Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752500AbdLEHnO (ORCPT ); Tue, 5 Dec 2017 02:43:14 -0500 Received: from hqemgate16.nvidia.com ([216.228.121.65]:18229 "EHLO hqemgate16.nvidia.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751161AbdLEHnM (ORCPT ); Tue, 5 Dec 2017 02:43:12 -0500 X-PGP-Universal: processed; by hqpgpgate101.nvidia.com on Mon, 04 Dec 2017 23:43:12 -0800 Subject: Re: [PATCH v2] mmap.2: MAP_FIXED updated documentation To: Michal Hocko CC: Mike Rapoport , Michael Kerrisk , linux-man , , Michael Ellerman , , LKML , , Jann Horn , Matthew Wilcox References: <20171204021411.4786-1-jhubbard@nvidia.com> <20171204113113.GA13465@rapoport-lnx> <6777116d-ad9e-48c9-0009-01d10274135e@nvidia.com> <20171205070838.u3br5lvshywkwxby@dhcp22.suse.cz> X-Nvconfidentiality: public From: John Hubbard Message-ID: <056886d3-2cb8-ee1e-5ba7-54282fae257e@nvidia.com> Date: Mon, 4 Dec 2017 23:43:11 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <20171205070838.u3br5lvshywkwxby@dhcp22.suse.cz> X-Originating-IP: [10.2.167.64] X-ClientProxiedBy: HQMAIL102.nvidia.com (172.18.146.10) To HQMAIL107.nvidia.com (172.20.187.13) Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2525 Lines: 55 On 12/04/2017 11:08 PM, Michal Hocko wrote: > On Mon 04-12-17 18:52:27, John Hubbard wrote: >> On 12/04/2017 03:31 AM, Mike Rapoport wrote: >>> On Sun, Dec 03, 2017 at 06:14:11PM -0800, john.hubbard@gmail.com wrote: >>>> From: John Hubbard >>>> >> [...] >>>> +.IP >>>> +Given the above limitations, one of the very few ways to use this option >>>> +safely is: mmap() a region, without specifying MAP_FIXED. Then, within that >>>> +region, call mmap(MAP_FIXED) to suballocate regions. This avoids both the >>>> +portability problem (because the first mmap call lets the kernel pick the >>>> +address), and the address space corruption problem (because the region being >>>> +overwritten is already owned by the calling thread). >>> >>> Maybe "address space corruption problem caused by implicit calls to mmap"? >>> The region allocated with the first mmap is not exactly owned by the >>> thread and a multi-thread application can still corrupt its memory if >>> different threads use mmap(MAP_FIXED) for overlapping regions. >>> >>> My 2 cents. >>> >> >> Hi Mike, >> >> Yes, thanks for picking through this, and I agree that the above is misleading. >> It should definitely not use the word "owned" at all. Re-doing the whole >> paragraph in order to make it all fit together nicely, I get this: >> >> "Given the above limitations, one of the very few ways to use this option >> safely is: mmap() an enclosing region, without specifying MAP_FIXED. >> Then, within that region, call mmap(MAP_FIXED) to suballocate regions >> within the enclosing region. This avoids both the portability problem >> (because the first mmap call lets the kernel pick the address), and the >> address space corruption problem (because implicit calls to mmap will >> not affect the already-mapped enclosing region)." >> >> ...how's that sound to you? I'll post a v3 soon with this. > > It sounds to me you are trying to tell way to much while actually being > a bit misleading. Even sub-range MAP_FIXED is not multi-thread safe. > > Really the more corner cases you will try to cover the worse the end > result will end up. I would just try to be simple here and mention the > address space corruption issues you've had earlier and be done with it. > Maybe add a note that some architectures might need a special alignement > and fail if it is not the case but nothing really specific. > Sure, I can drop the "how to use this safely" section. It seemed like a good idea at the time... :) thanks, John Hubbard NVIDIA