[PATCH] Remove MAP_DENYWRITE FROM MAP_COPY definition
Dmitrii Shcherbakov
fw.dmitrii@gmail.com
Sat Sep 3 18:11:00 GMT 2016
Hello,
What I found out is that MAP_DENYWRITE is not used in any significant
place in the Linux kernel. Only compatibility flag handling is present
but it has no effect on the mmap system call.
The mmap manpage contains a note about this flag being deprecated long
ago:
.B MAP_DENYWRITE
This flag is ignored.
.\" Introduced in 1.1.36, removed in 1.3.24.
(Long ago, it signaled that attempts to write to the underlying file
should fail with
.BR ETXTBUSY .
But this was a source of denial-of-service attacks.)
cscope output for the kernel code:
git rev-parse HEAD
07be1337b9e8bfcd855c6e9175b5066a30ac609b
cscope -d
C symbol: MAP_DENYWRITE
File Function Line
0 mman.h <global> 25 #define MAP_DENYWRITE 0x02000
1 mman.h <global> 44 #define MAP_DENYWRITE 0x2000
2 mman.h <global> 18 #define MAP_DENYWRITE 0x0800
3 mman.h <global> 20 #define MAP_DENYWRITE 0x0800
4 mman.h <global> 15 #define MAP_DENYWRITE 0x0800
5 mman.h <global> 29 #define MAP_DENYWRITE 0x0800
6 mman.h <global> 51 #define MAP_DENYWRITE 0x2000
7 mman.h <global> 7 #define MAP_DENYWRITE 0x0800
8 ia32_aout.c load_aout_binary 360 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE |
9 ia32_aout.c load_aout_binary 369 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE |
a ia32_aout.c load_aout_library 447 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_32BIT,
b binfmt_aout.c load_aout_binary 308 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
c binfmt_aout.c load_aout_binary 316 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
d binfmt_aout.c load_aout_library 391 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
e binfmt_elf.c load_elf_interp 551 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
f binfmt_elf.c load_elf_binary 909 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
g binfmt_elf.c load_elf_library 1164 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
h binfmt_elf_fdpic.c elf_fdpic_map_file_by_direct_mmap 1063 flags = MAP_PRIVATE | MAP_DENYWRITE;
i mman.h calc_vm_flag_bits 88 _calc_vm_trans(flags, MAP_DENYWRITE, VM_DENYWRITE ) |
j core.c perf_event_mmap_event 6397 flags |= MAP_DENYWRITE;
k mmap.c SYSCALL_DEFINE6 1333 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
l nommu.c SYSCALL_DEFINE6 1447 flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE);
I found this looking at an strace output for some binary - turns out
shared libraries are mmap-ed using this flag because of the MAP_COPY definition.
I suggest we remove it so that it makes more sense.
Dmitrii Shcherbakov (1):
dl-load.h: Remove MAP_DENYWRITE from MAP_COPY definition
elf/dl-load.h | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
--
2.7.4
More information about the Libc-alpha
mailing list