com>
Cc:
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable
process
Date: Thu, 26 Oct 2017 19:21:22 +0200
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--9pKRcxpCH0pOU2otlS4u8Q92lvBH7uxLH
Content-Type: multipart/mixed; boundary="PO9LPBJGWav4T2PeChjUwdUidu2So7PK1";
protected-headers="v1"
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org, Dmitry Vyukov <dvyukov@google.com>,
Utkarsh Anand <uanand009@gmail.com>
Message-ID: <4624fe72-a23f-abe1-6bf6-ddb6534c8a32@gmx.com>
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable
process
References: <pr-kern-52658@gnats.netbsd.org>
<20171026145527.A78017A1F3@mollari.NetBSD.org>
<20171026150000.AF24E7A1DC@mollari.NetBSD.org>
<b3a475e5-11f9-e2f0-f6a2-c717aa720c0a@gmx.com>
In-Reply-To: <b3a475e5-11f9-e2f0-f6a2-c717aa720c0a@gmx.com>
--PO9LPBJGWav4T2PeChjUwdUidu2So7PK1
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Proposed fix by Taylor:
https://www.netbsd.org/~riastradh/tmp/20171026/mmap_pax_errbranch.patch
Utkarsh, can you please have a look whether it fixes the problem?
If so, please commit it with appropriate credit (Dmitry, syzkaller, Taylo=
r).
If it fixes the bug, please also add a new ATF test for this case.
--PO9LPBJGWav4T2PeChjUwdUidu2So7PK1--
--9pKRcxpCH0pOU2otlS4u8Q92lvBH7uxLH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZ8hmZAAoJEEuzCOmwLnZsuQEP/3EFGjEbTibb7A+9KfaEW1wc
f4V2avJIerif5TqQ6cu1r2/59eJSVT/5ZusK3QU8UGO3ntKGYI+HuC1fm8A7xDYT
BPKlsSAFvXBYja76+l6ihoP0l2RN3iNIKlk6AVo7bzv5YK09HxFQkciuGkk10TPq
JCR2E0Df1C5v/TyXfYoZJm5Gee/1AajA+AFfPeTscN6n2chTEycx5vyzXfRF7zfJ
zgy7Oh1oA9HZu70UoAWPIf5zjUV5K3qeVRwdvsA+S8xUcixPt/GDUaZs0KaW1QsX
8euKGtL1CKQP4TnPHzsFwR46U5FztVAtRVzLaphpyigRw2XiHRPiWDjEsoT/t9/0
W7w8Uo0YfddYrhIrl1+2MIg+KLyUqJqlsdPjniql9BxlGurJgwj5GYe6UirAuE6J
fGJ4BtpONCgx30epP6IB0ddqwW9tTsm72Wj5FrKcYJWDIZxSQrdiGzirY4ZURfBJ
VWeksSPdXOTjgKYb8dPcd6ddLFRM0B0OR8I8yj+6BWXPxYGzsu0mg2Pje0CsgD0G
Dont3qu3wAzhYg+UN4bMHXXv/uZfbs8OCdZoA9fg8KT59V89tZME5nRGxdtAW+HM
s/YEv9zeT2D4YSWtJrEdj0/7lcnpbxj/mQCp3oeexQZ7UfIpttoQ7PsRQdI0x9Y9
eqTlNwwul2YW7VYNkAMm
=P8Kp
-----END PGP SIGNATURE-----
--9pKRcxpCH0pOU2otlS4u8Q92lvBH7uxLH--
From: Utkarsh Anand <uanand009@gmail.com>
To: Kamil Rytarowski <n54@gmx.com>
Cc: gnats-bugs@netbsd.org, Dmitry Vyukov <dvyukov@google.com>
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable process
Date: Thu, 26 Oct 2017 23:01:05 +0530
--f403045c55c27416ef055c768948
Content-Type: text/plain; charset="UTF-8"
Currently, I'm reproducing something else on my machine. I'll probably do
this on lyta and report back if it fixes it.
Regards,
Utkarsh Anand
On 26 October 2017 at 22:51, Kamil Rytarowski <n54@gmx.com> wrote:
> Proposed fix by Taylor:
>
> https://www.netbsd.org/~riastradh/tmp/20171026/mmap_pax_errbranch.patch
>
> Utkarsh, can you please have a look whether it fixes the problem?
>
> If so, please commit it with appropriate credit (Dmitry, syzkaller,
> Taylor).
>
> If it fixes the bug, please also add a new ATF test for this case.
