Received: by 10.192.165.156 with SMTP id m28csp1104851imm; Mon, 16 Apr 2018 14:15:47 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/Wmn6TrhGln+1HKY7z4W9HLmPYN5HLKZLPWn4R88MIOMZrDY5xZ/hv0DhmyGgMe3UXTUSD X-Received: by 2002:a17:902:bc84:: with SMTP id bb4-v6mr5971921plb.8.1523913347832; Mon, 16 Apr 2018 14:15:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523913347; cv=none; d=google.com; s=arc-20160816; b=VRL0aTviuicErNmToxlMBg5DT6AHsX4NrXX5vcn/kh5bRe09UhY5zUiBpUEafjxrVt vkKQkwGP28bF8a9gPzyup4XT/z9zbWif2MzA74zFEK2s0TpGJTKgT6NkJmcrky/bO9cP K9V2HoCzGNOjspWvGbmyA/g/Gmu9oSzqF0gvmMD/6NK2qz7Wt4dc8tzNEmY59KjdDhhx VQj/7QcGAjP1uQVMMky+U01VjV7gaL2g1WGdg6MC9Z6omMbFqPuZ9EhL8cVdEajR9QXc hSB5w1nHGy3cwhQtW8me8mblVDWOt3ZVtRtQEJpLdBe/z2H8fLt2tymBGwafGRt3h5i7 O2Hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=JLHVsndu6DqFy8572mxkQ/A9z3J8+mqH+V84u4M6OTU=; b=hswSHHkM8RpVqsqxQfXMWOZZ9rU5qbgUSUU2j22jJPov3Mu9bZocg95LLai5crnlRj Ukm4dZkHuxB0KmjbyKKybi+99RyjY+pG/xTB+78UOXBW8GNCQAphI7RuYghconwAgUst MDC/wCxmpF0bT/GkH3mq8vyUnlwOriFMLPw3TmfAjoreH1LYTqIYnThx9nBRJfMNMLk1 lAcBXdZZefDqvHHke2LvTBVNkVdforgVqTmwN6RqdK/4usPGBonmiOOcFeQCiXQh9cq6 w33D0DmchrvMpOJRqkrTEHCDxX+/sqFxY43hwO2PG5SGrfHilTrykf0lt/JsM0ZFZQLZ CO3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lospbOj1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z6-v6si12973640pln.339.2018.04.16.14.15.33; Mon, 16 Apr 2018 14:15:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lospbOj1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751270AbeDPVNM (ORCPT + 99 others); Mon, 16 Apr 2018 17:13:12 -0400 Received: from mail-ot0-f196.google.com ([74.125.82.196]:33644 "EHLO mail-ot0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751070AbeDPVNJ (ORCPT ); Mon, 16 Apr 2018 17:13:09 -0400 Received: by mail-ot0-f196.google.com with SMTP id g23-v6so3907183oti.0 for ; Mon, 16 Apr 2018 14:13:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JLHVsndu6DqFy8572mxkQ/A9z3J8+mqH+V84u4M6OTU=; b=lospbOj19baIohdyrgxDlFP3z7PPEnuDvIad2P19s3TeHkK8xuY9518vnjnhaRqF2t dbWBRTueIadf5vCZmVmTV3QmR2uSojKNVqbHG4pD/pzwDP6V2itxPAT7eCRfLo2CGWai cmRzJy/Hi04+P493oApfCsrqylzWsHKaTmbSpFMLb7jh/IjJtDFhf7GcXZxnZ/dfRXjJ 6LbYM6G9MUVlcr8eUS5bPT9XubCECyTWgPUj3YNEfgyMiWAppurNLJp1ieYN+D7vtF1j F7b8HiVB3kYc2Wtj7OrTfBcAS0T4qWu6br/kf1cwN+qTls/5eCOS8qtvaufgW5CymjuW aeeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JLHVsndu6DqFy8572mxkQ/A9z3J8+mqH+V84u4M6OTU=; b=Q95j/LwENWzSBwSDsuN4tMUkx6qbZfWjWV0xjVERDn9N85RIxi5CJ/hKw4KugKz2Wq dzaTnCPm6L6KGna7vQGkxB/KUvDYI7xjhjBvNNr2PbKNz6ZrGLj5aLlRHppFzRyKTFQD iwzCQO2hvPPCmvAZeNPbGuY0iXGZrGUahYp8wesuJkmZIiV0Cjvnf/pSIWgh1N3TMHOw M7rP3nhFFbH6CF/2C4mdXgAkjxYgcXf0z4SQt5x3zNh5scg1xsD6AqEOZiEPdyDz0Zyz kpNwTmLD6cYsqLZiciQl99d8qPNR6kBXsZPEIG8mxFMpS8hMvG5cARniZJz0ITaQzSQ4 W6nQ== X-Gm-Message-State: ALQs6tARc2SxGX2tcFAs7gIkPDSPSPE1vYW0HmJQRNhx2TNgAQJn4kl7 qbPexdnGPbMh1MXXMMAHS/oYm/vfVDnlv+QXSoqXcw== X-Received: by 2002:a9d:1a16:: with SMTP id a22-v6mr7392908ote.247.1523913188950; Mon, 16 Apr 2018 14:13:08 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.158.88 with HTTP; Mon, 16 Apr 2018 14:12:48 -0700 (PDT) In-Reply-To: <20180416211115.GU17484@dhcp22.suse.cz> References: <20180413160435.GA17484@dhcp22.suse.cz> <20180416100736.GG17484@dhcp22.suse.cz> <20180416191805.GS17484@dhcp22.suse.cz> <20180416195726.GT17484@dhcp22.suse.cz> <20180416211115.GU17484@dhcp22.suse.cz> From: