Received: by 10.192.165.156 with SMTP id m28csp1057927imm; Mon, 16 Apr 2018 13:21:18 -0700 (PDT) X-Google-Smtp-Source: AIpwx4//HojdMt5hKj4gfunwMN02G1bEwwmxQLfdHS+GjKu7k7yzNfVRqjoe155jMj2KiNce9HMZ X-Received: by 10.98.214.218 with SMTP id a87mr22894816pfl.124.1523910078679; Mon, 16 Apr 2018 13:21:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523910078; cv=none; d=google.com; s=arc-20160816; b=oiYL5kJmhweaLk2Xgdc2n1LfJhF1XIEpNYkAnz6io9g3VVYSArBGSI4zUGzgSUzVpc 96YXE6PMIcGTj0fbc3vZepXmjVXrB8tV1AUfFhXc+Lrnclfs3d/8fFIcCBBBojPHocrr eUMfyvN58MMLqjFy2XsHnpJk1DcruMUpr+NP6aE18AK5JVA/YSYEIxb8orNaY+zpgjXp I6C1AywKRblkAycIWlh2n5s0o1D95zrAhHK0IEpimRfBth+RlXJI/05UQsJWUoCZP3rL yN7irZ+3k8eH6gmXPEJduV0/8xX2hwyAYO3rbf8yC6J1PCScW2oAp5NqJ96zDUR8R+8Y 1yvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=IrjQEEp59macJsUGino06oJv2Sn9NmxpLHTossRi/WQ=; b=RxXqzIfgvnrAjLaU3Dm7ryKKCsEzHZLRPXMkZ8YYI0mugGmz18frypmynFpZL7EuZg 4wjggsFIqXfQEdbwjcvxDXbNU4M3rcQ8sJRoFK5djcy8CSeP9zMg/5CIs5afajBZ0ho8 NeXOZGORng3bnVK7W0qR8E0e7mp2w0LjfaIeKhLq+Zqc/3oPN3rBykUKkP7bNSvXlDVw cj92D+/X//QcUg5+9/LkAHfMZ1IzgANba2zLuMuJIbZJGfaDmy9cVr3moWgoT9d1TaoR CoFK5wz4NTwyQa+W81Kb9EW3idJBIqBbivQcIoapV4EkI4aL3h/TatelHBFWc5NbjYiC W3gA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=InZ1d0BM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y7-v6si12552409plt.287.2018.04.16.13.21.04; Mon, 16 Apr 2018 13:21:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=InZ1d0BM; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751489AbeDPUSE (ORCPT + 99 others); Mon, 16 Apr 2018 16:18:04 -0400 Received: from mail-oi0-f41.google.com ([209.85.218.41]:36830 "EHLO mail-oi0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750708AbeDPUSB (ORCPT ); Mon, 16 Apr 2018 16:18:01 -0400 Received: by mail-oi0-f41.google.com with SMTP id h11-v6so6465849oic.3 for ; Mon, 16 Apr 2018 13:18:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IrjQEEp59macJsUGino06oJv2Sn9NmxpLHTossRi/WQ=; b=InZ1d0BMlC0buNMWeFPZ2beOEW6ODnCV8qN1eT/fjSUmXoaLzu1LYCtUEqoY84yjsd +zQtoU0vFIJt5LNPfeLwpKrDu+01w94EkgjMFCvfqG+ZHNbsrdlPg/SlAmpdBE33P3Bq Jm6SO6qvULfZpN9cdlFm+WuY+di5ZNyagbQ7sb4dizMv3Ks8s1GdsGHu45/j8bjh3sVf RLd0AokMMisZvNyYu3/j/piM9Xln4gsgKc5DXzu/1Tk0RsH+7B+sTXbuQbc45wIl3XES /CQdgZYG/0EWblPsiynVbavfEKhZNzagYa1cdrKI67S0WMp2LiYJbOPI6TJ9zQWB61OQ nXfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IrjQEEp59macJsUGino06oJv2Sn9NmxpLHTossRi/WQ=; b=p63XpjGtPCHtQYfbp+ceaE7XPV2kdbQ3vSKqYxxj0ZcYq/gXQeNje+/GZNLWooJVjh lIHvpAhiyrdnBid7r7HfVyWno5I8Zs1Zg50MlSOjZab+qxQgQ5NFyNInRoHjAkOBLMo2 dFcJvR0obtPfs1Ii/4Wiyle1MwZlzbVQVNI/HRFVpUcOb+3e6cKYv9vedTigdtbODkX/ HKP+1z5HIGptwOUDOvn3cm64ccb6nFo0NcxZNbyFrcrsePx4MrHc0fQrcfUM+SF6Tq3H 9Nm7zT9o7tOdA+7q8y8bIb8ZOMNI8jQl9HBCah/AUovILREETetx6ztgKE3sh7ruqvqM nzYQ== X-Gm-Message-State: ALQs6tAIDSn+p2ryIQ6fgCqxy7+I/KWB5l20quors2eQrTPWirNfxhM+ KwRjFO4T3iDuHAoqjRHi83hViXtERmnaNFNWlC6acw== X-Received: by 