Re: [RFC PATCH] mm/mmap: Fix uprobe anon page be overwritten when expanding vma during mremap

[Oleg Nesterov <oleg@redhat.com>]

On 05/26, Oleg Nesterov wrote:
>
> On 05/25, David Hildenbrand wrote:
> >
> > On 25.05.25 11:59, Oleg Nesterov wrote:
> > >
> > >OK. But do you see any reason why uprobe_mmap() should be ever called during
> > >mremap() ?
> >
> > Only when growing a VMA: we might now cover a part with a uprobe, which we
> > have take care of.
>
> Ah, indeed, thank you...
>
> But. What if mremap() expands and moves a VMA? it seems to me that in
> this case uprobe_mmap() won't be called? I'll try to make the test-case
> to check...

It seems that I was right...

	#define _GNU_SOURCE
	#include <sys/mman.h>
	#include <linux/perf_event.h>
	#include <fcntl.h>
	#include <syscall.h>
	#include <unistd.h>
	#include <assert.h>

	#define FNAME	"FILE"
	#define ADDR (4096*16)

	int main(int argc, char *argv[])
	{
		int fd = open(FNAME, O_RDWR|O_CREAT, 0600);
		ftruncate(fd, 2*4096);

		struct perf_event_attr attr = {
			.type = 9,
			.size = 72,		// PERF_ATTR_SIZE_VER1 to include config2
			.config1 = (long)FNAME,	// uprobe_path
			.config2 = 4096,	// probe_offset
		};

		assert(syscall(__NR_perf_event_open, &attr, 0, 0, -1, 0) >= 0);

		assert(mmap((void*)ADDR, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, fd,0) == (void*)ADDR);

		int flags = 0;
		flags = MREMAP_MAYMOVE|MREMAP_FIXED;

		assert(mremap((void*)ADDR, 4096, 2*4096, flags, 2*ADDR) == (void*)(2*ADDR));

		pause();
		return 0;
	}

and
	/tmp/D# ./test &
	[1] 102
	/tmp/D# grep FILE /proc/$!/maps
	00020000-00022000 r-xp 00000000 00:15 2060                               /tmp/D/FILE

this test-case doesn't call uprobe_mmap/install_breakpoint during mremap().
I added a couple of printk's to ensure.

If I remove the

	flags = MREMAP_MAYMOVE|MREMAP_FIXED;

line above, everything works "as expected".

Oleg.