From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DEEEC433DF for ; Mon, 25 May 2020 00:40:25 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id CE3B7207CB for ; Mon, 25 May 2020 00:40:24 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="y4Erl1ou" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CE3B7207CB Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 58ACC8000B; Sun, 24 May 2020 20:40:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5117C80007; Sun, 24 May 2020 20:40:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4012C8000B; Sun, 24 May 2020 20:40:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0190.hostedemail.com [216.40.44.190]) by kanga.kvack.org (Postfix) with ESMTP id 2480980007 for ; Sun, 24 May 2020 20:40:24 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id C7A825824 for ; Mon, 25 May 2020 00:40:23 +0000 (UTC) X-FDA: 76853385126.19.unit67_20829f3fc9938 X-HE-Tag: unit67_20829f3fc9938 X-Filterd-Recvd-Size: 6643 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf08.hostedemail.com (Postfix) with ESMTP for ; Mon, 25 May 2020 00:40:23 +0000 (UTC) Received: from localhost.localdomain (c-73-231-172-41.hsd1.ca.comcast.net [73.231.172.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 416F320787; Mon, 25 May 2020 00:40:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1590367222; bh=BWyRQocDUFn9UmBQQ5Q0sVK52KM07xpTysXQHycg7lg=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=y4Erl1ouiwt6qTfHMieIRW90eRBtsU7H6NolfYxXCIDU1QAhH4cfH9l7BOQOOXVqO iYJBmOcZqYCuMgYUIbaN67dCINS52v60jwyGTJbBUyfm1fb0D7WoWQ2SbspngLzukk b0FIGYD/t4rGhkIjk5pu3ul9RU+YEJPQSYB8C1UI= Date: Sun, 24 May 2020 17:40:21 -0700 From: Andrew Morton To: phi.debian@gmail.com Cc: bugzilla-daemon@bugzilla.kernel.org, linux-mm@kvack.org, Rik van Riel , Hugh Dickins Subject: Re: [Bug 207861] New: mremap MAP_ANONYMOUS|MAP_SHARED grow provide bad mapping. Message-Id: <20200524174021.f37b8fd9b9ffa9fafab0970e@linux-foundation.org> In-Reply-To: References: X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: (switched to email. Please respond via emailed reply-to-all, not via the bugzilla web interface). On Sat, 23 May 2020 03:53:44 +0000 bugzilla-daemon@bugzilla.kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=207861 > > Bug ID: 207861 > Summary: mremap MAP_ANONYMOUS|MAP_SHARED grow provide bad > mapping. > Product: Memory Management > Version: 2.5 > Kernel Version: 5.4.0-29-generic > Hardware: All > OS: Linux > Tree: Mainline > Status: NEW > Severity: high > Priority: P1 > Component: Page Allocator > Assignee: akpm@linux-foundation.org > Reporter: phi.debian@gmail.com > Regression: No > > Hi All, Hi. (Again, please reply by email!) > I bumped into this, in my case it involve MAP_ANONYMOUS|MAP_SHARED. > There is another bug https://bugzilla.kernel.org/show_bug.cgi?id=8691 that may > be relatd, but this one involve MAP_GROWSDOWN, while I don't need that. The > problem exhibit itself as a Bus Error in the user land. > > Here is my test case that is a simple demonstrator, a streamline of my need in > my real application. > > The test case here exhibit the 'Bad address' that would result in a Bus error > if used, adn then I propose a workaround for the one like me who could be > blocked by this. > > Since there is a work around, I setup a prio to High and not blocking. Nice report, thanks. Yes, it looks like it's the same thing as the 13-year-old https://bugzilla.kernel.org/show_bug.cgi?id=8691. MAP_ANONYMOUS|MAP_SHARED mmaps are backed by shmem and I guess it's still the case that we don't grow the mapping in mremap() for shmem-backed. And returning success from mremap() in this situation seems flat out rude. Can folks please take a look? > ============================================================= > #define _GNU_SOURCE > #include > #include > #include > #include > #include > #include > > #include > #include > #include > > #define checkaddr(p) access(p,0) > #define strchecka(p) (checkaddr(p),strerror(errno*(errno==EFAULT))) > > int main(int c, char **v) > { int i; > char b[128], *p; > union { char *p; long l;}u; > > sprintf(b,"pmap %d | grep zero",getpid()); > > p=mmap(0, 4096,PROT_READ|PROT_WRITE,MAP_ANONYMOUS|MAP_SHARED, -1, 0); > if((void*)p == MAP_FAILED) > { printf("mmap failed\n"); > } > u.p=p; > system((printf("After mmap\n"),b)); > printf("p=%#lx p[0]=%c\n",u.l,u.p[0]='a'); > > p=mremap(p,4096,8192,MREMAP_MAYMOVE); > system((printf("After mremap\n"),b)); > > u.p=p+4094; *u.p='b'; > printf("p=%#lx p[0]=%c p[4094]=%c\n",u.l,p[0],*u.p); > printf("%#lx addr check => %s\n",u.l,strchecka(u.p)); > > u.p=p+4096; > printf("%#lx addr check => %s\n",u.l,strchecka(u.p)); > > > munmap(p+4096,4096); > system((printf("After unmap p+4096\n"),b)); > u.p=mmap(p+4096, 4096,PROT_READ|PROT_WRITE,MAP_ANONYMOUS|MAP_SHARED, -1, 0); > system((printf("After mmap p+4096\n"),b)); > printf("%#lx addr check => %s\n",u.l,strchecka(u.p)); > > u.p=p; p[4096]='c'; > printf("p=%#lx p[0]=%c p[4094]=%c p[4096]=%c\n",u.l,u.p[0],p[4094],p[4096]); > exit(0); > } > ============================================================= > > And the compile run on > Linux phiw 5.4.0-29-generic #33-Ubuntu SMP Wed Apr 29 14:32:27 UTC 2020 x86_64 > x86_64 x86_64 GNU/Linux > > PW$ cc -o f2 f2.c > > PW$ ./f2 > After mmap > 00007f022daf6000 4K rw-s- zero (deleted) > p=0x7f022daf6000 p[0]=a > After mremap > 00007f022dac8000 8K rw-s- zero (deleted) > p=0x7f022dac8ffe p[0]=a p[4094]=b > 0x7f022dac8ffe addr check => Success > 0x7f022dac9000 addr check => Bad address > After unmap p+4096 > 00007f022dac8000 4K rw-s- zero (deleted) > After mmap p+4096 > 00007f022dac8000 4K rw-s- zero (deleted) > 00007f022dac9000 4K rw-s- zero (deleted) > 0x7f022dac9000 addr check => Success > p=0x7f022dac8000 p[0]=a p[4094]=b p[4096]=c > > ============================================================= > > This work around require 3 syscall to get the job done (instead of only one > mremap) and end up with 2 mmap adjacent regions instead of only one as mremap > would do. > > I need this for a powerfull realloc, i.e basically what stated in the man page > :) > > I found another workaround based on having a file backing store with an > unlinked uniq file, then at grow time, an ftruncate() then the mremap() would > work (since not MAP_ANONYMOUS) but this doesn't fit my need, I got a high > numbber of mmap() regions, and I could not afford to keep all those FDs open > for the sake of mremap() grow. > > Thanx for any pointer. > Cheers, > Phi > > -- > You are receiving this mail because: > You are the assignee for the bug.