>
>
--f403045c55c27416ef055c768948
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div>Currently, I'm reproducing something else on=
my machine. I'll probably do this on lyta and report back if it fixes =
it.<br><br></div>Regards,<br></div>Utkarsh Anand<br></div><div class=3D"gma=
il_extra"><br><div class=3D"gmail_quote">On 26 October 2017 at 22:51, Kamil=
Rytarowski <span dir=3D"ltr"><<a href=3D"mailto:n54@gmx.com" target=3D"=
_blank">n54@gmx.com</a>></span> wrote:<br><blockquote class=3D"gmail_quo=
te" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"=
>Proposed fix by Taylor:<br>
<br>
<a href=3D"https://www.netbsd.org/~riastradh/tmp/20171026/mmap_pax_errbranc=
h.patch" rel=3D"noreferrer" target=3D"_blank">https://www.netbsd.org/~<wbr>=
riastradh/tmp/20171026/mmap_<wbr>pax_errbranch.patch</a><br>
<br>
Utkarsh, can you please have a look whether it fixes the problem?<br>
<br>
If so, please commit it with appropriate credit (Dmitry, syzkaller, Taylor)=
.<br>
<br>
If it fixes the bug, please also add a new ATF test for this case.<br>
<br>
</blockquote></div><br></div>
--f403045c55c27416ef055c768948--
From: Utkarsh Anand <uanand009@gmail.com>
To: Kamil Rytarowski <n54@gmx.com>
Cc: gnats-bugs@netbsd.org, Dmitry Vyukov <dvyukov@google.com>
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable process
Date: Thu, 26 Oct 2017 23:23:53 +0530
--94eb2c0e48c2023184055c76db84
Content-Type: text/plain; charset="UTF-8"
Looks like we don't have qemu on lyta. I guess I'll do it later on my own
machine.
Regards,
Utkarsh Anand
On 26 October 2017 at 23:01, Utkarsh Anand <uanand009@gmail.com> wrote:
> Currently, I'm reproducing something else on my machine. I'll probably do
> this on lyta and report back if it fixes it.
>
> Regards,
> Utkarsh Anand
>
> On 26 October 2017 at 22:51, Kamil Rytarowski <n54@gmx.com> wrote:
>
>> Proposed fix by Taylor:
>>
>> https://www.netbsd.org/~riastradh/tmp/20171026/mmap_pax_errbranch.patch
>>
>> Utkarsh, can you please have a look whether it fixes the problem?
>>
>> If so, please commit it with appropriate credit (Dmitry, syzkaller,
>> Taylor).
>>
>> If it fixes the bug, please also add a new ATF test for this case.
>>
>>
>
--94eb2c0e48c2023184055c76db84
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div>Looks like we don't have qemu on lyta. I gue=
ss I'll do it later on my own machine.<br><br></div>Regards,<br></div>U=
tkarsh Anand<br></div><div class=3D"gmail_extra"><br><div class=3D"gmail_qu=
ote">On 26 October 2017 at 23:01, Utkarsh Anand <span dir=3D"ltr"><<a hr=
ef=3D"mailto:uanand009@gmail.com" target=3D"_blank">uanand009@gmail.com</a>=
></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0=
0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div>=
<div>Currently, I'm reproducing something else on my machine. I'll =
probably do this on lyta and report back if it fixes it.<br><br></div>Regar=
ds,<br></div>Utkarsh Anand<br></div><div class=3D"HOEnZb"><div class=3D"h5"=
><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On 26 October 20=
17 at 22:51, Kamil Rytarowski <span dir=3D"ltr"><<a href=3D"mailto:n54@g=
mx.com" target=3D"_blank">n54@gmx.com</a>></span> wrote:<br><blockquote =
