[CRIU] [PATCH 07/10] vdso: Don't fail if pagemap is not accessbile
Cyrill Gorcunov
gorcunov at gmail.com
Mon Sep 28 12:20:12 PDT 2015
On Mon, Sep 28, 2015 at 10:15:14PM +0300, Pavel Emelyanov wrote:
> On 09/28/2015 10:01 PM, Cyrill Gorcunov wrote:
> > We use page frame number to detect vDSO which has been remapped
> > in-place from runtime vDSO during restore. In such case if the
> > kernel is younger than 3.16 the "[vdso]" mark won't be reported
> > in procfs output.
> >
> > Still to address recently reported CVEs and be able to run CRIU
> > in unprivileged mode we need to handle vDSO without pagemap access
> > and here is the deal -- when we find VMA which "looks like" vDSO
> > we try to scan it for vDSO symbols and if it matches we restore
> > its status without PFN access.
> >
> > The good news are that since commit 1c90308e7a77af pfn read no
> > longer requires CAP_SYS_ADMIN, so kernel 4.3 wont need this hack.
>
> Can you make some archaeology here? Which kernel disabled opening
> of pagemap for non-root at all and which enabled it back with non-zero
> PFN-s?
Sure, will do and post on next iteration
More information about the CRIU
mailing list