Jann Horn Date: Mon, 16 Apr 2018 23:12:48 +0200 Message-ID: Subject: Re: [PATCH] mmap.2: MAP_FIXED is okay if the address range has been reserved To: Michal Hocko Cc: "Michael Kerrisk (man-pages)" , John Hubbard , linux-man , Andrew Morton , Linux-MM , lkml , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 16, 2018 at 11:11 PM, Michal Hocko wrote: > On Mon 16-04-18 22:17:40, Jann Horn wrote: >> On Mon, Apr 16, 2018 at 9:57 PM, Michal Hocko wrote: >> > On Mon 16-04-18 21:30:09, Jann Horn wrote: >> >> On Mon, Apr 16, 2018 at 9:18 PM, Michal Hocko wrote: >> > [...] >> >> > Yes, reasonably well written application will not have this problem. >> >> > That, however, requires an external synchronization and that's why >> >> > called it error prone and racy. I guess that was the main motivation for >> >> > that part of the man page. >> >> >> >> What requires external synchronization? I still don't understand at >> >> all what you're talking about. >> >> >> >> The following code: >> >> >> >> void *try_to_alloc_addr(void *hint, size_t len) { >> >> char *x = mmap(hint, len, ...); >> >> if (x == MAP_FAILED) return NULL; >> >> if (x == hint) return x; >> > >> > Any other thread can modify the address space at this moment. >> >> But not parts of the address space that were returned by this mmap() call. > ? >> > Just >> > consider that another thread would does mmap(x, MAP_FIXED) (or any other >> > address overlapping [x, x+len] range) >> >> If the other thread does that without previously having created a >> mapping covering the area in question, that would be a bug in the >> other thread. > > MAP_FIXED is sometimes used without preallocated address ranges. Wow, really? Can you point to an example? >> MAP_FIXED on an unmapped address is almost always a bug >> (excluding single-threaded cases with no library code, and even then >> it's quite weird) - for example, any malloc() call could also cause >> libc to start using the memory range you're trying to map with >> MAP_FIXED. > > Yeah and that's why we there is such a large paragraph in the man page > ;) > >> > becaus it is seemingly safe as x >> > != hint. >> >> I don't understand this part. Are you talking about a hypothetical >> scenario in which a programmer attempts to segment the virtual memory >> space into areas that are exclusively used by threads without creating >> memory mappings for those areas? > > Yeah, that doesn't sound all that over-exaggerated, right? And yes, > such a code would be subtle and most probably buggy. I am not trying to > argue for those hypothetical cases. All I am saying is that MAP_FIXED is > subtle. > > I _do_ agree that using it solely on the preallocated and _properly_ > managed address ranges is safe. I still maintain my position on error > prone though. And besides that there are usecases which do not operate > on preallocated address ranges so people really have to be careful. > > I do not really care what is the form. I find the current wording quite > informative and showing examples of how things might be broken. I do > agree with your remark that "MAP_FIXED on preallocated ranges is safe" > should be added. But MAP_FIXED is dangerous API and should have few big > fat warnings. > -- > Michal Hocko > SUSE Labs