| Message ID | 1475059977-27370-1-git-send-email-maciej.czekaj@caviumnetworks.com (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [IPv6:::1]) by dpdk.org (Postfix) with ESMTP id 3580B5679; Wed, 28 Sep 2016 12:53:29 +0200 (CEST) Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0059.outbound.protection.outlook.com [104.47.34.59]) by dpdk.org (Postfix) with ESMTP id 0C52C1518 for <dev@dpdk.org>; Wed, 28 Sep 2016 12:53:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BVF55ciYXsQfKz58ZS60x46k7mFtPmhqF0XeJARzsdo=; b=jN7023PQqQBs8SxgFaxGdwE54ijCQw8oyl5AWptLUvv2ZY7rYPptPtRRvRe8qLA7ku7o8PokQC4yPhC2c/ANMKmy9hEnHZAgYy6lVG27RtkSUnFeNDLwuTIIoPCnIhg7sS3PcEhHrp6mxvUP28i7+wEnJBhqv+BYgu33qjdxFzs= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Maciej.Czekaj@cavium.com; Received: from mjc-pc.semihalf.local (31.172.191.173) by DM5PR07MB2892.namprd07.prod.outlook.com (10.168.102.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.639.5; Wed, 28 Sep 2016 10:53:25 +0000 From: <maciej.czekaj@caviumnetworks.com> To: <david.marchand@6wind.com> CC: <dev@dpdk.org>, Maciej Czekaj <maciej.czekaj@caviumnetworks.com> Date: Wed, 28 Sep 2016 12:52:57 +0200 Message-ID: <1475059977-27370-1-git-send-email-maciej.czekaj@caviumnetworks.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [31.172.191.173] X-ClientProxiedBy: DB5PR01CA0013.eurprd01.prod.exchangelabs.com (10.162.149.151) To DM5PR07MB2892.namprd07.prod.outlook.com (10.168.102.146) X-MS-Office365-Filtering-Correlation-Id: 5f8ce0db-00bf-40fc-7d44-08d3e78dacc4 X-Microsoft-Exchange-Diagnostics: 1; DM5PR07MB2892; 2:BhOEcjRgDSem7QLHP++JeZf9IpwyXnBlrP2wn8GIRD9Cf9exS+EgYXuqpIhMH97H2Fydb8AKdibiSQdtEYIXSHIA+Bg6dobNTQmBk7OwqPNmuBuRvajnpm63N8irKigB0wiQXs6Qq8oF8tkAm/uUuAy0rYt3Ujcn+EbqX4tybkLbjAmLksX0m/9zOZ5dyKaP; 3:cZhOaT4Ymx3f8TovtEQcJrRaw3C1cnPylwK03u+h5wLQRlPJGtTynIBFaeAIme5oOR8Eu61rgJFvNzCPhbQwR59P62JELH1D8ZTRD+CrtfUKnP9DBcIST2az8EU6W/xs X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM5PR07MB2892; X-Microsoft-Exchange-Diagnostics: 1; DM5PR07MB2892; 25:rIrMUH7jTkySw5/SF/VnaVKzIjeSaQdCrFXaKYXqv8H+eaEW+DgRzS+BdJkuNMMkdJyaPcwOsRQ20hrgFl0+6SsRgM1zVZHIsuOvk/wu9RPMc0G129lD7MZ3mHn38XATctJr8+Th109df67cjtFdciMdItJeAS2D8N9uxaPvVVM+FSLaTq9SMHOg5jPa72Loe80n7cJtwDSp+5OtKF66Mj8tF5CG5BdKg2oBHYSx9md55YWYzW45VZpip5ChFTmeWuxVIm3O+7Z6CiVnCiLM1wlvxHzuHAY0KYaZtN1IqJjPrfVgC91vByRkgxCqDvFLRaGoGcwNeTq7ew32ZGvo2i3RoPmMex+W+Uyg+M+G1yHJxuF7KjBOwZf6qXPfvd