valgrind partially broken by current hardy-proposed kernel?

Kees Cook kees at
Mon Jun 2 22:07:10 UTC 2008

On Mon, Jun 02, 2008 at 06:00:21PM -0400, Ben Collins wrote:
> On Mon, 2008-06-02 at 09:56 -0700, Kees Cook wrote:
> > On Mon, Jun 02, 2008 at 01:09:44PM +0100, Colin Watson wrote:
> >   mmap2(NULL, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = -1 EACCES (Permission denied)
> > 
> > That change was made for the release kernel, so you should see it with
> > -16 too.  Blocking NULL is a feature.  :)
> > 
> > Why is ssh-add trying to allocate memory at 0x0?
> >From what I can tell, mmap'ing to 0x0(NULL) is perfectly legitimate.
> >From mmap(2):
> ....
>         If start is NULL, then the kernel chooses the address at which
>         to create the mapping; this is  the  most portable  method  of
>         creating  a new mapping.  If start is not NULL, then the kernel
>         takes it as a hint about where to place the mapping; on Linux,
>         the mapping will be created at the next higher  page  boundary.
>         The address of the new mapping is returned as the result of the
>         call.
> ....
> Being that it is the most portable method, it should probably not fail
> by default :) Perhaps the check should be for values > 0x0, but less
> than some (dangerous?) lower boundary.

True, but the mmap_min_addr setting only affects MAP_FIXED, in which
you really want address 0.  (And yes, that's valid, but not common.)
The common use-case of use NULL to just get an arbitrary mapping is done
without MAP_FIXED.


Kees Cook
Ubuntu Security Team

More information about the kernel-team mailing list