class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid=
;padding-left:1ex">Proposed fix by Taylor:<br>
<br>
<a href=3D"https://www.netbsd.org/~riastradh/tmp/20171026/mmap_pax_errbranc=
h.patch" rel=3D"noreferrer" target=3D"_blank">https://www.netbsd.org/~riast=
r<wbr>adh/tmp/20171026/mmap_pax_<wbr>errbranch.patch</a><br>
<br>
Utkarsh, can you please have a look whether it fixes the problem?<br>
<br>
If so, please commit it with appropriate credit (Dmitry, syzkaller, Taylor)=
.<br>
<br>
If it fixes the bug, please also add a new ATF test for this case.<br>
<br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
--94eb2c0e48c2023184055c76db84--
From: Utkarsh Anand <uanand009@gmail.com>
To: Kamil Rytarowski <n54@gmx.com>
Cc: gnats-bugs@netbsd.org, Dmitry Vyukov <dvyukov@google.com>
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable process
Date: Fri, 27 Oct 2017 17:16:14 +0530
--94eb2c1cd14a0f0ef0055c85d640
Content-Type: text/plain; charset="UTF-8"
I just tested taylor's fix and got:
# ktruss ./test
41 1 ktruss fcntl(0x4, 0x3, 0) = 4194305
41 1 ktruss emul(netbsd)
41 1 ktruss fcntl(0x4, 0x4, 0x400001) = 0
41 1 test execve("/root/./test", 0x7f7fff17fae8,
0x7f7fff17faf8) JUSTRETURN
41 1 test emul(netbsd)
41 1 test mmap(0, 0x8000, 0x3, 0x1002, 0xffffffff, 0, 0) =
0x7ed0fadf0000
41 1 test open("/etc/ld.so.conf", 0, 0x7f7f72a11790) Err#2
ENOENT
41 1 test open("/usr/lib/libc.so.12", 0, 0x3) = 3
41 1 test __fstat50(0x3, 0x7f7fffaa7d68) = 0
41 1 test mmap(0, 0x1000, 0x1, 0x1, 0x3, 0, 0) = 0x7ed0fadef000
41 1 test munmap(0x7ed0fadef000, 0x1000) = 0
41 1 test mmap(0, 0x381000, 0x5, 0x15000002, 0x3, 0, 0) =
0x7ed0faa00000
41 1 test mmap(0x7ed0fad61000, 0xd000, 0x3, 0x12, 0x3, 0,
0x161000) = 0x7ed0fad61000
41 1 test mmap(0x7ed0fad6e000, 0x13000, 0x3, 0x1012,
0xffffffff, 0, 0) = 0x7ed0fad6e000
41 1 test mprotect(0x7ed0fab61000, 0x200000, 0) = 0
41 1 test close(0x3) = 0
41 1 test mprotect(0x7ed0fad61000, 0x7000, 0x1) = 0
41 1 test _lwp_setprivate(0x7ed0fadf5048) = 0
41 1 test _lwp_self() = 1
41 1 test __sigprocmask14(0x1, 0x7f7fffaa8570, 0x7f7fffaa85e0)
= 0
41 1 test __sigprocmask14(0x3, 0x7f7fffaa85e0, 0) = 0
41 1 test __sysctl(0x7ed0fab318e8, 0x2, 0x7ed0fad7eb40,
0x7f7fffaa8508, 0, 0) = 0
41 1 test _lwp_self() = 1
41 1 test __sigprocmask14(0x1, 0x7f7fffaa8520, 0x7f7fffaa85e0)
= 0
41 1 test __sigprocmask14(0x3, 0x7f7fffaa85e0, 0) = 0
41 1 test open("1234567", 0x200, 0x8) = 3
41 1 test mmap(0x200000, 0x2000, 0x6, 0, 0x3, 0, 0) Err#13
EACCES
41 1 test _lwp_self() = 1
41 1 test __sigprocmask14(0x1, 0x7f7fffaa8550, 0x7f7fffaa8580)
= 0
41 1 test __sigprocmask14(0x3, 0x7f7fffaa8580, 0) = 0
41 1 test _lwp_self() = 1
41 1 test __sigprocmask14(0x1, 0x7f7fffaa8550, 0x7f7fffaa8580)
= 0
41 1 test __sigprocmask14(0x3, 0x7f7fffaa8580, 0) = 0
41 1 test exit(0)
# ps
PID TTY STAT TIME COMMAND
42 tty00 O+ 0:00.09 ps
391 tty00 S 0:00.53 -sh
438 tty00 Is 0:00.82 login
442 ttyE1 Is+ 0:00.08 /usr/libexec/getty Pc ttyE1
439 ttyE2 Is+ 0:00.07 /usr/libexec/getty Pc ttyE2
445 ttyE3 Is+ 0:00.07 /usr/libexec/getty Pc ttyE3
I believe that fixes the problem. So I'm committing the changes.
Thanks to all those involved.
