[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1875702] Re: madvise reports success, but doesn't implement WIPEONF
From: |
Laurent Vivier |
Subject: |
[Bug 1875702] Re: madvise reports success, but doesn't implement WIPEONFORK. |
Date: |
Thu, 30 Apr 2020 14:04:12 -0000 |
** Changed in: qemu
Assignee: (unassigned) => Laurent Vivier (laurent-vivier)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1875702
Title:
madvise reports success, but doesn't implement WIPEONFORK.
Status in QEMU:
New
Bug description:
The implementation of madvise (linux-user/syscall.c:11331, tag
v5.0.0-rc4) always returns zero (i.e. success). However, an
application requesting (at least) MADV_WIPEONFORK may need to know
whether the call was actually successful. If not (because the kernel
doesn't support WIPEONFORK) then it will need to take other measures
to provide fork-safety (such as drawing entropy from the kernel in
every case). But, if the application believes that WIPEONFORK is
supported (because madvise returned zero), but it actually isn't (as
in qemu), then it may forego those protections on the assumption that
WIPEONFORK will provide fork-safety.
Roughly, the comment in qemu that says "This is a hint, so ignoring
and returning success is ok." is no longer accurate in the presence of
MADV_WIPEONFORK.
(This is not purely academic: BoringSSL is planning on acting in this
way. We found the qemu behaviour in pre-release testing and are
planning on making an madvise call with advice=-1 first to test
whether unknown advice values actually produce EINVAL.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1875702/+subscriptions