Steffen Nurpmeso wrote:
[...]
So if someone says "this was a source of
denial‐of‐service attacks" then i need to wrap my head, and it is
not as if an in-between-the-lines reference to MAP_DENYWRITE ring
any bells except that i think the flag has been removed.
The manpage indicates that, long ago, a mapping with MAP_DENYWRITE would
effectively make the underlying file read-only, even to root, for as
long as the mapping exists.
And then
someone who seems to know uses it nonetheless in a small showcase
program, likely trying to say even more in-between-the-lines.
That commit message seems to indicate that the program was using
SHM_HUGETLB when it should have been using MAP_HUGETLB, those constants
represent different bits, and passing SHM_HUGETLB to mmap(2) will be
interpreted as MAP_DENYWRITE, and therefore ignored. Presumably, there
is some other syscall (likely shmat(2)) that uses that bit (represented
under the constant SHM_HUGETLB) to request huge pages, and the test
program in question was supposed to get huge pages from mmap(2) but was
not actually asking for huge pages because it was using the wrong constant.
In other words, MAP_DENYWRITE was not being intentionally used at all.
Another constant, for a different set of flags, that happens to have the
same value, was being used, causing a quiet bug. (The test program
would have still worked, but was not actually exercising huge pages as
intended.)
-- Jacob