Regards,
Utkarsh Anand
--94eb2c1cd14a0f0ef0055c85d640
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: base64
PGRpdiBkaXI9Imx0ciI+PGRpdj48ZGl2PjxkaXY+PGRpdj5JIGp1c3QgdGVzdGVkIHRheWxvciYj
Mzk7cyBmaXggYW5kIGdvdDo8YnI+PGJyPiMga3RydXNzIC4vdGVzdDxicj7CoMKgwqAgNDHCoMKg
wqDCoMKgIDEga3RydXNzwqDCoCBmY250bCgweDQsIDB4MywgMCnCoMKgwqDCoMKgwqDCoMKgwqAg
PSA0MTk0MzA1PGJyPsKgwqDCoCA0McKgwqDCoMKgwqAgMSBrdHJ1c3PCoMKgIGVtdWwobmV0YnNk
KTxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEga3RydXNzwqDCoCBmY250bCgweDQsIDB4NCwgMHg0
MDAwMDEpwqDCoCA9IDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBleGVj
dmUoJnF1b3Q7L3Jvb3QvLi90ZXN0JnF1b3Q7LCAweDdmN2ZmZjE3ZmFlOCwgMHg3ZjdmZmYxN2Zh
ZjgpIEpVU1RSRVRVUk48YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBlbXVs
KG5ldGJzZCk8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBtbWFwKDAsIDB4
ODAwMCwgMHgzLCAweDEwMDIsIDB4ZmZmZmZmZmYsIDAsIDApID0gMHg3ZWQwZmFkZjAwMDA8YnI+
wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBvcGVuKCZxdW90Oy9ldGMvbGQuc28u
Y29uZiZxdW90OywgMCwgMHg3ZjdmNzJhMTE3OTApIEVyciMyIEVOT0VOVDxicj7CoMKgwqAgNDHC
oMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKgIG9wZW4oJnF1b3Q7L3Vzci9saWIvbGliYy5zby4xMiZx
dW90OywgMCwgMHgzKSA9IDM8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBf
X2ZzdGF0NTAoMHgzLCAweDdmN2ZmZmFhN2Q2OCkgPSAwPGJyPsKgwqDCoCA0McKgwqDCoMKgwqAg
MSB0ZXN0wqDCoMKgwqAgbW1hcCgwLCAweDEwMDAsIDB4MSwgMHgxLCAweDMsIDAsIDApID0gMHg3
ZWQwZmFkZWYwMDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBtdW5tYXAo
MHg3ZWQwZmFkZWYwMDAsIDB4MTAwMCkgPSAwPGJyPsKgwqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0
wqDCoMKgwqAgbW1hcCgwLCAweDM4MTAwMCwgMHg1LCAweDE1MDAwMDAyLCAweDMsIDAsIDApID0g
MHg3ZWQwZmFhMDAwMDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBtbWFw
KDB4N2VkMGZhZDYxMDAwLCAweGQwMDAsIDB4MywgMHgxMiwgMHgzLCAwLCAweDE2MTAwMCkgPSAw
eDdlZDBmYWQ2MTAwMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKgIG1tYXAo
MHg3ZWQwZmFkNmUwMDAsIDB4MTMwMDAsIDB4MywgMHgxMDEyLCAweGZmZmZmZmZmLCAwLCAwKSA9
IDB4N2VkMGZhZDZlMDAwPGJyPsKgwqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgbXBy
b3RlY3QoMHg3ZWQwZmFiNjEwMDAsIDB4MjAwMDAwLCAwKSA9IDA8YnI+wqDCoMKgIDQxwqDCoMKg
wqDCoCAxIHRlc3TCoMKgwqDCoCBjbG9zZSgweDMpwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC
oMKgwqDCoCA9IDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBtcHJvdGVj
dCgweDdlZDBmYWQ2MTAwMCwgMHg3MDAwLCAweDEpID0gMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKg
IDEgdGVzdMKgwqDCoMKgIF9sd3Bfc2V0cHJpdmF0ZSgweDdlZDBmYWRmNTA0OCkgPSAwPGJyPsKg
wqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgX2x3cF9zZWxmKCnCoMKgwqDCoMKgwqDC
oMKgwqDCoMKgwqDCoMKgwqDCoCA9IDE8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TCoMKg
wqDCoCBfX3NpZ3Byb2NtYXNrMTQoMHgxLCAweDdmN2ZmZmFhODU3MCwgMHg3ZjdmZmZhYTg1ZTAp
ID0gMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKgIF9fc2lncHJvY21hc2sx
NCgweDMsIDB4N2Y3ZmZmYWE4NWUwLCAwKSA9IDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRl
c3TCoMKgwqDCoCBfX3N5c2N0bCgweDdlZDBmYWIzMThlOCwgMHgyLCAweDdlZDBmYWQ3ZWI0MCwg
