From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2CE15C36002 for ; Wed, 9 Apr 2025 20:41:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 362D62800A4; Wed, 9 Apr 2025 16:41:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2EA8628009B; Wed, 9 Apr 2025 16:41:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 18C882800A4; Wed, 9 Apr 2025 16:41:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id EB6B928009B for ; Wed, 9 Apr 2025 16:41:37 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id D4EB61CB2DB for ; Wed, 9 Apr 2025 20:41:38 +0000 (UTC) X-FDA: 83315676276.24.9E5E7C4 Received: from tor.source.kernel.org (tor.source.kernel.org [172.105.4.254]) by imf30.hostedemail.com (Postfix) with ESMTP id 3B2F380009 for ; Wed, 9 Apr 2025 20:41:37 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=SSnBUc2q; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of alx@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=alx@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1744231297; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Srk1C5K2z/5Mz7l8dTAE9nO8uYV6ibzCB6/D582SRRk=; b=iPomlPtMv2xZeG0UCaSVFiQ21wmXAwfHrTpTUOmJDrz2qsA6hqFAKEs7+0Qdu9c524C+Uf cWPEAjxGIgxiMo6p+h8pLpc1KzyOmMxyN7TaTLYkMxu+NQM9GdNnqUgQWGmGMlEOBCmOTd g2mcN3Hn3FuX2R1zwbX+SP7EkA0ZQsU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1744231297; a=rsa-sha256; cv=none; b=q8csUw8oHWwlnS8HotTsorKAuNCMERIapsx+PgZQIfuHtA1xBIPK87E5aqCdstT1tsaYyK RHwowHjE/BlJDNYdR2vq0zohaNQYYOT5aaCYXunwhu8+PZurf4p2O7MEcTrKQEvumwlG55 PzAwANQYrTQMdXVaAtjEBUr6bJdlGyw= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=SSnBUc2q; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of alx@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=alx@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by tor.source.kernel.org (Postfix) with ESMTP id 7BEE961127; Wed, 9 Apr 2025 20:41:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7564AC4CEE2; Wed, 9 Apr 2025 20:41:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744231296; bh=jXivwuavSOU3+rUAUb9IJLDEN9Sj9dovjGxSv6pGLZY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=SSnBUc2q8YgPo2Kxqw+Y6dMa3XRKzYxg46NPqTtJu5P2xDv2jDawgnhsPxZwAk27z ZoQr3M29OQVx35/Yw/KrrOFnLJfrazgl93JRrC1xrKvj6IuxRnSoASOwDmajICzXox 1ZapWsYcnxW6Jt6GPyu5JhI1pLNvBtc0p5S1E3szV2KWppfF/Sic85Eia4NlscCI6c OZbclNyFwIJqltS19/UMLznkWrsEHQrkOUX8YWIsK9AHyarbO0nQXu00u8HVIg52PT tgmPPVSVLdb6RBXu0631GWq3i8yZ9XsE6uvcE3v5oFXVC4dlwHZAW7VUZWi9G+Qbtk O8Oy759yMNHtw== Date: Wed, 9 Apr 2025 22:41:31 +0200 From: Alejandro Colomar To: Jann Horn Cc: linux-man@vger.kernel.org, Andrew Morton , "Liam R . Howlett" , Lorenzo Stoakes , Vlastimil Babka , linux-mm@kvack.org Subject: Re: [PATCH man] mmap.2: Document danger of mappings larger than PTRDIFF_MAX Message-ID: References: <20250409200316.1555164-1-jannh@google.