[CRIU] [PATCH 4/4] arm32/Makefile: fix readable mappings getting +x

Dmitry Safonov dsafonov at virtuozzo.com
Mon Apr 10 12:41:53 PDT 2017 

Flag `noexecstack' for ld implies `EXSTACK_DISABLE_X' ELF flag
on CRIU binary. Without this flag the kernel ELF loader will set
`READ_IMPLIES_EXEC' personality bit:
>	if (elf_read_implies_exec(loc->elf_ex, executable_stack))
>		current->personality |= READ_IMPLIES_EXEC;

This flag is checked by sys_mmap():
>	if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
>		if (!(file && path_noexec(&file->f_path)))
>			prot |= PROT_EXEC;

Which results in each mmap() syscall returning +x mapping for any
readable mapping for CRIU binary, e.g:
Before C/R:
76fc4000-76fc5000 r--p 0001f000 b3:02 131656     /usr/lib/ld-2.25.so
76fc5000-76fc6000 rw-p 00020000 b3:02 131656     /usr/lib/ld-2.25.so
After restore:
76fc4000-76fc5000 r-xp 0001f000 b3:02 131656     /usr/lib/ld-2.25.so
76fc5000-76fc6000 rwxp 00020000 b3:02 131656     /usr/lib/ld-2.25.so

Which also makes ZDTM very sad:
1: Old maps lost: set(["76f80000-76f81000 ['rw-p', '0120400']", "25000-26000
['rw-p', '0120400']", "76f7d000-76f7f000 ['rw-p']", "14a8000-14c9000 ['rw-p']",
"76f4a000-76f4c000 ['r--p', '0120400']", "7ed3d000-7ed7f000 ['rw-p']",
"76f7f000-76f80000 ['r--p', '0120400']", "24000-25000 ['r--p', '0120400']",
"76f4c000-76f50000 ['rw-p', '0120400']"])
1: New maps appeared: set(["76f7f000-76f80000 ['r-xp', '0120400']",
"7ed3d000-7ed7f000 ['rwxp']", "76f4a000-76f4c000 ['r-xp', '0120400']",
"76f80000-76f81000 ['rwxp', '0120400']", "24000-25000 ['r-xp', '0120400']",
"14a8000-14c9000 ['rwxp']", "25000-26000 ['rwxp', '0120400']",
"76f7d000-76f7f000 ['rwxp']", "76f4c000-76f50000 ['rwxp', '0120400']"])

Maybe we also need to set it for arm64 or even for all archs, but that
needs to be tested in the first place, so add it now to arm32, x86
already has it.

Signed-off-by: Dmitry Safonov <dsafonov at virtuozzo.com>
---
 criu/arch/arm/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/criu/arch/arm/Makefile b/criu/arch/arm/Makefile
index d79ab6238ea8..d01c69a16536 100644
--- a/criu/arch/arm/Makefile
+++ b/criu/arch/arm/Makefile
@@ -5,7 +5,7 @@ ccflags-y		+= -iquote criu/include -iquote include
 ccflags-y		+= $(COMPEL_UAPI_INCLUDES)
 
 asflags-y		+= -D__ASSEMBLY__
-ldflags-y		+= -r
+ldflags-y		+= -r -z noexecstack
 
 obj-y			+= cpu.o
 obj-y			+= crtools.o
-- 
2.12.2

More information about the CRIU mailing list