MHg3ZjdmZmZhYTg1MDgsIDAsIDApID0gMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKg
wqDCoMKgIF9sd3Bfc2VsZigpwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgPSAxPGJy
PsKgwqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgX19zaWdwcm9jbWFzazE0KDB4MSwg
MHg3ZjdmZmZhYTg1MjAsIDB4N2Y3ZmZmYWE4NWUwKSA9IDA8YnI+wqDCoMKgIDQxwqDCoMKgwqDC
oCAxIHRlc3TCoMKgwqDCoCBfX3NpZ3Byb2NtYXNrMTQoMHgzLCAweDdmN2ZmZmFhODVlMCwgMCkg
PSAwPGJyPsKgwqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgb3BlbigmcXVvdDsxMjM0
NTY3JnF1b3Q7LCAweDIwMCwgMHg4KSA9IDM8YnI+wqDCoMKgIDQxwqDCoMKgwqDCoCAxIHRlc3TC
oMKgwqDCoCBtbWFwKDB4MjAwMDAwLCAweDIwMDAsIDB4NiwgMCwgMHgzLCAwLCAwKSBFcnIjMTMg
RUFDQ0VTPGJyPsKgwqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgX2x3cF9zZWxmKCnC
oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCA9IDE8YnI+wqDCoMKgIDQxwqDCoMKgwqDC
oCAxIHRlc3TCoMKgwqDCoCBfX3NpZ3Byb2NtYXNrMTQoMHgxLCAweDdmN2ZmZmFhODU1MCwgMHg3
ZjdmZmZhYTg1ODApID0gMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKgIF9f
c2lncHJvY21hc2sxNCgweDMsIDB4N2Y3ZmZmYWE4NTgwLCAwKSA9IDA8YnI+wqDCoMKgIDQxwqDC
oMKgwqDCoCAxIHRlc3TCoMKgwqDCoCBfbHdwX3NlbGYoKcKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC
oMKgwqDCoMKgID0gMTxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKgIF9fc2ln
cHJvY21hc2sxNCgweDEsIDB4N2Y3ZmZmYWE4NTUwLCAweDdmN2ZmZmFhODU4MCkgPSAwPGJyPsKg
wqDCoCA0McKgwqDCoMKgwqAgMSB0ZXN0wqDCoMKgwqAgX19zaWdwcm9jbWFzazE0KDB4MywgMHg3
ZjdmZmZhYTg1ODAsIDApID0gMDxicj7CoMKgwqAgNDHCoMKgwqDCoMKgIDEgdGVzdMKgwqDCoMKg
IGV4aXQoMCk8YnI+IyBwczxicj5QSUQgVFRZwqDCoCBTVEFUwqDCoMKgIFRJTUUgQ09NTUFORDxi
cj7CoDQyIHR0eTAwIE8rwqDCoCAwOjAwLjA5IHBzIDxicj4zOTEgdHR5MDAgU8KgwqDCoCAwOjAw
LjUzIC1zaCA8YnI+NDM4IHR0eTAwIElzwqDCoCAwOjAwLjgyIGxvZ2luIDxicj40NDIgdHR5RTEg
SXMrwqAgMDowMC4wOCAvdXNyL2xpYmV4ZWMvZ2V0dHkgUGMgdHR5RTEgPGJyPjQzOSB0dHlFMiBJ
cyvCoCAwOjAwLjA3IC91c3IvbGliZXhlYy9nZXR0eSBQYyB0dHlFMiA8YnI+NDQ1IHR0eUUzIElz
K8KgIDA6MDAuMDcgL3Vzci9saWJleGVjL2dldHR5IFBjIHR0eUUzPGJyPjxicj48L2Rpdj5JIGJl
bGlldmUgdGhhdCBmaXhlcyB0aGUgcHJvYmxlbS4gU28gSSYjMzk7bSBjb21taXR0aW5nIHRoZSBj
aGFuZ2VzLjxicj48L2Rpdj5UaGFua3MgdG8gYWxsIHRob3NlIGludm9sdmVkLjxicj48YnI+PC9k
aXY+UmVnYXJkcyw8YnI+PC9kaXY+VXRrYXJzaCBBbmFuZDxicj48L2Rpdj4NCg==
--94eb2c1cd14a0f0ef0055c85d640--
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable
process
Date: Fri, 27 Oct 2017 13:47:15 +0200
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--cfikX47LThlcukf5Pi4NSoUcm2SmaFWKt
Content-Type: multipart/mixed; boundary="b14lVUwq75iTPBABfNdRd0Ed7srkPoaIk";
protected-headers="v1"
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org
Message-ID: <29ce2d93-d482-f121-2c3b-504bbedea87b@gmx.com>
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable
process
References: <pr-kern-52658@gnats.netbsd.org>
<20171026145527.A78017A1F3@mollari.NetBSD.org>
<20171027115001.546CB7A210@mollari.NetBSD.org>
In-Reply-To: <20171027115001.546CB7A210@mollari.NetBSD.org>
--b14lVUwq75iTPBABfNdRd0Ed7srkPoaIk
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Don't commit anything so far without a peer-review from your mentor of
commits and commit-messages.
