Kernel bug in mm/memory.c when ptrace poking to PROT_NONE map
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Undecided
|
SYEDFAYAZ MUJAWAR |
Bug Description
This bug occurs when using ptrace to poke to a map with PROT_NONE permissions. Here's a minimal reproducer:
#include <stdio.h>
#include <sys/mman.h>
#include <sys/ptrace.h>
#include <sys/wait.h>
#include <unistd.h>
int main()
{
void* address = mmap(NULL, 4096, PROT_NONE,
if (address == MAP_FAILED) return -1;
pid_t child = fork();
if (child == 0)
{
}
else
{
wait(NULL);
long value = ptrace(
}
return 0;
}
Output on Ubuntu 15.10 (broken):
$ ./minimal_
Poking 42 to 0x7f0d1e547000
Segmentation fault
I've attached the dmesg output which shows the kernel bug. The system then becomes unstable with core programs such as `ps` freezing when they're run.
Output on Ubuntu 14.04 (not broken):
$ ./minimal_
Poking 42 to 0x7fe5f54a8000
Value at 0x7fe5f54a8000: 42
In this case (Ubuntu 14.04) no kernel bug is reported in dmesg and the system remains stable. Hence this is a regression.
Changed in linux (Ubuntu): | |
assignee: | nobody → SYEDFAYAZ MUJAWAR (syedfayaz28) |
This change was made by a bot.