From d7c86c8b024f622ae27766ee97970aaa26e50f2f Mon Sep 17 00:00:00 2001 From: Dmitry Safonov Date: Mon, 10 Apr 2017 22:41:53 +0300 Subject: [PATCH] arm32/Makefile: fix readable mappings getting +x Flag `noexecstack' for ld implies `EXSTACK_DISABLE_X' ELF flag on CRIU binary. Without this flag the kernel ELF loader will set `READ_IMPLIES_EXEC' personality bit: > if (elf_read_implies_exec(loc->elf_ex, executable_stack)) > current->personality |= READ_IMPLIES_EXEC; This flag is checked by sys_mmap(): > if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC)) > if (!(file && path_noexec(&file->f_path))) > prot |= PROT_EXEC; Which results in each mmap() syscall returning +x mapping for any readable mapping for CRIU binary, e.g: Before C/R: 76fc4000-76fc5000 r--p 0001f000 b3:02 131656 /usr/lib/ld-2.25.so 76fc5000-76fc6000 rw-p 00020000 b3:02 131656 /usr/lib/ld-2.25.so After restore: 76fc4000-76fc5000 r-xp 0001f000 b3:02 131656 /usr/lib/ld-2.25.so 76fc5000-76fc6000 rwxp 00020000 b3:02 131656 /usr/lib/ld-2.25.so Which also makes ZDTM very sad: 1: Old maps lost: set(["76f80000-76f81000 ['rw-p', '0120400']", "25000-26000 ['rw-p', '0120400']", "76f7d000-76f7f000 ['rw-p']", "14a8000-14c9000 ['rw-p']", "76f4a000-76f4c000 ['r--p', '0120400']", "7ed3d000-7ed7f000 ['rw-p']", "76f7f000-76f80000 ['r--p', '0120400']", "24000-25000 ['r--p', '0120400']", "76f4c000-76f50000 ['rw-p', '0120400']"]) 1: New maps appeared: set(["76f7f000-76f80000 ['r-xp', '0120400']", "7ed3d000-7ed7f000 ['rwxp']", "76f4a000-76f4c000 ['r-xp', '0120400']", "76f80000-76f81000 ['rwxp', '0120400']", "24000-25000 ['r-xp', '0120400']", "14a8000-14c9000 ['rwxp']", "25000-26000 ['rwxp', '0120400']", "76f7d000-76f7f000 ['rwxp']", "76f4c000-76f50000 ['rwxp', '0120400']"]) Maybe we also need to set it for arm64 or even for all archs, but that needs to be tested in the first place, so add it now to arm32, x86 already has it. Acked-by: Cyrill Gorcunov Signed-off-by: Dmitry Safonov Signed-off-by: Andrei Vagin --- criu/arch/arm/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/criu/arch/arm/Makefile b/criu/arch/arm/Makefile index d79ab6238..d01c69a16 100644 --- a/criu/arch/arm/Makefile +++ b/criu/arch/arm/Makefile @@ -5,7 +5,7 @@ ccflags-y += -iquote criu/include -iquote include ccflags-y += $(COMPEL_UAPI_INCLUDES) asflags-y += -D__ASSEMBLY__ -ldflags-y += -r +ldflags-y += -r -z noexecstack obj-y += cpu.o obj-y += crtools.o