From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82703C3601E for ; Thu, 10 Apr 2025 20:30:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 06BCA280136; Thu, 10 Apr 2025 16:30:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F135828012D; Thu, 10 Apr 2025 16:30:09 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DB534280136; Thu, 10 Apr 2025 16:30:09 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id BA05F28012D for ; Thu, 10 Apr 2025 16:30:09 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 4B50B1CBE43 for ; Thu, 10 Apr 2025 20:30:10 +0000 (UTC) X-FDA: 83319276180.01.C390E4A Received: from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31]) by imf13.hostedemail.com (Postfix) with ESMTP id 8B03120003 for ; Thu, 10 Apr 2025 20:30:08 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="h/Cu22zu"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of alx@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=alx@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1744317008; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6kOXacM1sIyvPuFnzt2vJevaJ7ug5w+ZxM2uYtePIsQ=; b=Vd2/sizafzzPQjnNmaj57yB5JiV/h7nxOQR7YQP2L/NOi13bxMv5ICviDqAMLDeIB7e/KG jIcT8UndG/jblcmb1ptCgTW31ba+eO8D89lrQJav8gJ2Vq4sQdnzNWRov/uRKPdpGwa81s N6AbSvrS0bqtHE4PmVFz66lv/a8FTYk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1744317008; a=rsa-sha256; cv=none; b=gmRMsdzx6xLE4lJXC5lr7UO1M6IX8ugLpjq8NCPRQT5TNKCAe8JRr/K1IjuRFP+vWgDN/3 PA/KJLJ9GMWfa3Kf/aVAWw254zn/TAD//wWH8y4bUOSX9oBDgQs8Lji7UqR0R1DwAaWez8 YML9giaqnYW9qlL0WOIFGCF2btj2V6A= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="h/Cu22zu"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of alx@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=alx@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id 300B944AD1; Thu, 10 Apr 2025 20:30:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 532BCC4CEDD; Thu, 10 Apr 2025 20:30:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744317006; bh=fOp5RNjWuuBVHTSQWBBULcoYbNHRcj9Top7zNAyBT50=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=h/Cu22zutTBC30DIMf4EKWXFDqGizyXKUEC+Y7k9P61mITbHOe5R9ZqZL6BH61MSY bxfGo0HMV62WXrQYrOJM2g7nkQrs29YKTubaDgOQZxO87vDPBJd7na8pRj6OQI1A4c mkEM6aD/cvm1asKIZ8YLG799Pr2re8r4bn/Ui6bEAugu+AbjrZt3wKu8Y67KlFlSOU 1Gkh2KU8mX8Xpg3ybrUXz5LlV8yTAbCckJD4sXTo+Jf5IzXYDvLm4mVuocJXTxLCp5 TP1YFXOE0vh6DxsLdasyQfzhvNtZUEvlDxnqvztYaPU2sIk6BmKAxd5po0M3f3B6+n jkfSwqmFVGpFg== Date: Thu, 10 Apr 2025 22:30:02 +0200 From: Alejandro Colomar To: Jann Horn Cc: linux-man@vger.kernel.org, Andrew Morton , "Liam R . Howlett" , Lorenzo Stoakes , Vlastimil Babka , linux-mm@kvack.org Subject: Re: [PATCH man] mmap.2: Document danger of mappings larger than PTRDIFF_MAX Message-ID: <7eipszjbpwa6hpmhidggt5pclbwrck6zmch6cahbs6mdbt5csg@ho4hux3avpdf> References: <20250409200316.1555164-1-jannh@google.