valgrind partially broken by current hardy-proposed kernel?
Kees Cook
kees at canonical.com
Mon Jun 2 22:07:10 UTC 2008
On Mon, Jun 02, 2008 at 06:00:21PM -0400, Ben Collins wrote:
> On Mon, 2008-06-02 at 09:56 -0700, Kees Cook wrote:
> > On Mon, Jun 02, 2008 at 01:09:44PM +0100, Colin Watson wrote:
> > mmap2(NULL, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = -1 EACCES (Permission denied)
> >
> > That change was made for the release kernel, so you should see it with
> > -16 too. Blocking NULL is a feature. :)
> >
> > Why is ssh-add trying to allocate memory at 0x0?
>
> >From what I can tell, mmap'ing to 0x0(NULL) is perfectly legitimate.
> >From mmap(2):
>
> ....
> If start is NULL, then the kernel chooses the address at which
> to create the mapping; this is the most portable method of
> creating a new mapping. If start is not NULL, then the kernel
> takes it as a hint about where to place the mapping; on Linux,
> the mapping will be created at the next higher page boundary.
> The address of the new mapping is returned as the result of the
> call.
> ....
>
> Being that it is the most portable method, it should probably not fail
> by default :) Perhaps the check should be for values > 0x0, but less
> than some (dangerous?) lower boundary.
True, but the mmap_min_addr setting only affects MAP_FIXED, in which
you really want address 0. (And yes, that's valid, but not common.)
The common use-case of use NULL to just get an arbitrary mapping is done
without MAP_FIXED.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list