--b14lVUwq75iTPBABfNdRd0Ed7srkPoaIk--
--cfikX47LThlcukf5Pi4NSoUcm2SmaFWKt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQJABAEBCAAqFiEELaxVpweEzw+lMDwuS7MI6bAudmwFAlnzHMQMHG41NEBnbXgu
Y29tAAoJEEuzCOmwLnZsZ/MP/RTiuolpP/dNts3w06mbfiljlYLVo//+Ou3OUYoK
GBYLsgEVMH15i1W5vchjWKhftVqW9u/BZahL+Qb4+G/z0WfSo1OkFiTLCEYVZTBf
ocZ8RbpYMZb8DkV3EBrUKectmYlVeckP6SIO9rgIB84eZ2meJJmp+K6Rquv/f4cx
g0KaoTcrP2nD52AwqGgc1GQxTJTwGubXtqB3mAA5wNezzcThm+bCeBxoml+snb1C
7+oGjqUuDnJf7NfZG+5EMiiW7pHywuGbESuRh3ifiTncPXAJ5U1Hw+gZFeuKFKAs
5fbGK5PZ8PVIH7Blt0fdX4RW4MkaKSz40UHdxfcVWQ1oQcSjAzr4c6LMIr8buw8W
X9dCTEenYp6e9KwQMJ/7kHqH3lm4pcQIspwo/H8dzIKuU4xwfP+Tk4vVKmy9NkwR
MTslpEre/F7PJwHXivvdde1U94vk4CJaPzKL7m6mTrBCHzBQKptGSJ9KPSDmBk7I
7caPuwUcMBRY+LCIw4wJFCeUBTBZsvXbr2FZeFYwXTKHVrUODfD8AD3nXRnHyQFC
MRm6/i8QzTxVJSc1RUYPSRH9CyRX5pdEHi79KxkaMD9jsWJ0gyUGLBJeF52qopFl
0XKbbtjp4qPXWBnH1eySdb7jIGxyIB9ZbudfPY1UdeonFmzhvxxDx3CE3sYhuG40
FPsc
=/O9g
-----END PGP SIGNATURE-----
--cfikX47LThlcukf5Pi4NSoUcm2SmaFWKt--
From: "Utkarsh Anand" <utkarsh009@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52658 CVS commit: src/sys/uvm
Date: Fri, 27 Oct 2017 12:01:08 +0000
Module Name: src
Committed By: utkarsh009
Date: Fri Oct 27 12:01:08 UTC 2017
Modified Files:
src/sys/uvm: uvm_mmap.c
Log Message:
[syzkaller] Fix for PR #52658 as suggested by riastradh@
The bug was found by Dmitry Vyukov (dvyukov@google.com)
using syzkaller and was tested by me on a VM running
8.99.5
To generate a diff of this commit:
cvs rdiff -u -r1.166 -r1.167 src/sys/uvm/uvm_mmap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Utkarsh Anand <uanand009@gmail.com>
To: Kamil Rytarowski <n54@gmx.com>
Cc: gnats-bugs@netbsd.org, Dmitry Vyukov <dvyukov@google.com>
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable process
Date: Fri, 27 Oct 2017 17:39:56 +0530
--94eb2c0c396ecff680055c862a32
Content-Type: text/plain; charset="UTF-8"
>
> Don't commit anything so far without a peer-review from your mentor of
> commits and commit-messages.
>
> I told them already and nobody objected.
Regards,
Utkarsh Anand
--94eb2c0c396ecff680055c862a32
Content-Type: text/html; charset="UTF-8"
<div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><pre>Don't commit anything so far without a peer-review from your mentor of
commits and commit-messages.</pre></blockquote><div>I told them already and nobody objected.</div><div><br></div><div>Regards,</div><div>Utkarsh Anand<br></div></div>
--94eb2c0c396ecff680055c862a32--
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable
process
Date: Fri, 27 Oct 2017 14:05:33 +0200
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--nOCmf9tqCUoIG6dBLIWKEAPGuuVE6NIic
Content-Type: multipart/mixed; boundary="kB39QV9CB2b7tU04n9jmP52JOgigR9o9D";
protected-headers="v1"
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@netbsd.org
Message-ID: <c0551476-b92a-9707-bba3-d789354c5b9c@gmx.com>
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable
process
References: <pr-kern-52658@gnats.netbsd.org>
<20171026145527.A78017A1F3@mollari.NetBSD.org>
<20171026150000.AF24E7A1DC@mollari.NetBSD.org>
<b3a475e5-11f9-e2f0-f6a2-c717aa720c0a@gmx.com>
<4624fe72-a23f-abe1-6bf6-ddb6534c8a32@gmx.com>
<CADd-wOabdmVtfBgX1Xh7hTGK2jM8QVsJFYjCiYqdbUeYESJp1A@mail.gmail.com>
<CADd-wOYhav8Cf5T+LNCreXrW+EPyei3QRDe4tn-6DABdN+jbxg@mail.gmail.com>
<CADd-wOboFmGBNs_WbgTiM0DrYqhLX6N48H9hnjCNAc_2K_GUwQ@mail.gmail.com>
<CADd-wOZREvm4YYFXo_EF5_M7GJKjam8dQcHr4WF4ZDC4dS+qnA@mail.gmail.com>
In-Reply-To: <CADd-wOZREvm4YYFXo_EF5_M7GJKjam8dQcHr4WF4ZDC4dS+qnA@mail.gmail.com>
--kB39QV9CB2b7tU04n9jmP52JOgigR9o9D
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
On 27.10.2017 14:09, Utkarsh Anand wrote:
> Don't commit anything so far without a peer-review from your mentor=
of
> commits and commit-messages.
