glibc

packages/glibc

Fork 0

Commit Graph

Author	SHA1	Message	Date
taoyuxiang	22e8e12bc8	[PATCH] Check the validity of len before mmap Two cases: (1)If condition 'c->mapend + extra_len < c->mapstart + relro_len' is True, the result of "len" (size_t len = (c->mapend + extra_len) - (c->mapstart + relro_len)) will be a negative value. 'len' is of type size_t, so it overflows. later __mmap will fail, because 'len - mod' is a very large value at this point. (2)If the data segment is small, "len" may be equal to 0. In this case, __mmap also fails. In both cases, the mapping fails, the mapping is falled back, and hugepage feature of dynamic library becomes invalid. Case (1) is an exception, and the fallback is the expected. Case (2) should not be fallled back in its entirety. In this case, the code segment may continue to use huge page, and the data segment uses 4KB page. (cherry picked from commit 05ed122de513e7cd1dd41d13453fac9b931e73ae)	2024-07-22 09:08:09 +08:00

Author

SHA1

Message

Date

taoyuxiang

22e8e12bc8

[PATCH] Check the validity of len before mmap

Two cases:
(1)If condition 'c->mapend + extra_len < c->mapstart + relro_len' is True, the result of "len" (size_t len = (c->mapend + extra_len) - (c->mapstart + relro_len)) will be a negative value. 'len' is of type size_t, so it overflows. later __mmap will fail, because 'len - mod' is a very large value at this point.

(2)If the data segment is small, "len" may be equal to 0. In this case, __mmap also fails.

In both cases, the mapping fails, the mapping is falled back, and hugepage feature of dynamic library becomes invalid. Case (1) is an exception, and the fallback is the expected. Case (2) should not be fallled back in its entirety. In this case, the code segment may continue to use huge page, and the data segment uses 4KB page.

(cherry picked from commit 05ed122de513e7cd1dd41d13453fac9b931e73ae)

2024-07-22 09:08:09 +08:00

1 Commits