Bug 307531 - gtk-vnc uses bogus mmap flags for use with swapcontext
gtk-vnc uses bogus mmap flags for use with swapcontext
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: gtk-vnc (Show other bugs)
rawhide
All Linux
low Severity high
: ---
: ---
Assigned To: Daniel Berrange
Fedora Extras Quality Assurance
:
: 277471 277831 307481 (view as bug list)
Depends On:
Blocks: F8Blocker
  Show dependency treegraph
 
Reported: 2007-09-26 14:03 EDT by Zack Cerza
Modified: 2007-11-30 17:12 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-26 16:26:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Fix mmap flags to avoid execmem errors. (597 bytes, patch)
2007-09-26 15:53 EDT, Daniel Berrange
no flags Details | Diff

  None (edit)
Description Zack Cerza 2007-09-26 14:03:24 EDT
Description of problem:
Copied from setroubleshoot:

Target Context:  system_u:system_r:unconfined_t:s0Target Objects:  None [
process ]Affected RPM Packages:  Policy RPM:  selinux-policy-3.0.8-11.fc8Selinux
Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing
Mode:  PermissivePlugin Name:  plugins.allow_execmemHost
Name:  megadoomerPlatform:  Linux megadoomer 2.6.23-0.202.rc8.fc8 #1 SMP Mon Sep
24 22:09:05 EDT 2007 i686 i686Alert Count:  6First Seen:  Wed 26 Sep 2007
01:46:19 PM EDTLast Seen:  Wed 26 Sep 2007 01:53:54 PM EDTLocal
ID:  5b5e6c03-6b04-49bd-b9e3-43352f45a175Line Numbers:  Raw Audit Messages :avc:
denied { execmem } for comm=/usr/share/virt egid=0 euid=0 exe=/usr/bin/python
exit=-1239875584 fsgid=0 fsuid=0 gid=0 items=0 pid=4795
scontext=system_u:system_r:unconfined_t:s0 sgid=0
subj=system_u:system_r:unconfined_t:s0 suid=0 tclass=process
tcontext=system_u:system_r:unconfined_t:s0 tty=(none) uid=0 

Version-Release number of selected component (if applicable):
virt-manager-0.5.0-1.fc8
selinux-policy-targeted-3.0.8-11.fc8
Comment 1 Daniel Walsh 2007-09-26 15:03:50 EDT
virt manager should not require execmem.
Comment 2 Daniel Berrange 2007-09-26 15:14:37 EDT
I was not aware that we did require execmem. Its certainly not something we
knowingly introduced. Please capture a core file, install all the -debuginfo
packages for  python, virt-manager, gtk-vnc, gtk, glib, glibc  and extract a
stack trace from the place where it crashes.
Comment 3 Daniel Berrange 2007-09-26 15:51:15 EDT
Ok, ignore my previous request for core dump/trace - I've managed to reproduce it.

The flaw is in the GTK-VNC widget, which mmaps a chunk of memory with 
PROT_READ|PROT_WRITE|PROT_EXEC to use for the stack in swapcontext() /
makecontext() calls. Totally bogus to have PROT_EXEC there.

#0  0x00002aaaad5dc49c in swapcontext () from /lib64/libc.so.6
#1  0x00002aaaaaccbf6c in cc_swap (from=0x2aaaaaed9cb0, to=0x646bc0)
    at continuation.c:46
#2  0x00002aaaaaccc120 in coroutine_swap (from=0x2aaaaaed9c80, to=0x646b90, 
    arg=0x2aaaaaed9df8) at coroutine.c:81
#3  0x00002aaaaacd3da8 in do_vnc_display_open (data=<value optimized out>)
    at vncdisplay.c:731
#4  0x00002aaaacb68ee3 in IA__g_main_context_dispatch (context=0x631670)
    at gmain.c:2061
#5  0x00002aaaacb6c1dd in g_main_context_iterate (context=0x631670, block=1, 
    dispatch=1, self=<value optimized out>) at gmain.c:2694
#6  0x00002aaaacb6c4ea in IA__g_main_loop_run (loop=0x6887e0) at gmain.c:2898
#7  0x00002aaaab035f63 in IA__gtk_main () at gtkmain.c:1144
#8  0x0000000000403950 in ?? ()
#9  0x00002aaaad5baff4 in __libc_start_main (main=0x4031b0, argc=2, 
    ubp_av=0x7fff68bd7618, init=<value optimized out>, 
    fini=<value optimized out>, rtld_fini=<value optimized out>, 
    stack_end=0x7fff68bd7608) at libc-start.c:220
#10 0x0000000000402b29 in ?? ()
#11 0x00007fff68bd7608 in ?? ()
#12 0x0000000000000000 in ?? ()
Comment 4 Daniel Berrange 2007-09-26 15:53:56 EDT
Created attachment 207411 [details]
Fix mmap flags to avoid execmem errors.
Comment 5 Daniel Berrange 2007-09-26 16:26:36 EDT
Built into rawhide.

* Wed Sep 26 2007 Daniel P. Berrange <berrange@redhat.com> - 0.2.0-2.fc8
- Remove use of PROT_EXEC for coroutine stack (rhbz #307531 )
Comment 6 Zack Cerza 2007-09-26 16:41:04 EDT
Thanks for the quick fix!
Comment 7 Daniel Berrange 2007-09-26 17:28:50 EDT
*** Bug 307481 has been marked as a duplicate of this bug. ***
Comment 8 Daniel Berrange 2007-09-26 22:55:04 EDT
*** Bug 277471 has been marked as a duplicate of this bug. ***
Comment 9 Daniel Berrange 2007-09-26 22:55:08 EDT
*** Bug 277831 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.