linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Alejandro Colomar <alx@kernel.org>
To: Jann Horn <jannh@google.com>
Cc: linux-man@vger.kernel.org,
	Andrew Morton <akpm@linux-foundation.org>,
	 "Liam R . Howlett" <Liam.Howlett@oracle.com>,
	Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
	 Vlastimil Babka <vbabka@suse.cz>,
	linux-mm@kvack.org, Jakub Wilk <jwilk@jwilk.net>
Subject: Re: [PATCH man v2] mmap.2: Document danger of mappings larger than PTRDIFF_MAX
Date: Thu, 1 May 2025 18:43:45 +0200	[thread overview]
Message-ID: <dgzjcjwdldjn7uzgeh6dfwsgkc4ju2zakugwrnpyj5mwbmrnk2@sqqnganfrdvh> (raw)
In-Reply-To: <20250429164359.2699330-1-jannh@google.com>

[-- Attachment #1: Type: text/plain, Size: 2265 bytes --]

Hi Jann,

On Tue, Apr 29, 2025 at 06:43:59PM +0200, Jann Horn wrote:
> References:
>  - C99 draft: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf
>    section "6.5.6 Additive operators", paragraph 9
>  - object size restriction in GCC:
>    https://gcc.gnu.org/legacy-ml/gcc/2011-08/msg00221.html
>  - glibc malloc restricts object size to <=PTRDIFF_MAX in
>    checked_request2size() since glibc v2.30 (released in 2019, as pointed
>    out by Jakub Wilk):
>    https://sourceware.org/cgit/glibc/commit/?id=9bf8e29ca136094f

Thanks!  I've applied the patch.  See some comments below.
<https://www.alejandro-colomar.es/src/alx/linux/man-pages/man-pages.git/commit/?h=contrib&id=7e5756fdeba1a4729f817079c64f0d87fdcdadfa>


Have a lovely day!
Alex

> ---
>  man/man2/mmap.2 | 19 +++++++++++++++++++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/man/man2/mmap.2 b/man/man2/mmap.2
> index caf822103..4bb15699d 100644
> --- a/man/man2/mmap.2
> +++ b/man/man2/mmap.2
> @@ -785,6 +785,25 @@ correspond to added or removed regions of the file is unspecified.
>  An application can determine which pages of a mapping are
>  currently resident in the buffer/page cache using
>  .BR mincore (2).
> +.P

I've moved the paragraph to a new CAVEATS section.

> +Unlike typical
> +.BR malloc (3)
> +implementations,
> +.BR mmap ()
> +does not prevent creating objects larger than
> +.BR PTRDIFF_MAX .
> +Objects that are larger than
> +.B PTRDIFF_MAX
> +only work in limited ways in standard C

I've removed 'standard', since in any C it is problematic.

Is it okay to you?  (We're still in time to amend if you prefer
something else.)

> +(in particular, pointer subtraction results in undefined behavior if the
> +result would be bigger than
> +.BR PTRDIFF_MAX ).
> +On top of that, GCC also assumes that no object is bigger than
> +.BR PTRDIFF_MAX .
> +.B PTRDIFF_MAX
> +is usually half of the address space size;
> +so for 32-bit processes,
> +it is usually 0x7fffffff (almost 2 GiB).
>  .\"
>  .SS Using MAP_FIXED safely
>  The only safe use for
> 
> base-commit: 4c4d9f0f5148caf1271394018d0f7381c1b8b400
> -- 
> 2.49.0.901.g37484f566f-goog
> 

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  reply	other threads:[~2025-05-01 16:43 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-29 16:43 Jann Horn
2025-05-01 16:43 ` Alejandro Colomar [this message]
2025-05-02 12:27   ` Jann Horn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=dgzjcjwdldjn7uzgeh6dfwsgkc4ju2zakugwrnpyj5mwbmrnk2@sqqnganfrdvh \
    --to=alx@kernel.org \
    --cc=Liam.Howlett@oracle.com \
    --cc=akpm@linux-foundation.org \
    --cc=jannh@google.com \
    --cc=jwilk@jwilk.net \
    --cc=linux-man@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=lorenzo.stoakes@oracle.com \
    --cc=vbabka@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox