All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jann Horn <jannh@google.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
	John Hubbard <jhubbard@nvidia.com>,
	linux-man <linux-man@vger.kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Linux-MM <linux-mm@kvack.org>,
	lkml <linux-kernel@vger.kernel.org>,
	Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH] mmap.2: MAP_FIXED is okay if the address range has been reserved
Date: Mon, 16 Apr 2018 22:17:40 +0200	[thread overview]
Message-ID: <CAG48ez1bV_zZP3Y2ioDndP+H8mLCcxOtU1vCbWe7Q8myEGfXQQ@mail.gmail.com> (raw)
In-Reply-To: <20180416195726.GT17484@dhcp22.suse.cz>

On Mon, Apr 16, 2018 at 9:57 PM, Michal Hocko <mhocko@kernel.org> wrote:
> On Mon 16-04-18 21:30:09, Jann Horn wrote:
>> On Mon, Apr 16, 2018 at 9:18 PM, Michal Hocko <mhocko@kernel.org> wrote:
> [...]
>> > Yes, reasonably well written application will not have this problem.
>> > That, however, requires an external synchronization and that's why
>> > called it error prone and racy. I guess that was the main motivation for
>> > that part of the man page.
>>
>> What requires external synchronization? I still don't understand at
>> all what you're talking about.
>>
>> The following code:
>>
>> void *try_to_alloc_addr(void *hint, size_t len) {
>>   char *x = mmap(hint, len, ...);
>>   if (x == MAP_FAILED) return NULL;
>>   if (x == hint) return x;
>
> Any other thread can modify the address space at this moment.

But not parts of the address space that were returned by this mmap() call.

> Just
> consider that another thread would does mmap(x, MAP_FIXED) (or any other
> address overlapping [x, x+len] range)

If the other thread does that without previously having created a
mapping covering the area in question, that would be a bug in the
other thread. MAP_FIXED on an unmapped address is almost always a bug
(excluding single-threaded cases with no library code, and even then
it's quite weird) - for example, any malloc() call could also cause
libc to start using the memory range you're trying to map with
MAP_FIXED.

> becaus it is seemingly safe as x
> != hint.

I don't understand this part. Are you talking about a hypothetical
scenario in which a programmer attempts to segment the virtual memory
space into areas that are exclusively used by threads without creating
memory mappings for those areas?

> This will succeed and ...
>>   munmap(x, len);
> ... now you are munmaping somebody's else memory range
>
>>   return NULL;
>
> Do code _is_ buggy but it is not obvious at all.
>
>> }
>>
>> has no need for any form of external synchronization.
>
> If the above mmap/munmap section was protected by a lock and _all_ other
> mmaps (direct or indirect) would use the same lock then you are safe
> against that.

  reply	other threads:[~2018-04-16 20:18 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-12 15:39 [PATCH] mmap.2: MAP_FIXED is okay if the address range has been reserved Jann Horn
2018-04-12 15:39 ` Jann Horn
2018-04-12 15:39 ` Jann Horn
2018-04-12 18:32 ` Michael Kerrisk (man-pages)
2018-04-12 18:33 ` John Hubbard
2018-04-12 18:33   ` John Hubbard
2018-04-12 18:37   ` Michael Kerrisk (man-pages)
2018-04-12 18:49     ` Jann Horn
2018-04-12 18:59       ` John Hubbard
2018-04-12 19:18         ` Jann Horn
2018-04-12 19:24           ` John Hubbard
2018-04-13  6:43             ` Michael Kerrisk (man-pages)
2018-04-13  6:49               ` Michal Hocko
2018-04-13 15:04                 ` Jann Horn
2018-04-13 16:04                   ` Michal Hocko
2018-04-13 16:05                     ` Jann Horn
2018-04-13 16:17                       ` Jann Horn
2018-04-16 10:07                         ` Michal Hocko
2018-04-16 13:55                           ` Jann Horn
2018-04-16 19:18                             ` Michal Hocko
2018-04-16 19:30                               ` Jann Horn
2018-04-16 19:57                                 ` Michal Hocko
2018-04-16 20:17                                   ` Jann Horn [this message]
2018-04-16 21:11                                     ` Michal Hocko
2018-04-16 21:12                                       ` Jann Horn
2018-04-17  6:23                                         ` Michal Hocko
2018-05-02 13:06                                       ` Michael Kerrisk (man-pages)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAG48ez1bV_zZP3Y2ioDndP+H8mLCcxOtU1vCbWe7Q8myEGfXQQ@mail.gmail.com \
    --to=jannh@google.com \
    --cc=akpm@linux-foundation.org \
    --cc=jhubbard@nvidia.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-man@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mhocko@kernel.org \
    --cc=mtk.manpages@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.