mir/criu
2
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu synced 2025-08-29 21:38:16 +00:00
Code Issues Releases Wiki Activity

arm32/Makefile: fix readable mappings getting +x

Browse Source 
Flag `noexecstack' for ld implies `EXSTACK_DISABLE_X' ELF flag
on CRIU binary. Without this flag the kernel ELF loader will set
`READ_IMPLIES_EXEC' personality bit:
>	if (elf_read_implies_exec(loc->elf_ex, executable_stack))
>		current->personality |= READ_IMPLIES_EXEC;

This flag is checked by sys_mmap():
>	if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
>		if (!(file && path_noexec(&file->f_path)))
>			prot |= PROT_EXEC;

Which results in each mmap() syscall returning +x mapping for any
readable mapping for CRIU binary, e.g:
Before C/R:
76fc4000-76fc5000 r--p 0001f000 b3:02 131656     /usr/lib/ld-2.25.so
76fc5000-76fc6000 rw-p 00020000 b3:02 131656     /usr/lib/ld-2.25.so
After restore:
76fc4000-76fc5000 r-xp 0001f000 b3:02 131656     /usr/lib/ld-2.25.so
76fc5000-76fc6000 rwxp 00020000 b3:02 131656     /usr/lib/ld-2.25.so

Which also makes ZDTM very sad:
1: Old maps lost: set(["76f80000-76f81000 ['rw-p', '0120400']", "25000-26000
['rw-p', '0120400']", "76f7d000-76f7f000 ['rw-p']", "14a8000-14c9000 ['rw-p']",
"76f4a000-76f4c000 ['r--p', '0120400']", "7ed3d000-7ed7f000 ['rw-p']",
"76f7f000-76f80000 ['r--p', '0120400']", "24000-25000 ['r--p', '0120400']",
"76f4c000-76f50000 ['rw-p', '0120400']"])
1: New maps appeared: set(["76f7f000-76f80000 ['r-xp', '0120400']",
"7ed3d000-7ed7f000 ['rwxp']", "76f4a000-76f4c000 ['r-xp', '0120400']",
"76f80000-76f81000 ['rwxp', '0120400']", "24000-25000 ['r-xp', '0120400']",
"14a8000-14c9000 ['rwxp']", "25000-26000 ['rwxp', '0120400']",
"76f7d000-76f7f000 ['rwxp']", "76f4c000-76f50000 ['rwxp', '0120400']"])

Maybe we also need to set it for arm64 or even for all archs, but that
needs to be tested in the first place, so add it now to arm32, x86
already has it.

Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
This commit is contained in:
Dmitry Safonov 2017-04-10 22:41:53 +03:00 committed by Andrei Vagin
parent 057c3f2947
commit d7c86c8b02
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
criu/arch/arm/Makefile
View File

@ -5,7 +5,7 @@ ccflags-y += -iquote criu/include -iquote include
ccflags-y += $(COMPEL_UAPI_INCLUDES)
asflags-y += -D__ASSEMBLY__
ldflags-y += -r
ldflags-y += -r -z noexecstack
obj-y += cpu.o
obj-y += crtools.o