2002:aca:b3d4:: with SMTP id c203-v6mr16404677oif.91.1523909880653; Mon, 16 Apr 2018 13:18:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.158.88 with HTTP; Mon, 16 Apr 2018 13:17:40 -0700 (PDT) In-Reply-To: <20180416195726.GT17484@dhcp22.suse.cz> References: <9c714917-fc29-4d12-b5e8-cff28761a2c1@gmail.com> <20180413064917.GC17484@dhcp22.suse.cz> <20180413160435.GA17484@dhcp22.suse.cz> <20180416100736.GG17484@dhcp22.suse.cz> <20180416191805.GS17484@dhcp22.suse.cz> <20180416195726.GT17484@dhcp22.suse.cz> From: Jann Horn Date: Mon, 16 Apr 2018 22:17:40 +0200 Message-ID: Subject: Re: [PATCH] mmap.2: MAP_FIXED is okay if the address range has been reserved To: Michal Hocko Cc: "Michael Kerrisk (man-pages)" , John Hubbard , linux-man , Andrew Morton , Linux-MM , lkml , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 16, 2018 at 9:57 PM, Michal Hocko wrote: > On Mon 16-04-18 21:30:09, Jann Horn wrote: >> On Mon, Apr 16, 2018 at 9:18 PM, Michal Hocko wrote: > [...] >> > Yes, reasonably well written application will not have this problem. >> > That, however, requires an external synchronization and that's why >> > called it error prone and racy. I guess that was the main motivation for >> > that part of the man page. >> >> What requires external synchronization? I still don't understand at >> all what you're talking about. >> >> The following code: >> >> void *try_to_alloc_addr(void *hint, size_t len) { >> char *x = mmap(hint, len, ...); >> if (x == MAP_FAILED) return NULL; >> if (x == hint) return x; > > Any other thread can modify the address space at this moment. But not parts of the address space that were returned by this mmap() call. > Just > consider that another thread would does mmap(x, MAP_FIXED) (or any other > address overlapping [x, x+len] range) If the other thread does that without previously having created a mapping covering the area in question, that would be a bug in the other thread. MAP_FIXED on an unmapped address is almost always a bug (excluding single-threaded cases with no library code, and even then it's quite weird) - for example, any malloc() call could also cause libc to start using the memory range you're trying to map with MAP_FIXED. > becaus it is seemingly safe as x > != hint. I don't understand this part. Are you talking about a hypothetical scenario in which a programmer attempts to segment the virtual memory space into areas that are exclusively used by threads without creating memory mappings for those areas? > This will succeed and ... >> munmap(x, len); > ... now you are munmaping somebody's else memory range > >> return NULL; > > Do code _is_ buggy but it is not obvious at all. > >> } >> >> has no need for any form of external synchronization. > > If the above mmap/munmap section was protected by a lock and _all_ other > mmaps (direct or indirect) would use the same lock then you are safe > against that.