1b3d7q6JchuEfwITqHbypHwkQ3XUfn60BPu1t4v11X4M6a2Rl5xJQv1Ec1KxyeZnD7qWW5Utlpzb3sV9Z2uXO95A9SbE+yE/uObCjPO3I7WkqZMSgqDw1JELCgSfjh/Msv7b7iy3NM38vIMzTT2qk6rNVMnVpijB5VPFzMQVBNQT0Q25SJHfovgHc0irX1CLFv+l1SRnHzuNb+v7VW0Q1gixdD5qm+shfNOGXKwhFZt3rgJ3EU4dPwMT+h1U76F6T0qyxqc5Yq/wg4MVh50qy8mDQA8oyE1ojZOmgWRdWhypfMe0LpUwLlCFzo2Zj5BSKg1YhOY/YbHADNu8fZzvagHQyckqE/RtsKnN+F41QkOw3807XLEmfjGVWGnbd2Jh3l X-Microsoft-Exchange-Diagnostics: 1; DM5PR07MB2892; 31:qt4bOKlyemeAPK4T1DKxN71OBTfES+YVbjsDUC9guroxM1DgrEOSOIC/Tme35cfLzCxIeHZ6spzxw1NU/qTSjL1OXhnM6NNitDYsvS+62XZYopaDev1wpoi+4GcSBLwYxlux+TzHRcdJkBYzzIwtqn3l9Bm4zV+r06/t8jpy5O/H7N6TDIbncaJ2CuyLwUbL5dfjql4RWaKUXpq8+4Bpj+eOR7jnPa0UK1nJXz/mGUs=; 20:oql8wWGl6JUR6b6+TTS0Etmn+oqykoeZSpS1po6a1qF8OcYjZoQraa/A2++ScQ9wWeXU/yoYyeTgSiZf97YEds/lGFKZFhPGSjA2kZYsF69MZTRI3INc9eTpHHUdcB5zEOH7AkWVdLCtR3mHhwuNNUtPD1wsDbAiywZW5F3zLYGKU2Ctd3XeqsBfszS379mGft8tO3jACFbLpc43wFMI1cwq/K5bI44v88TXsGq31Z4KUqq8Y5FXg0gqz36dc8FIcicHqU9nYyDa1TU5L2NXcx/VtcgvqLVHdtOAAYtjC+YvtRew/SuCIHBtciCOwlW5WvVhjQKcgKmzb605VQGT0zAmq5SgsPqPR7jVpJvHREknmx8+fJd53bdAxJix4mjZtgjwWJFhqZ+dhJlcH4ne5tmomPCODc4N+K6PbYuznUCOpqwJoffhUH+oVyxsVMW2IwUIiFsHrIBNwMXDgxMGF+ZcW5FeW/a/YkvOK8zgCf3x5Du5sV+M78gzZ3RCBkaq6qA27x4tO/0jYQHFuyjuerPv6kJKm6hcvq9f0ovfvafpNRsxuw0JVBSiVDxfZBPpulZk56aNw+xr3i/pkB+uHmw1KOOaniDYqavP6IzXhSs= X-Microsoft-Antispam-PRVS: <DM5PR07MB28928FE8CD2D2CD90134319A8BCF0@DM5PR07MB2892.namprd07.prod.outlook.com> X-Exchange-Antispam-Report-Test: UriScan:(94056789713001); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:DM5PR07MB2892; BCL:0; PCL:0; RULEID:; SRVR:DM5PR07MB2892; X-Microsoft-Exchange-Diagnostics: 1; DM5PR07MB2892; 4:hix276OttVreiEPKGzIgExoUUQsOyNIEvcxs7q01U2FIRNwmXQH8/YxUGZfRlfSDujP0YDrl95ThvM8XE/qMIqBpq+OdinQDHejqQ5qzB4TVgeJ+qTi81coHKyoge7DDzjvLLShRF4KfJvIbXacdcqCMG5moOmOcZ3GXbhS+k8vEHSlvsrq/cA4MjCJhkAftEljHRGKts432GF1c4RzCVdWxbVDg/0aNRJPXQJ2C0bVPYrKR/mMlRonLJZ/N5MozLkYQYHZGLPGzFuQSs90PTLpIhyXclxR3blIuR56CmkmoKYbyx2okEB++OeIxHrMKCnjZTQKik4SGbK+SuR0JZMn9KrzqVC7mKTiwaND67v6YTvVSlq0vFop+PvZ+hscFhw/cNMIZp5xz3pCraUOuremrt0HjXyQH7XMY/P5CxABuHWFZlU16tIYQSiR4ue61 X-Forefront-PRVS: 0079056367 