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6nebur4azoszr7qh" Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 8B03120003 X-Stat-Signature: 67rrjey9ddwbzbiaj5wxibef9xu7rib8 X-Rspam-User: X-HE-Tag: 1744317008-312722 X-HE-Meta: U2FsdGVkX19j3KwH998+lI6Bkjfg/oNNhsrTySRyT2cEj/N8yvy38wCiZtf2zjfouhF1cTG0zcrt28Tx3/Fw/YNRNBBclCzCY0VOU0/5h/TCezo8NIS8m8t0U4yY4eRkf6H5aY2XXp/67up+UYB9tOPkHyfYnioE2HGB8O1qNd0HMg9FWiarjDkn0CsQHkDLfo7Lbcn4enBmh0cS95lSWVOdRoCEf3u1wvp51uq6nDDV+kFtifBpTbsucWF45soj3V3eKKFCwPoOvQnsFhc9bHhkb+6U/iDYx9FjuaYmh+RHHrx8MXI8xLqVcWY6/6N0rvbHJBFLUKmsuwUCGKTHH+Q6IqEvTyx4Qu7nTn9XPPqFs7wXsfGHEO9xp2ahRi4AxbQiG/8H6PmHD+SHxUZmcWcUKlpT5SIx2llD3dY01h2dpCeOaag3w9uhUk7jnFYunRrxLP01EjTGd35334Ieny77Jp2cQ6ZOrQtd27rNRpe+feSnXdtiSrs6WVG6m1F9llEZyCgYrDNT+RjQBJNp8tDEf6qWxAiiGnO3Cibvj/0Smm+5lBo0DpprE5oxpTTeNd/Gnjgueh0Z/1nBlFpmcljZ5Xz4RBwXJJ3jaQw0aMApi1P8S/J25LcPz5rxo8HJ4h8ljrOspb9HrCffiPznJuLslc148YCqT+N2Sa+oXc/avS6ZL0GSSC0JN+O9vovv509Pl4wwLTL898+wdaqfa9H5s623A5VskjaK8bPoq/+8l+0q28iYv2GlQIJFmz1aPT01qUUOOlDnMWiaHWDKj97MwvTe7JY9sgFSCGsd+NugKz5w3efsFuovrzdJuKQZyquHuP25kL0kENRdQYebF/rGYtlBazBv1hd/978rD9/Zo7w4JbGhYWhtUoqyQXcb0I2nfQXaW+orVC9790NqHn49yzcz3mCFtDJjxt1PJsw7M8Hl3wDc3HduM55YadYpukbA9/F5V4EJq8d+5VP 7otolpBW e7bxNlUnj2Cv/5q1q7GbN5c+gnxt8mTyvT2hVWZARwWE7Qes1WaTerbTZsTVILovsQXjFsm50DUEhwLBwUQ4hb9Ghmh5/HPQ6gZdn2vRwuF7i0RStgpbLW+EI5IXgYUXtLL3PQhH4w2Ho7CmGqKRL8cThyOdt7H5gDiX/GK3k4QCkQgulKrWBsWoZnfhLEZyHv6Or0iJzt8243ZQYQ4Rd7DReBXdAwJBY/LuuErpMKwV7rjFqvqKyIRvbuDIPxABV/17gK0XFepKyHyRk3JqtciDnkuIXCmrG6VreA4EuWn7lscO9yZg3Y66IxMahx1F5mo6NsWyIcDvwK9Dk2+DHD6UiXjYOTILqSVmtO8aJtyqEgZUdf5K2K6EVcftAdpfqNKDqwv96/NAR61BSC8X8HRvAht4k/MbmMklSmOYdv5M65uc3Z7JuUtxkhFj7nibzWY31qA+zPqgrb1g= X-Bogosity: Ham, tests=bogofilter, spamicity=0.001883, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --6nebur4azoszr7qh Content-Type: text/plain; protected-headers=v1; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable From: Alejandro Colomar To: Jann Horn Cc: linux-man@vger.kernel.org, Andrew Morton , "Liam R . Howlett" , Lorenzo Stoakes , Vlastimil Babka , linux-mm@kvack.org Subject: Re: [PATCH man] mmap.2: Document danger of mappings larger than PTRDIFF_MAX References: <20250409200316.1555164-1-jannh@google.com> MIME-Version: 1.0 In-Reply-To: Hi Jann, On Thu, Apr 10, 2025 at 08:08:41PM +0200, Jann Horn wrote: > > Hmmm. Maybe it could reject PTRDIFF_MAX within the kernel, which would > > at least work for cases where user-space ptrdiff_t matches the kernel's > > ptrdiff_t? Then only users where they don't match would be unprotected, > > but those are hopefully