[PATCH] 2.6.1 (not 2.4.24!) mremap fixes broke shm alias mappings

[PATCH] 2.6.1 (not 2.4.24!) mremap fixes broke shm alias mappings

[Bart Oldeman]

Hi Linus,

DOSEMU needs to alias memory, for instance to emulate the HMA. A long time
ago this was done using mmaps of /proc/self/mem. This was replaced by
mremap combined with IPC SHM during 2.1 development.

According to DOSEMUs changelog you agreed to allow old_len==0:
            - using _one_ big IPC shm segment and mremap(addr, 0 ...)
              (Linus agreed on keeping shmat()+mremap(,0,..) functionality)
so you agreed on something you have removed after all now!

(comment in DOSEMU source)
  /* The trick is to set old_len = 0,
   * this won't unmap at the old address, but with
   * shared mem the 'nopage' vm_op will map in the right
   * pages.
   */

An example usage is as follows:
shmget(IPC_PRIVATE, 31498240, 0x1c0|0600) = 11337732
shmat(11337732, 0, 0)                   = 0x40299000
shmctl(11337732, IPC_RMID, 0)           = 0
mremap(0x402a9000, 0, 65536, MREMAP_MAYMOVE|MREMAP_FIXED, 0) = 0
mremap(0x402a9000, 0, 65536, MREMAP_MAYMOVE|MREMAP_FIXED, 0x100000) = 0x100000

The security problems only affect the case new_len==0 so I don't see any
reason for not applying this patch.

Bart

--- mm/mremap.c~	Sat Jan 10 19:22:39 2004
+++ mm/mremap.c	Sun Jan 11 00:19:13 2004
@@ -315,8 +315,11 @@
 	old_len = PAGE_ALIGN(old_len);
 	new_len = PAGE_ALIGN(new_len);

-	/* Don't allow the degenerate cases */
-	if (!old_len || !new_len)
+	/* Don't allow the degenerate cases
+	 * however, old_len == 0 can be used in combination with shmat()
+	 * to create alias mappings.
+	 */
+	if (!new_len)
 		goto out;

 	/* new_addr is only valid if MREMAP_FIXED is specified */

Re: [PATCH] 2.6.1 (not 2.4.24!) mremap fixes broke shm alias mappings

[Linus Torvalds]

On Sun, 11 Jan 2004, Bart Oldeman wrote:
> 
> DOSEMU needs to alias memory, for instance to emulate the HMA. A long time
> ago this was done using mmaps of /proc/self/mem. This was replaced by
> mremap combined with IPC SHM during 2.1 development.
> 
> According to DOSEMUs changelog you agreed to allow old_len==0:
>             - using _one_ big IPC shm segment and mremap(addr, 0 ...)
>               (Linus agreed on keeping shmat()+mremap(,0,..) functionality)
> so you agreed on something you have removed after all now!

Hey, I wouldn't remember all the special cases that aren't commented. But 
I agree that a zero "old_len" is not bad in itself, and if DOSEMU uses it, 
let's just continue to support it, and document it while we're at it.

So if this makes DOSEMU happy again, let's do it..

Pls confirm.

		Linus

----
===== mm/mremap.c 1.35 vs edited =====
--- 1.35/mm/mremap.c	Wed Jan  7 18:26:37 2004
+++ edited/mm/mremap.c	Mon Jan 12 16:32:15 2004
@@ -315,8 +315,12 @@
 	old_len = PAGE_ALIGN(old_len);
 	new_len = PAGE_ALIGN(new_len);
 
-	/* Don't allow the degenerate cases */
-	if (!old_len || !new_len)
+	/*
+	 * We allow a zero old-len as a special case
+	 * for DOS-emu "duplicate shm area" thing. But
+	 * a zero new-len is nonsensical.
+	 */
+	if (!new_len)
 		goto out;
 
 	/* new_addr is only valid if MREMAP_FIXED is specified */

Re: [PATCH] 2.6.1 (not 2.4.24!) mremap fixes broke shm alias mappings

[Linus Torvalds]

On Tue, 13 Jan 2004, Bart Oldeman wrote:
> 
> We've already been discussing and playing with a cleaner alternative to
> mremap that works too (mmap'ing a file on tmpfs, perhaps via
> shm_open()). It's just that it's difficult to explain to users why DOSEMU
> worked on 2.6.0 and suddenly stopped working with the same configuration
> on 2.6.1.

Oh, please keep on using the mremap(ptr, 0, s) thing to create aliases.  
There's nothing really wrong with it, and as long as we just document it
in the sources, it shouldn't break again.

> -- the consensus amongst DOSEMU developers seems to be that you should
> feel free to disallow this funny old_len==0 case in 2.7 if you like.

It's potentially useful, and if we'll have a backwards compatibility issue 
anyway, there's no reason to remove it.

		Linus

Re: [PATCH] 2.6.1 (not 2.4.24!) mremap fixes broke shm alias mappings

[Bart Oldeman]

On Mon, 12 Jan 2004, Linus Torvalds wrote:

> On Sun, 11 Jan 2004, Bart Oldeman wrote:
> >
> > DOSEMU needs to alias memory, for instance to emulate the HMA. A long time
> > ago this was done using mmaps of /proc/self/mem. This was replaced by
> > mremap combined with IPC SHM during 2.1 development.
> >
> > According to DOSEMUs changelog you agreed to allow old_len==0:
> >             - using _one_ big IPC shm segment and mremap(addr, 0 ...)
> >               (Linus agreed on keeping shmat()+mremap(,0,..) functionality)
> > so you agreed on something you have removed after all now!
>
> Hey, I wouldn't remember all the special cases that aren't commented. But
> I agree that a zero "old_len" is not bad in itself, and if DOSEMU uses it,
> let's just continue to support it, and document it while we're at it.
>
> So if this makes DOSEMU happy again, let's do it..
>
> Pls confirm.

sure, it's fine this way. Thanks!

We've already been discussing and playing with a cleaner alternative to
mremap that works too (mmap'ing a file on tmpfs, perhaps via
shm_open()). It's just that it's difficult to explain to users why DOSEMU
worked on 2.6.0 and suddenly stopped working with the same configuration
on 2.6.1.

-- the consensus amongst DOSEMU developers seems to be that you should
feel free to disallow this funny old_len==0 case in 2.7 if you like.

Bart