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="yusnn73qo2ipjwdy" Content-Disposition: inline In-Reply-To: <20250409200316.1555164-1-jannh@google.com> X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 3B2F380009 X-Stat-Signature: wq6xft9131y9qta7kien4eixpj58ei36 X-Rspam-User: X-HE-Tag: 1744231297-897325 X-HE-Meta: U2FsdGVkX1+vN/lPsjevjYfsYG/HZCbgYoA0HGdOauENZgkI2QacqjBqNc+ksijeDtTkcRovNeT1fVLqAPZd2NnFZY7R1mM6azDdZYHm+5ZSbrDxfo0uGp4WALi3oB1QA0sD+UAypTB33jL36/y2Cae3/OX2ysL7tikTHjfQTw/4ZJkzxx7WgmyUwQfHjSagSWz2Fxsm3E+IPBthMiyB2I7yq84n0YPZFIfSTTdVqj4w23L59KxKTAvdq7lv1CBBpa4cswUp+VtulwS6sOmg7dhbS3Ss12iGxhGXvRvX0mnrxXbtScLYugi8P4Vj/D5q9HDchmlRY1//h/iBn1oSZsPduHSDndmPQJJHTOg7H1cn13/INH6nY0nZS1ntwhSHNYsalYz3R7jhJafg/p6ZtN0WA6YBodAOVrACD/BixnCnMi7dClhOhRPT2Bt2gLsUIZrtXwiD9XUKgVLrcFRhw89bYUJKkdKuxfQOXQUitg95kMIyuWNJoWCO3ruMryORnoq2a5Z9VHrRE2XJKRf6r9CqGcjoRubMNNQaxVUwe7x4NNeYxhl95+B9QamTiTJqulMjKsucXWqcblQqciJB4dO5ftR92yW9D0TE7a+qK8TqDGgazVtei1tyqX6WRHHRQwV96BU6l7NGuRNJ2x7MbOZfxCVfb5590hH44S6JsjOi4zByTRowhk9LbYmJvzUnBOrzZIWmEEqBuLm6XZS8ooCLeFbLmihdLwdB9v/SJlEs0/9c8U4HUvvg1zZNaVLKJzcNVEw3OroPESvY+uEuoqibUrS4XFlsYKd5qHWUYPp/ZGmNYj+uJ+G4RqI5gmjyktcLMplH69+/z5C/ep9DJEKKU3C4lGVH8I8AG3Cz8nlVAWvbtU1UwkM2u5op2Sh1c6XbzTZISrjxQ4DT/gX5gPwc1q+GubjrJC5swDSp4HHcqKuKfHqgnrP04aZ/CqvMUt5N2cKgru7QM98NJi3 UA5UigYE QP/6wSf1ob6yxkiZPZhqdMAduTr9ayXpyJWW92Uhynt91pld8B3jVY3miHNz32Hb2SmKiIsOeWWUZvrDK5FEazcuWZXNKGuJB90UodXV4qUrTnbFgOTbUjWGnizd8OM6zRZozpklFsrTgMYnuX717I4x305KytjERyT4I5eRcZgKc26ALFwh7mInG4JhEr1xn+xlQHsDcO6BWnsqctx2agS1oYwsFoWk6r8ZMDVlXNnrlCBqIW57rkDEoVsdou8cSH2WnR6L8tOmZXiU7za+4FGh7Rx0BJiWqdO46AFnAH80jrEGyRSiG8pqhf3t94i74PcphKWh7umWS0AwCjW17hb36b5DEwszD5NS+CVEmKRGIiWVkXdQMstBMtxHtQuGvoD8b6t1Z1dwq9DBsLVfwE4AiYn7Sl3vKZQtegb1qpIemM6XdGRbejKmg2Q6S5LloXe1pHvGZIOx0deaxQkEwV3MKgNM7ug7F26sm/lDp0jSMlv+GzHB1HdYPjxEytT6SOunxwbahBwHF0fAlNZ+MZiL5ivOfNis6s9FW48Yd+zAGjUkeY9R1QIpsIw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --yusnn73qo2ipjwdy Content-Type: text/plain; protected-headers=v1; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable From: Alejandro Colomar To: Jann Horn Cc: linux-man@vger.kernel.org, Andrew Morton , "Liam R . Howlett" , Lorenzo Stoakes , Vlastimil Babka , linux-mm@kvack.org Subject: Re: [PATCH man] mmap.2: Document danger of mappings larger than PTRDIFF_MAX References: <20250409200316.1555164-1-jannh@google.com> MIME-Version: 1.0 In-Reply-To: <20250409200316.1555164-1-jannh@google.com> Hi Jan, On Wed, Apr 09, 2025 at 10:03:16PM +0200, Jann Horn wrote: > References: > - C99 draft: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf > section "6.5.6 Additive operators", paragraph 9 > - object size restriction in GCC: > https://gcc.gnu.org/legacy-ml/gcc/2011-08/msg00221.html > - glibc malloc restricts object size to <=3DPTRDIFF_MAX in > checked_request2size() > --- > I'm not sure if we can reasonably do anything about this in the kernel, > given that the kernel does not really have any idea of what userspace > object sizes look like, Hmmm. Maybe it could reject PTRDIFF_MAX within the kernel, which would at least work for cases where user-space ptrdiff_t matches the kernel's ptrdiff_t? Then only users where they don't match would be unprotected, but those are hopefully extra careful. > or whether userspace even wants C semantics. I guess any language will have to link to C at some point, or have inherent limitations similar to those of C. > But we can