Ubuntu
linux package

[2.6.27-2.3] /proc/sys/vm/mmap_min_addr does not work (regression)

Bug #262695 reported by Kees Cook on 2008-08-29

260

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	High	Colin Ian King	Ubuntu ubuntu-8.10-beta

Bug Description

======================================================================
FAIL: Verify lower 64k of memory is not allocatable
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./kernel-security.py", line 92, in test_30_mmap_min
    self.assertShellExitEquals(0, ["./low-mmap"])
  File "./kernel-security.py", line 51, in assertShellExitEquals
    self.assertEquals(expected, rc, result + report)
AssertionError: Got exit code 1, expected 0
Command: './low-mmap'
Output:
Testing lower 64k in 4096 byte chunks:
Unexpectedly allocated 4096 bytes at 0x00000000
Unexpectedly allocated 4096 bytes at 0x00001000
Unexpectedly allocated 4096 bytes at 0x00002000
Unexpectedly allocated 4096 bytes at 0x00003000
Unexpectedly allocated 4096 bytes at 0x00004000
Unexpectedly allocated 4096 bytes at 0x00005000
Unexpectedly allocated 4096 bytes at 0x00006000
Unexpectedly allocated 4096 bytes at 0x00007000
Unexpectedly allocated 4096 bytes at 0x00008000
Unexpectedly allocated 4096 bytes at 0x00009000
Unexpectedly allocated 4096 bytes at 0x0000a000
Unexpectedly allocated 4096 bytes at 0x0000b000
Unexpectedly allocated 4096 bytes at 0x0000c000
Unexpectedly allocated 4096 bytes at 0x0000d000
Unexpectedly allocated 4096 bytes at 0x0000e000
Unexpectedly allocated 4096 bytes at 0x0000f000
FAIL
Testing 4096 byte chunk above 64k: pass

$ cat /proc/sys/vm/mmap_min_addr
65536

The mmap_min_addr feature does not appear to be working, yet AA still has the mmap_min_addr patch:
http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-intrepid.git;a=blob;f=security/apparmor/lsm.c;h=e3da7134e7ab53c11b57a031351b98408addeec6;hb=HEAD

Tags:

Kees Cook (kees) on 2008-08-29

Changed in linux:
milestone:	none → ubuntu-8.10-beta

Leann Ogasawara (leannogasawara) on 2008-09-02

Changed in linux:
assignee:	nobody → ubuntu-kernel-team
importance:	Undecided → High
status:	New → Triaged

Colin Ian King (colin-king) on 2008-09-23

Changed in linux:
assignee:	ubuntu-kernel-team → colin-king
status:	Triaged → In Progress

Revision history for this message

Colin Ian King (colin-king) wrote on 2008-09-23:

C source to do low memory mmaps Edit (375 bytes, text/plain)

Hi Kees,

Can you attach the python script that does this test - I tried to reproduce this with the attached program and could not reproduce it with 2.6.27-2.3 or higher so I suspect my test program may be doing mmap's differently.

Thanks, Colin.

Revision history for this message

Kees Cook (kees) wrote on 2008-09-24: Re: [Bug 262695] Re: [2.6.27-2.3] /proc/sys/vm/mmap_min_addr does not work (regression)

On Tue, Sep 23, 2008 at 11:29:04AM -0000, Colin King wrote:
> Can you attach the python script that does this test - I tried to
> reproduce this with the attached program and could not reproduce it with
> 2.6.27-2.3 or higher so I suspect my test program may be doing mmap's
> differently.

Here's where I've been keeping stuff:
https://code.edge.launchpad.net/qa-regression-testing/trunk

See "scripts/kernel-security" (and ultimately, the "min-addr" dir).

> ** Attachment added: "C source to do low memory mmaps"
> http://launchpadlibrarian.net/17877714/lowalloc.c

Hunh. Your test-case correctly fails for me. I'm trying to sort out
what I've messed up in my test.

Thanks!

Revision history for this message

Kees Cook (kees) wrote on 2008-09-24:

Ah-ha, I found it. Sorry for the noise -- I had a typo in my conditional test that I must have cut/pasted at some point recently. Thanks for the sane test case. :)