First page Back Continue Last page Summary Graphics

Private pages


There are two pages of the kernel binary which are not shared between all the threads in that virtual machine. These pages are writeable.
One contains code which is executed early in the UML bootstrap and never run again. Polluting this therefore can't affect UML.
The other is a data page, and contains only errno. The purpose of this is to provide each thread with a private copy of errno. A malign process can therefore change the kernel's value of errno arbitrarily, but that seems unlikely to be exploitable.
In any case, the page of code is likely to be simply unmapped and thrown out. The errno page may be write-protected. It would have to be the last page protected, and if mprotect sets errno to 0 on success, then that assignment will fault because it just made that page unwriteable.