Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6079010rwb; Mon, 5 Dec 2022 07:44:34 -0800 (PST) X-Google-Smtp-Source: AA0mqf5yl7nuUQvsLYZvk6D2lhC3oDJ51uoqbUUMbFz6o48XVDC3KCr68TTBNC/pAqyRUlygvTA6 X-Received: by 2002:a17:906:3993:b0:7ad:f5a9:ece3 with SMTP id h19-20020a170906399300b007adf5a9ece3mr70403693eje.635.1670255073946; Mon, 05 Dec 2022 07:44:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670255073; cv=none; d=google.com; s=arc-20160816; b=IsJZ9ZLPs66D7Qm103rDM0YWCo8PeUp2AddekC3yB0z0gg5f52Rxy9EEIZiVFhrpPw bm59NV6tN3LWeeiqF34QEcqKdUNipdJG79V8p1bLGeWvOJDZpCYbVylxh9+fIqPZc8yu kSDs4qeaVYBvtR4ZXixMEoJwQxGX03Wx5N9RSMUnRw+Aj4l7w0peGjoIszlni2Z/fB5h EChSl2nFxLF9KZN9kQEx6/OYj2TxDLACe5323ZiHPj8zDtwxbXe7E3/RGopzC4oYvpyb 4+O8tpqz50a/sSs3KhnVO4/ziIp7AF+bcnPqZ2/y+HZ+5/4Fa2eHVz9cCMp+99Muhtzd BkGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=8WCQX0onWpnDBVym9j3m/71P7IfFJWXQgDgdNkbKEOU=; b=ABbRcLVUFuaq2+/WFnL09hWXwj4qUpBx1aOFha0t+OEdHCmTJ9QUbTQNOrVN50K8Q1 Uu8p9R9lKOPREIVBfTgw/lul6GdtM6FRy1zjAf2zafckbVUEMjIJz64vilF+t4miWTWj AbFCx6XOoGFFR6EXziwozsdTnmLxLNaw7mnV8KcfbbOrHgRJ+/gmvaqdJ0cd1sJA3J2B n2r/y1ZUc4R3s0ZmseQC+jdDQOtFSPhHU1mWG6cTf8OFdiisz4QQeFevEFBt2D/i4Jxr fGPklZdYSV64urMQnF20VsjkhyO3yDiZjOsZc70g5K+5TtLa9SpK9s2s4pZR1fykp34k 9nHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="QDv/tdmZ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w6-20020a05640234c600b0046cc0dece7dsi2548083edc.163.2022.12.05.07.44.13; Mon, 05 Dec 2022 07:44:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="QDv/tdmZ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230169AbiLEOxs (ORCPT + 81 others); Mon, 5 Dec 2022 09:53:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56848 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229753AbiLEOxr (ORCPT ); Mon, 5 Dec 2022 09:53:47 -0500 Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 349AE1CFF1 for ; Mon, 5 Dec 2022 06:53:46 -0800 (PST) Received: by mail-il1-x131.google.com with SMTP id d14so5171029ilq.11 for ; Mon, 05 Dec 2022 06:53:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8WCQX0onWpnDBVym9j3m/71P7IfFJWXQgDgdNkbKEOU=; b=QDv/tdmZd50a2ODcrZ0WTqSu28qAlF3OcWR1QmiCMovrPPKuXhrGXlyx1TlGpnlN/5 EtJxEq3u6c5XDJ4eUP79yx3GY5ExJ3PUivMVhBa+8echINDQN+FjVpEX+NRy42/uA04N +1otezEkxx4xOoqIlsML7fMf+lXyIpTZN2bxufZJgJhebUg0GD/ArfJ826aUlsE8qzgk EkDPR7bY/8piqphYHOfrsMXsOpB1BNbZGXCNGIIqhf3Gryeug9RFjRYlb+eHGAKuIowP c9HsnXhVV+DAFnDf7b5fi9PhRnB/V8daAJ94lgIwFaxFizFqoDfDPAzHZi2rxSHtDqvW 3+Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8WCQX0onWpnDBVym9j3m/71P7IfFJWXQgDgdNkbKEOU=; b=AFzDdWgbIcbRhOkSt8jYCqIvZr/d5uxmxKqxZvW3hQahNPLMBPWBlImM2tDoAgJcxK 5A9JjvkvlILks68906Y4bSLYeam3uiTs53IRaPsl2IspMmtntmdj0RHifmYdvZ2T1PCX 3DUs+8w12+dCSyyYpr1nORtRw9B+5wHS9GKi4cIhWTZyyPmRnb5ByzLDsJQep3zQrG4d dUi6I3U+SX0C6FqvbmOJj51t4rd6gI+cCoKzzdWLmtgnN31hesd+XFuSBzSCdk7xOqvw vYYC82XMpbneiYF3E32GYzlsTs5oHZ0UQawmAmCF/kK8t/t0CXGe1yOBQXCjG8RGxwku srXQ== X-Gm-Message-State: ANoB5pkt24/HZgQfKPmMGA62n6LoqBlVRlqY7ZBjWRYek6SlPnh5GSuU c0JsDj4SqtTbgXoZ73CHqkpmJmrG5YOS7jeIuafNNA== X-Received: by 2002:a92:6809:0:b0:2f9:4d92:5b2a with SMTP id d9-20020a926809000000b002f94d925b2amr28697063ilc.177.1670252025218; Mon, 05 Dec 2022 06:53:45 -0800 (PST) MIME-Version: 1.0 References: <20221205145005.ku75npr3dsz3fqgo@revolver> In-Reply-To: <20221205145005.ku75npr3dsz3fqgo@revolver> From: Jann Horn Date: Mon, 5 Dec 2022 15:53:09 +0100 Message-ID: Subject: Re: brk() in v6.1-rc1 can expand file mappings, seemingly without taking file locks To: Liam Howlett Cc: Linux-MM , Andrew Morton , kernel list , Jason Donenfeld , Yu Zhao , "Matthew Wilcox (Oracle)" , SeongJae Park , Vlastimil Babka Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 5, 2022 at 3:50 PM Liam Howlett wrote: > * Jann Horn [221202 13:54]: > > As of commit ca57f02295f, brk() can expand ordinary file mappings (but > > not file mappings with weird flags), and I think it does it with > > insufficient locks. I think brk() probably needs some extra checks to > > make sure it's operating on a brk-like VMA (which means it should at > > least be anonymous, and perhaps pass the full can_vma_merge_after() > > check so that we're not creating unnecessary special cases?). > > > Thanks. This is probably caused by commit 2e7ce7d354f2: "mm/mmap: > change do_brk_flags() to expand existing VMA and add do_brk_munmap()" Yeah. > Specifically the checks around expanding the VMA. > > > user@vm:~/brk_stretch$ cat brk_file.c > > Thanks for the testcase. I have a fix that I'm testing, but it's worth > noting that the brk call will succeed - except a new VMA will be > created. Is this what you expect? Yes, that's what I would expect.