← Back to team overview

kernel-packages team mailing list archive

[Bug 1517864] Status changed to Confirmed

 

This change was made by a bot.

** Changed in: linux (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1517864

Title:
  Kernel bug in mm/memory.c when ptrace poking to PROT_NONE map

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  This bug occurs when using ptrace to poke to a map with PROT_NONE
  permissions. Here's a minimal reproducer:

  #include <stdio.h>
  #include <sys/mman.h>
  #include <sys/ptrace.h>
  #include <sys/wait.h>
  #include <unistd.h>

  int main()
  {
      void* address = mmap(NULL, 4096, PROT_NONE,
                           MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
      if (address == MAP_FAILED) return -1;

      pid_t child = fork();
      if (child == 0)
      {
          ptrace(PTRACE_TRACEME, 0, NULL, NULL);
          raise(SIGINT);
      }
      else
      {
          wait(NULL);

          printf("Poking 42 to %p\n", address);
          ptrace(PTRACE_POKEDATA, child, address, 42);

          long value = ptrace(PTRACE_PEEKDATA, child, address, NULL);
          printf("Value at %p: %ld\n", address, value);
      }
      return 0;
  }

  Output on Ubuntu 15.10 (broken):

  $ ./minimal_reproducer 
  Poking 42 to 0x7f0d1e547000
  Segmentation fault

  I've attached the dmesg output which shows the kernel bug. The system
  then becomes unstable with core programs such as `ps` freezing when
  they're run.

  Output on Ubuntu 14.04 (not broken):

  $ ./minimal_reproducer 
  Poking 42 to 0x7fe5f54a8000
  Value at 0x7fe5f54a8000: 42

  In this case (Ubuntu 14.04) no kernel bug is reported in dmesg and the
  system remains stable. Hence this is a regression.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1517864/+subscriptions


References