Received: by 10.192.165.156 with SMTP id m28csp671571imm; Mon, 16 Apr 2018 06:58:07 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/iYzXMIGKBHJLu213+6gM/llglcUqZyM82edoVrcAejF/Cxy/HTgr6uX+/oEi4Ym7W0yVR X-Received: by 2002:a17:902:8c94:: with SMTP id t20-v6mr3432564plo.129.1523887087466; Mon, 16 Apr 2018 06:58:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523887087; cv=none; d=google.com; s=arc-20160816; b=p+mbl6nJUTiVfSIwco/QqZWIFrDCV/EA3F+A8EsgAl50SzfW46EvAxZI2DfDTf6Q3Z 1aE6dUYvrzHf4rIvx7xOktobpFSzGWFp/u3+R/rpqGMiwfzsFgys5cACUob3t9px8IuE NStLQUCTEXfxyZf9I29q8UiPuRogkzQg+JLID27sNF/uU0CbPUw9SrtENrd/I4ZI8BGl OKvRTqm2oYPCYEHYXvTevs/zBAVa91gxJ5c1FTtbhTnCzGLR12CWfmwaiXN+tNrQAuTd B2VwZ2zu/C+mgWZTEuQyrI1wymQBdc7HoBH89mGkmz5PCJeJymQMXL38jZdEImAsEdde 65NA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=VwizX8Fr/A9Gh36RLRMWHM5nY6ilTOPypQTY2gK4HxA=; b=p0O0R/yTxPfo7sjo5LXAivKbHleWILk+pF2D/rWWKdCgAlrnu6ehotVieQsA6q43KD Co3xZQOmUsZyJzMcSBbGcwV+fw4R4teVOrGqRpJkrQxfoG90z5qlnPKp0N5xwFcCziH4 ovCort4NY9WyeDwkv1RsxlWfiFOPFbJBPK2GgHb0bpd9rxE4cxrLdQyyQ736FaIsOB27 QipKU2gKBwrVmFrwdSxTrIA/sd6LVQ+np2QTgP8tGPYQyoKE24MoTWpNqMtvRZZ5c8ef ddgbAg/gb2eRgkK3/pzv+PTtNPJSQwe08q4K2kTWEo/Bs1lzDud1mSxFdfpVkoyYj/ZM L4Yw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=OrkkrVDT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b17-v6si6736334plz.469.2018.04.16.06.57.53; Mon, 16 Apr 2018 06:58:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=OrkkrVDT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755402AbeDPN4B (ORCPT + 99 others); Mon, 16 Apr 2018 09:56:01 -0400 Received: from mail-oi0-f65.google.com ([209.85.218.65]:44359 "EHLO mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755241AbeDPNz6 (ORCPT ); Mon, 16 Apr 2018 09:55:58 -0400 Received: by mail-oi0-f65.google.com with SMTP id e11-v6so3195997oii.11 for ; Mon, 16 Apr 2018 06:55:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=VwizX8Fr/A9Gh36RLRMWHM5nY6ilTOPypQTY2gK4HxA=; b=OrkkrVDT9Ytf96fqs4wView3LTu0GLXelnXZ/RY1S6U7LEzKUUKzyvMbowv4Vj24UA 5jLfrqv43BsCIEr9kee/3L7EHbPlna/FBHC4q4DLt+GfaF2nPHJrO2/2lEsWOYex/kKX 9OE4fgbnKDRZ6v+0S7RZQggwbpoO5RfHOlIC/17iPKMZAi/HQaJt4elK/q3qAkh2bFtZ 6UkIuYE9OYr+rpyouTVU95sN+XzPGQE2FKfmr4lvxwxTp3/IomJUHrGjb3FOlqFYn34R K9ynWnofzM+CX9EYRW48YSLjG8I1nKIo3P7/bTun1Fq9v9mPCdZh5UHcpUELJjT9uBKP RSQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=VwizX8Fr/A9Gh36RLRMWHM5nY6ilTOPypQTY2gK4HxA=; b=QboByMVbxy4rLRdHmgOuSsJGIfEJhY9rqqbRJJdSg+1zJevroQ0lb/+zMBvl5V2d+i rzS5rHATHx7S1Kyt/71lfrCgTDSfb15vvtLOkaTfq0Ui5iiORKXRJAyNiFrseb7VM6zJ NNbBGMS0vXTyBrDMaYdbDgw7c73986B9Lr1pO8YnHWzXkvj+IEFX/MU1lXLcpxPiKAPS ExTpDICoFlawimceRBt5GR75WiM9BYRsUXxoddbeDDyGeD4ORcw/f9Merd1l7SYIOqWY EeWwBaF+c4m99Gt7VBh/m0tb0m/tGnaMp8EhrR7jerXEtsvZqkJm0anNcE1MfxOXFCAq eyfA== X-Gm-Message-State: ALQs6tC1ajsBrpxKbD+p30YwknwBbMlHoFoSXG7Jd4tN8QJOTK9+KqTY DPmoVkPzver1tj/QVe7ZJPFkE53yV8sj71iEqzLQdg== X-Received: by 2002:aca:30c6:: with SMTP id w189-v6mr14016242oiw.29.1523886957117; Mon, 16 Apr 2018 06:55:57 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.158.88 with HTTP; Mon, 16 Apr 2018 06:55:36 -0700 (PDT) In-Reply-To: <20180416100736.GG17484@dhcp22.suse.cz> References: <13801e2a-c44d-e940-f872-890a0612a483@nvidia.com> <9c714917-fc29-4d12-b5e8-cff28761a2c1@gmail.com> <20180413064917.GC17484@dhcp22.suse.cz> <20180413160435.GA17484@dhcp22.suse.cz> <20180416100736.GG17484@dhcp22.suse.cz> From: Jann Horn Date: Mon, 16 Apr 2018 15:55:36 +0200 Message-ID: Subject: Re: [PATCH] mmap.2: MAP_FIXED is okay if the address range has been reserved To: Michal Hocko Cc: "Michael Kerrisk (man-pages)" , John Hubbard , linux-man , Andrew Morton , Linux-MM , lkml , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 16, 2018 at 12:07 PM, Michal Hocko wrote: > On Fri 13-04-18 18:17:36, Jann Horn wrote: >> On Fri, Apr 13, 2018 at 6:05 PM, Jann Horn wrote: >> > On Fri, Apr 13, 2018 at 6:04 PM, Michal Hocko wrote: >> >> On Fri 13-04-18 17:04:09, Jann Horn wrote: >> >>> On Fri, Apr 13, 2018 at 8:49 AM, Michal Hocko wrote: >> >>> > On Fri 13-04-18 08:43:27, Michael Kerrisk wrote: >> >>> > [...] >> >>> >> So, you mean remove this entire paragraph: >> >>> >> >> >>> >> For cases in which the specified memory region has not been >> >>> >> reserved using an existing mapping, newer kernels (Linux >> >>> >> 4.17 and later) provide an option MAP_FIXED_NOREPLACE that >> >>> >> should be used instead; older kernels require the caller to >> >>> >> use addr as a hint (without MAP_FIXED) and take appropriate >> >>> >> action if the kernel places the new mapping at a different >> >>> >> address. >> >>> >> >> >>> >> It seems like some version of the first half of the paragraph is worth >> >>> >> keeping, though, so as to point the reader in the direction of a remedy. >> >>> >> How about replacing that text with the following: >> >>> >> >> >>> >> Since Linux 4.17, the MAP_FIXED_NOREPLACE flag can be used >> >>> >> in a multithreaded program to avoid the hazard described >> >>> >> above. >> >>> > >> >>> > Yes, that sounds reasonable to me. >> >>> >> >>> But that kind of sounds as if you can't avoid it before Linux 4.17, >> >>> when actually, you just have to call mmap() with the address as hint, >> >>> and if mmap() returns a different address, munmap() it and go on your >> >>> normal error path. >> >> >> >> This is still racy in multithreaded application which is the main point >> >> of the whole section, no? >> > >> > No, it isn't. > > I could have been more specific, sorry. > >> mmap() with a hint (without MAP_FIXED) will always non-racily allocate >> a memory region for you or return an error code. If it does allocate a >> memory region, it belongs to you until you deallocate it. It might be >> at a different address than you requested - > > Yes, this all is true. Except the atomicity is guaranteed only for the > syscall. Once you return to the userspace any error handling is error > prone and racy because your mapping might change under you feet. So... Can you please elaborate on why you think anything could change the mapping returned by mmap() under the caller's feet? When mmap() returns a memory area to the caller, that memory area belongs to the caller. No unrelated code will touch it, unless that code is buggy. >> in that case you can >> emulate MAP_FIXED_NOREPLACE by calling munmap() and treating it as an >> error; or you can do something else with it. >> >> MAP_FIXED_NOREPLACE is just a performance optimization. > > This is not quite true because you get _your_ area or _an error_ > atomically which is not possible with 2 syscalls. Why not?