at least document it... Yep. Most people are unaware of this, and believe they can get SIZE_MAX. >=20 > @man-pages maintainer: Please wait a few days before applying this; > I imagine there might be some discussion about this. Okay; see some minor comments below. >=20 > man/man2/mmap.2 | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) >=20 > diff --git a/man/man2/mmap.2 b/man/man2/mmap.2 > index caf822103..9cb7dacf3 100644 > --- a/man/man2/mmap.2 > +++ b/man/man2/mmap.2 > @@ -785,6 +785,23 @@ correspond to added or removed regions of the file i= s unspecified. > An application can determine which pages of a mapping are > currently resident in the buffer/page cache using > .BR mincore (2). > +.P > +Unlike typical > +.BR malloc (3) > +implementations, > +.BR mmap () > +does not prevent creating objects larger than > +.B PTRDIFF_MAX. =2EBR PTRDIFF_MAX . (since you want the '.' not bold, but roman) > +Objects that are larger than > +.B PTRDIFF_MAX > +only work in limited ways in standard C (in particular, pointer subtract= ion Please break the line also before the '('. > +results in undefined behavior if the result would be bigger than > +.B PTRDIFF_MAX). =2EBR PTRDIFF_MAX ). (same reasons) > +On top of that, GCC also assumes that no object is bigger than > +.B PTRDIFF_MAX. =2EBR PTRDIFF_MAX . > +.B PTRDIFF_MAX > +is usually half of the address space size; so for 32-bit processes, it is Please break the line after ';' and after ',' (and not after 'is'). See also man-pages(7): $ MANWIDTH=3D72 man man-pages | sed -n '/Use semantic newlines/,/^$/p' Use semantic newlines In the source of a manual page, new sentences should be started on new lines, long sentences should be split into lines at clause breaks (commas, semicolons, colons, and so on), and long clauses should be split at phrase boundaries. This convention, sometimes known as "semantic newlines", makes it easier to see the effect of patches, which often operate at the level of individual sentences, clauses, or phrases. Have a lovely night! Alex > +usually 0x7fffffff (almost 2 GiB). > .\" > .SS Using MAP_FIXED safely > The only safe use for >=20 > base-commit: 4c4d9f0f5148caf1271394018d0f7381c1b8b400 > --=20 > 2.49.0.504.g3bcea36a83-goog >=20 --=20 --yusnn73qo2ipjwdy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEES7Jt9u9GbmlWADAi64mZXMKQwqkFAmf223UACgkQ64mZXMKQ wqn/Xg//bmmBgN4nFWRHGZDffDb5bEZG7Za3ET26J/jtj6Xlfqt+VvOK8eJd+oyu S6wfew6hA2IDEEa8cZ7paVNjZ+iXkNw8g2X9SXRdwiAy9j4np1ZdkhJoNnosFKjj OqFocG8E/m4l9RiPjqhXITkbz6j+450VNnhf7KJpNWUU+SvZrGV6GvfxCTpIXp4V VWpw1uOsgSJg4vVrPWbgOPvSip3wLJjoyEou2aR8k+noQ3p+YZwbZNqk1URbCBlq aVswI5qGc7kpY2H7MOCaAoTtYAKGsb5hGEE78x5jPpE7LOJDt8qDAxhM2QEiZtWi LALPqXjWDiRo1xjW0uUhFnLgGSKyK2V4CltQJ/8tsdsiXhVTiNUovxlsZsIU7Rvj km9BA05lXRS8WHEynUNOs3/Pr06Irm0SEOTKKBAEOVbSlS32N7alqlA94iOTovSi 0YyuUl3iEpxle0ORnfA01pm+dpUp7dB2NuiQ/G+jKej8CWClfNIlWg7RCMOGDLX5 ceiIOUC3/kcFcdfnl5Y166fPY2ZLNeClC6hIkACffrKmhhlGEn0jY9un/FwbbuIF pGj+Txc3qFG4M7szfY8o6ZmCpjARnqR8Sv7bR6DQeSikuA0GFs5noxuWYyCUHkDg tf5C1eA3u6z37cv9jetwKMiw60gGlW591lIBuO7M3/f1iKIiuKQ= =FW8P -----END PGP SIGNATURE----- --yusnn73qo2ipjwdy--