This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH] Remove MAP_DENYWRITE FROM MAP_COPY definition

Hello,

What I found out is that MAP_DENYWRITE is not used in any significant
place in the Linux kernel. Only compatibility flag handling is present
but it has no effect on the mmap system call.

The mmap manpage contains a note about this flag being deprecated long
ago:

.B MAP_DENYWRITE
This flag is ignored.
.\" Introduced in 1.1.36, removed in 1.3.24.
(Long ago, it signaled that attempts to write to the underlying file
should fail with
.BR ETXTBUSY .
But this was a source of denial-of-service attacks.)

cscope output for the kernel code:

git rev-parse HEAD
07be1337b9e8bfcd855c6e9175b5066a30ac609b

cscope -d

C symbol: MAP_DENYWRITE

  File               Function                          Line
0 mman.h             <global>                            25 #define MAP_DENYWRITE 0x02000
1 mman.h             <global>                            44 #define MAP_DENYWRITE 0x2000
2 mman.h             <global>                            18 #define MAP_DENYWRITE 0x0800
3 mman.h             <global>                            20 #define MAP_DENYWRITE 0x0800
4 mman.h             <global>                            15 #define MAP_DENYWRITE 0x0800
5 mman.h             <global>                            29 #define MAP_DENYWRITE 0x0800
6 mman.h             <global>                            51 #define MAP_DENYWRITE 0x2000
7 mman.h             <global>                             7 #define MAP_DENYWRITE 0x0800
8 ia32_aout.c        load_aout_binary                   360 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE |
9 ia32_aout.c        load_aout_binary                   369 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE |
a ia32_aout.c        load_aout_library                  447 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_32BIT,
b binfmt_aout.c      load_aout_binary                   308 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
c binfmt_aout.c      load_aout_binary                   316 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
d binfmt_aout.c      load_aout_library                  391 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
e binfmt_elf.c       load_elf_interp                    551 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
f binfmt_elf.c       load_elf_binary                    909 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
g binfmt_elf.c       load_elf_library                  1164 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
h binfmt_elf_fdpic.c elf_fdpic_map_file_by_direct_mmap 1063 flags = MAP_PRIVATE | MAP_DENYWRITE;
i mman.h             calc_vm_flag_bits                   88 _calc_vm_trans(flags, MAP_DENYWRITE, VM_DENYWRITE ) |
j core.c             perf_event_mmap_event             6397 flags |= MAP_DENYWRITE;
k mmap.c             SYSCALL_DEFINE6                   1333 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
l nommu.c            SYSCALL_DEFINE6                   1447 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);

I found this looking at an strace output for some binary - turns out
shared libraries are mmap-ed using this flag because of the MAP_COPY definition.

I suggest we remove it so that it makes more sense.

Dmitrii Shcherbakov (1):
  dl-load.h: Remove MAP_DENYWRITE from MAP_COPY definition

 elf/dl-load.h | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

-- 
2.7.4
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]