>=20
> I told them already and nobody objected.
>=20
> Regards,
> Utkarsh Anand
Please include "Approved by <>" with reviewers.
--kB39QV9CB2b7tU04n9jmP52JOgigR9o9D--
--nOCmf9tqCUoIG6dBLIWKEAPGuuVE6NIic
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQJABAEBCAAqFiEELaxVpweEzw+lMDwuS7MI6bAudmwFAlnzIQ4MHG41NEBnbXgu
Y29tAAoJEEuzCOmwLnZsluAP/0QaKgx6fuhLH44a7UEfpt5SgXO1eq/IKu7dcoOc
kKAlhp8CcF8xt066bDFq4zMd8vCXJn60WDXlnfZu35S8KYkmQnElM0rAfqb8Iblj
XIu0k971twvxoVWLHm7GS8UpYn9r8PEF+Cl7L0THU2/ttFgrggsIvcbCntKQkgje
9g7BjwUPpxPQU0k0N/Fo8siH69zxMK8ktBPELFdCxsl6HKiL5H4LFqLIFvHKM7Q5
84+YEwnghQfsEKkY5dM2buzelCz7dVNYDnwdk4AazAZvUH/ewphWN0+ai+caMnoq
+9sBVj1Rz0vjbmrmwzd0CEyISVlPova1wgJjPYms5wgHNjLBGx54UZ1lEbUg/VKc
C1L5o2r98B0c60bWemSqCzlVPT35DmEFnrqCEtm3fJdV9skTsMnHyERX7LK2RP5f
LvFlWAngq4IohmucDzbgr2bks8YRSsfwP/0dWM6lw5WlBxM7Iak0sUg7ImWInyKC
xH/kRDQD8o9y2pawJn+1g+ttO7NOB6Ew/64dPekJIBE2ML6imwlIeOrRMveH/ttt
T1FpvfS6Ys8ne3UrVypKThNpLNW/DPeupbRDJUbJKqzryxvFa12MlWEw8LEvc+nw
QxDr27FX7C9CaObFFlZar7MO2CRxg26eNlCr+Df31vseMz59U1luRvytW2vpepaP
e/Cn
=Nx6g
-----END PGP SIGNATURE-----
--nOCmf9tqCUoIG6dBLIWKEAPGuuVE6NIic--
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, n54@gmx.com
Cc:
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable process
Date: Fri, 27 Oct 2017 08:16:23 -0400
On Oct 27, 12:10pm, uanand009@gmail.com (Utkarsh Anand) wrote:
-- Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkilla
| > I told them already and nobody objected.
Also, them == me + martin. I certainly have not seen any of that before.
Anyway, please revert the printf commit; leave the mmap as it is (we can
think about changing the message later because this messes up the git
conversion).
For the printf commit, please explain the problem you are trying to solve?
Does syzcaller barf when it sees the inconsistent declaration of printf
in systm.h? Or it gets confused differently?
Thanks,
christos
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable
process
Date: Fri, 27 Oct 2017 14:33:04 +0200
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ON8Ew2Tutu1vdGgF9j5JJMkQTfKLvBa8q
Content-Type: multipart/mixed; boundary="AdTX1JeojEhR4WmwAX3s799xhhm5qKwum";
protected-headers="v1"
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org
Message-ID: <3352e276-653b-e186-8785-95300307ef66@gmx.com>
Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unkillable
process
References: <pr-kern-52658@gnats.netbsd.org>
<20171026145527.A78017A1F3@mollari.NetBSD.org>
<20171027123501.2944D7A20E@mollari.NetBSD.org>
In-Reply-To: <20171027123501.2944D7A20E@mollari.NetBSD.org>
--AdTX1JeojEhR4WmwAX3s799xhhm5qKwum
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
On 27.10.2017 14:35, Christos Zoulas wrote:
> The following reply was made to PR kern/52658; it has been noted by GNA=
TS.
