Received: by 10.192.165.156 with SMTP id m28csp1036812imm;
        Mon, 16 Apr 2018 12:58:51 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49p81sHvncK2lQgjVFEkMQbijVs+iBoVjX1JPmlk2kxyAnP2vK7xGusX2c7ng/mAa1p2UhD
X-Received: by 2002:a17:902:2983:: with SMTP id h3-v6mr16663543plb.80.1523908731387;
        Mon, 16 Apr 2018 12:58:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523908731; cv=none;
        d=google.com; s=arc-20160816;
        b=ifYdd2TyJhkDFAqS6WbRbpBxsxpo7yscg6db67Wc9N/BZhK/RWGovuN/hyX2nQnfmH
         Rt1R07LkjxQ3eB44RY5ut/9kJtUKhNEjrN9Y1lkq+wzX4YeoULTywjzWij0q75qykcZm
         smKpUvUOOy508DJ/KW+Vq8q+FXeUG+K0MrRrt+vWl+YI0CjpPI8dQTmGZwwDyEJYwhkZ
         UrKhcPby3uCBEyurQy3MVeoelL57MH8yHIB7Z7fNNSw7Ca0FrI3ZlhZno3aASq+nTp6W
         qU+onG477woxJu46byg/OcT4zQ3HE4cg9qKV/YZZV8dkba3iKF98Oqy8yaGjnUkazkax
         GxnQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=8s+Hvv+gREgTCm9zUe6Jv8B1rcGDrd3Vew51N5Pi5h0=;
        b=V9COlumJoLIr71NQ7xK232Z+yQDkE/tyvfyOcLtYzwkKX6Meqf/nOS55ePr2PeIANF
         B8WCtlu9gEhoxliI+A/dKx5uVWhlrO4NbbPGANDtw6BFhGeKBtdJ6oyor3AssVo0Qe/a
         HPVJbdtwIE8SgV+NtAvC5ejQFHRPnJpcMejLwryVwZyLj7MtirMQ4uqYn0HSYvkgvyOq
         zhqgcquEaKH56UmPObXr2n3rtPM+98Jnd5yRWOqYsEHwF2t5Mu1IJpe7/ofHIJas6mL+
         i9H4Mt1BI3a+LxYcamVdLLm5DENpUgkEbiQspAlY+LYKIdz3gtEQngQpYpNcSm7a9XiI
         IbJQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o11si10441895pgc.274.2018.04.16.12.58.37;
        Mon, 16 Apr 2018 12:58:51 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753478AbeDPT5b (ORCPT <rfc822;radocaj.bane@gmail.com>
        + 99 others); Mon, 16 Apr 2018 15:57:31 -0400
Received: from mx2.suse.de ([195.135.220.15]:54871 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752934AbeDPT53 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 16 Apr 2018 15:57:29 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id 6D3ABAEA5;
        Mon, 16 Apr 2018 19:57:27 +0000 (UTC)
Date:   Mon, 16 Apr 2018 21:57:26 +0200
From:   Michal Hocko <mhocko@kernel.org>
To:     Jann Horn <jannh@google.com>
Cc:     "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
        John Hubbard <jhubbard@nvidia.com>,
        linux-man <linux-man@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linux-MM <linux-mm@kvack.org>,
        lkml <linux-kernel@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>
Subject: Re: [PATCH] mmap.2: MAP_FIXED is okay if the address range has been
 reserved
Message-ID: <20180416195726.GT17484@dhcp22.suse.cz>
References: <9c714917-fc29-4d12-b5e8-cff28761a2c1@gmail.com>
 <20180413064917.GC17484@dhcp22.suse.cz>
 <CAG48ez2w+3FDh9LM3+P2EHowicjM2Xw6giR6uq=26JfWHYsTAQ@mail.gmail.com>
 <20180413160435.GA17484@dhcp22.suse.cz>
 <CAG48ez3-xtmAt2EpRFR8GNKKPcsDsyg7XdwQ=D5w3Ym6w4Krjw@mail.gmail.com>
 <CAG48ez1PdzMs8hkatbzSLBWYucjTc75o8ovSmeC66+e9mLvSfA@mail.gmail.com>
 <20180416100736.GG17484@dhcp22.suse.cz>
 <CAG48ez3DwRXMtiinUWKnan6hAppLYLdx-w+VzXG6ubioZUacQg@mail.gmail.com>
 <20180416191805.GS17484@dhcp22.suse.cz>
 <CAG48ez1nf96nHj8a+aZy22RwqYTUZBGrsGFcz=ZhZBUWzaEZ9w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAG48ez1nf96nHj8a+aZy22RwqYTUZBGrsGFcz=ZhZBUWzaEZ9w@mail.gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon 16-04-18 21:30:09, Jann Horn wrote:
> On Mon, Apr 16, 2018 at 9:18 PM, Michal Hocko <mhocko@kernel.org> wrote:
[...]
> > Yes, reasonably well written application will not have this problem.
> > That, however, requires an external synchronization and that's why
> > called it error prone and racy. I guess that was the main motivation for
> > that part of the man page.
> 
> What requires external synchronization? I still don't understand at
> all what you're talking about.
> 
> The following code:
> 
> void *try_to_alloc_addr(void *hint, size_t len) {
>   char *x = mmap(hint, len, ...);
>   if (x == MAP_FAILED) return NULL;
>   if (x == hint) return x;

Any other thread can modify the address space at this moment. Just
consider that another thread would does mmap(x, MAP_FIXED) (or any other
address overlapping [x, x+len] range) becaus it is seemingly safe as x
!= hint. This will succeed and ...
>   munmap(x, len);
... now you are munmaping somebody's else memory range

>   return NULL;

Do code _is_ buggy but it is not obvious at all.

> }
> 
> has no need for any form of external synchronization.

If the above mmap/munmap section was protected by a lock and _all_ other
mmaps (direct or indirect) would use the same lock then you are safe
against that.
-- 
Michal Hocko
SUSE Labs