Re: [RFC PATCH 0/5] madvise MADV_DOEXEC

From: Andy Lutomirski
Date: Tue Jul 28 2020 - 10:23:09 EST

Next message: Baoquan He: "Re: [PATCH 14/15] x86/numa: remove redundant iteration over memblock.reserved"
Previous message: Peilin Ye: "[Linux-kernel-mentees] [PATCH] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()"
In reply to: Anthony Yznaga: "Re: [RFC PATCH 0/5] madvise MADV_DOEXEC"
Next in thread: Steven Sistare: "Re: [RFC PATCH 0/5] madvise MADV_DOEXEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Jul 27, 2020, at 10:02 AM, Anthony Yznaga <anthony.yznaga@xxxxxxxxxx> wrote:
>
> ïThis patchset adds support for preserving an anonymous memory range across
> exec(3) using a new madvise MADV_DOEXEC argument. The primary benefit for
> sharing memory in this manner, as opposed to re-attaching to a named shared
> memory segment, is to ensure it is mapped at the same virtual address in
> the new process as it was in the old one. An intended use for this is to
> preserve guest memory for guests using vfio while qemu exec's an updated
> version of itself. By ensuring the memory is preserved at a fixed address,
> vfio mappings and their associated kernel data structures can remain valid.
> In addition, for the qemu use case, qemu instances that back guest RAM with
> anonymous memory can be updated.

This will be an amazing attack surface. Perhaps use of this flag should require no_new_privs? Arguably it should also require a special flag to execve() to honor it. Otherwise library helpers that do vfork()+exec() or posix_spawn() could be quite surprised.

Next message: Baoquan He: "Re: [PATCH 14/15] x86/numa: remove redundant iteration over memblock.reserved"
Previous message: Peilin Ye: "[Linux-kernel-mentees] [PATCH] block/floppy: Prevent kernel-infoleak in raw_cmd_copyout()"
In reply to: Anthony Yznaga: "Re: [RFC PATCH 0/5] madvise MADV_DOEXEC"
Next in thread: Steven Sistare: "Re: [RFC PATCH 0/5] madvise MADV_DOEXEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]