>=20
> From: christos@zoulas.com (Christos Zoulas)
> To: gnats-bugs@NetBSD.org, kern-bug-people@netbsd.org,=20
> gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, n54@gmx.com
> Cc:=20
> Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an unki=
llable process
> Date: Fri, 27 Oct 2017 08:16:23 -0400
>=20
> On Oct 27, 12:10pm, uanand009@gmail.com (Utkarsh Anand) wrote:
> -- Subject: Re: kern/52658: mmap() a file PaX MPROTECT can produce an =
unkilla
> =20
> | > I told them already and nobody objected.
> =20
> Also, them =3D=3D me + martin. I certainly have not seen any of that b=
efore.
> Anyway, please revert the printf commit; leave the mmap as it is (we c=
an
> think about changing the message later because this messes up the git
> conversion).
> =20
> For the printf commit, please explain the problem you are trying to so=
lve?
> Does syzcaller barf when it sees the inconsistent declaration of print=
f
> in systm.h? Or it gets confused differently?
> =20
> Thanks,
> =20
> christos
> =20
>=20
There are remaining steps:
1. Add ATF tests verifying this and similar ones scenarios. For example
the first mmap(2) argument as NULL.
Please use sysctl(2) to check whether the process is executed with PaX
MPROTECT. If it's not - skip the test verifying W|X flags.
Hint: grep -r MPROTECT /usr/include/sys/sysctl.h
2. Login to gnats, ask for feedback (myself) whether the problem is
gone. I will test in it in spare time.
3. Once confirmed, close the report.
--AdTX1JeojEhR4WmwAX3s799xhhm5qKwum--
--ON8Ew2Tutu1vdGgF9j5JJMkQTfKLvBa8q
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQJABAEBCAAqFiEELaxVpweEzw+lMDwuS7MI6bAudmwFAlnzJ4EMHG41NEBnbXgu
Y29tAAoJEEuzCOmwLnZse7gP/iqvMXcj2sm5k+ttGbh9Gf8loiLodlcdzm1UIBDE
juZg95a4dkQBbqbkSeBaRqp/XD7h9UZqzjSQdvE6s6rV0vpo00p8yFrQbxHFngf2
+2Zh+oSekPeiUVkyVhannf+fGS8042d+A9t3WGo/S2Q4gLO/YwapxE3EFZBqNZ1F
5+5Hf/oGQAD4ceMBxel/zg1lyB1NlW6/BmVtN8q8Weo1wD5DmnldlU/bEjQJwqtv
SFKsZYJJrJn+XkmpznvUFiD34AJgvWFAru7xLIpDbTs0w2AACuNw5cg79pgPIuW4
Nl5t2ltJbq6zkEbUD2S+7r58PpcowhTHQFInyzIsSeYN4Zj0qT8/EQUD5qdaUvmn
GBTrDTojIKGX8/dIHorAqA8JJu+hTBaxt0QaT6xCrGM8yqy5KfxySKz3nql7/J1z
FhL/+oVQnvDEt0yxypmkmT4+ZWU9fYPQtLso5P/S6Sq/axTtN91v6zfhnAzfTRCD
LViDSbWYiW5YpfwMneOpSsZXRFdyJlXRv4hPGdaCneVA6vvwuT76lD9oCyl/2s+W
BRIC0mrhowtWIVCigngLX946Ua0CajoGUJFcwoxVFuZyL+6ESuh7qe+v5REsPJ7n
xj8j1ox3/JebYZBG3xuv99ayTXLfk2TMilUou5bKxVDR++TJA0M+RH3wQDNeKELT
m78B
=iDfO
-----END PGP SIGNATURE-----
--ON8Ew2Tutu1vdGgF9j5JJMkQTfKLvBa8q--
From: "Soren Jacobsen" <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52658 CVS commit: [netbsd-8] src/sys/uvm
Date: Thu, 2 Nov 2017 21:39:18 +0000
Module Name: src
Committed By: snj
Date: Thu Nov 2 21:39:18 UTC 2017
Modified Files:
src/sys/uvm [netbsd-8]: uvm_mmap.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #336):
sys/uvm/uvm_mmap.c: revision 1.167
[syzkaller] Fix for PR #52658 as suggested by riastradh@
The bug was found by Dmitry Vyukov (dvyukov%google.com@localhost)
using syzkaller and was tested by me on a VM running
8.99.5
To generate a diff of this commit:
cvs rdiff -u -r1.166 -r1.166.2.1 src/sys/uvm/uvm_mmap.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: kamil@NetBSD.org
State-Changed-When: Mon, 06 Nov 2017 05:35:04 +0100
State-Changed-Why:
Fixed in NetBSD-current and in -8.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.