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(7916002)(189002)(199003)(106356001)(105586002)(92566002)(50986999)(5890100001)(5003940100001)(77096005)(229853001)(107886002)(2351001)(86152002)(101416001)(110136003)(97736004)(33646002)(50226002)(42882006)(5660300001)(68736007)(8676002)(6916009)(189998001)(81166006)(81156014)(4001430100002)(305945005)(66066001)(19580405001)(19580395003)(7736002)(42186005)(6116002)(586003)(48376002)(4326007)(36756003)(7846002)(2906002)(2876002)(3846002)(50466002)(47776003)(16060500001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR07MB2892; H:mjc-pc.semihalf.local; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR07MB2892; 23:mPwM+45W5kOIJxxccIuT8GU0GKPy9yH+vNFOi57V1?= =?us-ascii?Q?7g6Mdsn02MDfqo9fI0HbqO6HM8eUkGMMI2Vyl25o6189o4WVB2NrIgpC1TMa?= =?us-ascii?Q?NOhSkl0AvzE2igASgyflsQ43Qn9jvE3LBgUzkNELsrrhp4sLjBD6wPxu3fOd?= =?us-ascii?Q?6qPGswJG+ZXBfy272ZI2z7vqWGfrKm3pxmiCsxc3lamk7wAPyGG+pbzuwyHx?= =?us-ascii?Q?H8cMK7+tAWKMXw6cvomkPXpsIdSpChPJm2m3Bis0HTGIjqu/xmBiWxt1zYS2?= =?us-ascii?Q?vfH3Es0CPClsuM29Gi3Z1m5wgsQr0Q3suKCn7pQVGTat2nRBsXVil/hO5Q85?= =?us-ascii?Q?rNE3LqdWyPHOmwoI+TOosWli+m5tKQwXCNGTpv4isr0ES43u74cU3b0vdfHF?= =?us-ascii?Q?zrxf85oh1CXfaw35/pxHPqWFYKOuLJhl52eaezUgkUQTr1icYXUhvQBTQ0uu?= =?us-ascii?Q?7C8+VQjSb1w5HbHuLixPBigahhIBRE14ki7adGrQZQVI3gEQ1pjLkLvKsrXG?= =?us-ascii?Q?15QP01LG/KElHfo+3Qw9zEzmhXj8M1XQsaSXg1QkqJZYXTTW/57HDTxGKLcn?= =?us-ascii?Q?vaVZuGKsbzfueEXioSqaGRfCjaa0u4gPQW9gtHXonBTuVSSPbrOtVaf0910N?= =?us-ascii?Q?qCGircT7EaOrnsX7D4oTo0FcldxIeNlR9L2twNp7Y53s5U1L/s+0muDIIvHe?= =?us-ascii?Q?pRDDr4P+NLVXlZ0wKP68YvQUwihAfuGrTRsGsVrGjAXy7K0MALYePLWgCrVB?= =?us-ascii?Q?/f5G/x7LArefMcnNrahmQd31/V1BTVzv7EEq8F54o3mk7aYOQ0g5EaRZKLB6?= =?us-ascii?Q?PpdBpqY3Td6WLw8mKMtCMh8J46hBOq/+oe5C4M2Iem2kRtDzYnHonhqb8hLK?= =?us-ascii?Q?4CpDNFbUdzNsiLaXVPYClH1JfASdPi7XeurkwMd12mXdWMAQ2cEUCF7QlMfh?= =?us-ascii?Q?cn1DUkrwOluOGHIANzCvJf+VcxHRGJ3hPlSgcFnyAwmSvoRcel0ACo/1m3QC?= =?us-ascii?Q?aeJcZFBVD6PV0veg1EWt/s1b5YHBdVwJJyg0GxU3E2VecJCbPVbFPS3Z+sBd?= =?us-ascii?Q?wKtIiSid8jiXlmyJ8MO2IucgHgmrFAtlk9H2wJSKVnICOWXD16vUQQDp5bTz?= =?us-ascii?Q?E1xDupiad2cz5difvjOZq2Qjd/RoklRTo2CfOgtxAXHKFba9NiOj0XA8PyBw?= =?us-ascii?Q?OLMaButWU0p95UZR1VnpA9+qLe4O9GFHixS?= X-Microsoft-Exchange-Diagnostics: 1; DM5PR07MB2892; 6:BJyQHXRd7qLLSEu5bkcfquN66W73bz81hn8Qi5DeypN6fUZF6lqlPFQ+exMAImgHwCyr0G9L0Dp2C6ltjDHFYRcpHYvJ2HZr2MkOLN15eq8EBn1OTxLuqNvT7U12PXCand8cn1zoMAIp04Xlkn3pePs2Hho83QL0vHj/2t2QVTtmLveON/qZDp0Svh5bVuBq3awP71mSH945rNWwUPRJAWAsrksIA3uYINvreaXelBXdoCpzTS8vaotyzDeqogz5AgdYdYTT+B6xHWX865pW0xIcy9VQ4/B0Ct/eeSqX3Ac=; 5:PcqF7x3Bucff38h2gBVUI/bVT5pnfxDgb1f8zyFCCYNwDds3o1csi0j9mKyEw4xz7ER2/e6p6I/w15No8CWDe/7JRd+A+Gq/aC/j6ViIMdY0LD2Qnr0q/eXQkG9rGJ7j/Rfj0+FkrdJkVrxbLyogcQ==; 