extra careful. >=20 > Perhaps. But then some tricky things are: >=20 > 1. How many existing users would we be breaking with such a change? > Probably _someone_ out there is deliberately mapping files over 2G > into 32-bit processes and it sorta worked until now... > 2. We don't really have a concept of object size in the kernel, and it > might be hard to reason about whether mmap() is used logically to > create a new object or extend an existing object. I guess we could > limit VMA sizes for 32-bit userspace to 0x7ffff000 and enforce a > 1-page gap around mappings that are at least half that size, or > something like that, but that would probably get a bit ugly on the > kernel side... >=20 > The first point is really the main concern for me - we might end up > breaking existing users. Hmmm, okay. If it ends up being too complex, it also would be bad. It's easier for careful programmers to just check the size before the call. So it's fine to not do the check in the kernel. > > > or whether userspace even wants C semantics. > > > > I guess any language will have to link to C at some point, or have > > inherent limitations similar to those of C. >=20 > This limitation is really a result of deciding to make pointer > subtraction return a signed value, so that you can subtract a bigger > pointer from a smaller pointer. I don't know whether other languages > do that. > > > > But we can at least document it... > > > > Yep. Most people are unaware of this, and believe they can get > > SIZE_MAX. > > > > > > > > @man-pages maintainer: Please wait a few days before applying this; > > > I imagine there might be some discussion about this. > > > > Okay; see some minor comments below. >=20 > Thanks. (I'll probably be out for the next two weeks or so, I'll > probably get back to this afterwards.) Okay, no problem --=20 --6nebur4azoszr7qh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEES7Jt9u9GbmlWADAi64mZXMKQwqkFAmf4KkoACgkQ64mZXMKQ wqlkGQ/7BPW2gWy+SJtfbHhElzuSA/LPvzN5dGOCPtdtwSCV1GfZ3Px0PxzeTQWb 8NPMlqaScu0YhexSUj92KWw+h1lz33OlwmoFB0XRsnd8QM5cwuiRSlpGzkJ/v3WZ TmETa/VpVJiSQe+eKHYdGar4RWSwDfE3grUAMze4WXfuk0VbtsEHseGOUqZqq25W y1UDBmXkYEFxiebzTM0EfB1eRjofKIbCAtjFXKZhMkd4OZK5qC19AFR2DEmTgzW+ K55vd44qPUiXWhYkh9A4+L6xmoIaHv7flDgY36VCS+6mjXWBIyIq2evwuyGf07qz Ws5iVEnoBuovt5WYyzYdAtl4Ai67eVIweDh57uFk5ABUTzijlcA1VNAiDjyDubG9 1W79GGaLOFPQ9esA8klHyHwbBEcCQIpzZkBskgpOgS4t+Ii+zHBVmn1fzDejmRL5 0M+EeUHo9JQAjh0h4FyS8ImIiZ8WNUIS7evUarCSGFEd7+VLEu5r00J1LiP7Z365 9fACzYWhc2jxGZ9ARj1MG0oPjXhJwFdmqxf0kKoqgCd/slHUhyRAI+AT8kJ9MDeo YCQsyoBqa1zyvcW9QTqDq5DOT3/L5QSF9KIys4d5zwfYzAZUQSDstu1OQh/sQL2e /GBPYt9tAMiMfBg8RGFvWK9OZUhGIn0QwUnq/bOHsnv0nm2WaEE= =Eku0 -----END PGP SIGNATURE----- --6nebur4azoszr7qh--