24:jQEWabXvkIqbT5lAgLUej6aLu6S5gSKPA6grmV3ZG4wuRyA+dVsoyzsWBzLWChHMv4o3aiDEaqe4PRIMJjYUnTFri6xANcG0ZZNYEC7G6is=; 7:4nUj1KP7BghYMXt+eA+Nd/Jq8N1IvsDQoZpoFx49tP3CPshl66zY6ZbDrCzwecu3PF7C71srfQxsqw4S0TnGnlQuHCLeFsGmvw+yzhV4HtkeMvQY3lCD5kTSs4JJUFvVPf/S91Kb+GTJF1RbgrtS2ZRb6gH1IYfivWawUzf7/wpyM905PC9ceQ7IaKN5Ek8PIl6c/zcqFQ3dD0aOTJs40522pYOS4IZC/qFbDvTfSlhc+4y/JMZuGBdgTqsLuGVskYYHjYysMt74L3HlzZLqi9ZFDXIo3YaK24X6JJAPLz2+fj7DYRkHGjFPLeNgGyoI SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Sep 2016 10:53:25.6668 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR07MB2892 Subject: [dpdk-dev] [PATCH] eal: fix crash on mmap error in rte_eal_hugepage_attach() X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK <dev.dpdk.org> List-Unsubscribe: <http://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <http://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Commit Message
Maciej Czekaj
Sept. 28, 2016, 10:52 a.m. UTC
From: Maciej Czekaj <maciej.czekaj@caviumnetworks.com> In ASLR-enabled system, it is possible that selected virtual space is occupied by program segments. Therefore, error path should not blindly unmap all memmory segments but only those already mapped. Steps that lead to crash: 1. memeseg 0 in secondary process overlaps with libc.so 2. mmap of /dev/zero fails for virtual space of memseg 0 3. munmap of memseg 0 leads to unmapping libc.so itself 4. app gets SIGSEGV after returning from syscall to libc Fixes: ea329d7f8e34 ("mem: fix leak after mapping failure") Signed-off-by: Maciej Czekaj <maciej.czekaj@caviumnetworks.com> --- lib/librte_eal/linuxapp/eal/eal_memory.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-)
Comments
On 28/09/2016 11:52, maciej.czekaj@caviumnetworks.com wrote: > From: Maciej Czekaj <maciej.czekaj@caviumnetworks.com> > > In ASLR-enabled system, it is possible that selected > virtual space is occupied by program segments. Therefore, > error path should not blindly unmap all memmory segments > but only those already mapped. > > Steps that lead to crash: > 1. memeseg 0 in secondary process overlaps > with libc.so > 2. mmap of /dev/zero fails for virtual space of memseg 0 > 3. munmap of memseg 0 leads to unmapping libc.so itself > 4. app gets SIGSEGV after returning from syscall to libc > > Fixes: ea329d7f8e34 ("mem: fix leak after mapping failure") > > Signed-off-by: Maciej Czekaj <maciej.czekaj@caviumnetworks.com> > --- > lib/librte_eal/linuxapp/eal/eal_memory.c | 11 ++++++----- > 1 file changed, 6 insertions(+), 5 deletions(-) Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2016-10-03 14:04, Sergio Gonzalez Monroy: > On 28/09/2016 11:52, maciej.czekaj@caviumnetworks.com wrote: > > From: Maciej Czekaj <maciej.czekaj@caviumnetworks.com> > > > > In ASLR-enabled system, it is possible that selected > > virtual space is occupied by program segments. Therefore, > > error path should not blindly unmap all memmory segments > > but only those already mapped. > > > > Steps that lead to crash: > > 1. memeseg 0 in secondary process overlaps > > with libc.so > > 2. mmap of /dev/zero fails for virtual space of memseg 0 > > 3. munmap of memseg 0 leads to unmapping libc.so itself > > 4. app gets SIGSEGV after returning from syscall to libc > > > > Fixes: ea329d7f8e34 ("mem: fix leak after mapping failure") > > > > Signed-off-by: Maciej Czekaj <maciej.czekaj@caviumnetworks.com> > > --- > > lib/librte_eal/linuxapp/eal/eal_memory.c | 11 ++++++----- > > 1 file changed, 6 insertions(+), 5 deletions(-) > > Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com> Applied, thanks
diff --git a/lib/librte_eal/linuxapp/eal/eal_memory.c b/lib/librte_eal/linuxapp/eal/eal_memory.c index 612626c..1dfe223 100644 --- a/lib/librte_eal/linuxapp/eal/eal_memory.c +++ b/lib/librte_eal/linuxapp/eal/eal_memory.c @@ -1545,6 +1545,7 @@ rte_eal_hugepage_attach(void) struct hugepage_file *hp = NULL; unsigned num_hp = 0; unsigned i, s = 0; /* s used to track the segment number */ + unsigned max_seg = RTE_MAX_MEMSEG; off_t size; int fd, fd_zero = -1, fd_hugepage = -1; @@ -1603,6 +1604,9 @@ rte_eal_hugepage_attach(void) "in /dev/zero to requested address [%p]: '%s'\n", (unsigned long long)mcfg->memseg[s].len, mcfg->memseg[s].addr, strerror(errno)); + max_seg = s; + if (base_addr != MAP_FAILED) + munmap(base_addr, mcfg->memseg[s].len); if (aslr_enabled() > 0) { RTE_LOG(ERR, EAL, "It is recommended to " "disable ASLR in the kernel " @@ -1675,11 +1679,8 @@ rte_eal_hugepage_attach(void) return 0; error: - s = 0; - while (s < RTE_MAX_MEMSEG && mcfg->memseg[s].len > 0) { - munmap(mcfg->memseg[s].addr, mcfg->memseg[s].len); - s++; - } + for (i = 0; i < max_seg && mcfg->memseg[i].len > 0; i++) + munmap(mcfg->memseg[i].addr, mcfg->memseg[i].len); if (hp != NULL && hp != MAP_FAILED) munmap(hp, size); if (fd_zero >= 0)