From: Oscar Salvador <osalvador@suse.de>
To: Uday Shankar <ushankar@purestorage.com>
Cc: Muchun Song <muchun.song@linux.dev>,
Andrew Morton <akpm@linux-foundation.org>,
Joern Engel <joern@purestorage.com>,
linux-mm@kvack.org
Subject: Re: [bug report?] unintuitive behavior when mapping over hugepage-backed PROT_NONE regions
Date: Thu, 6 Feb 2025 10:01:05 +0100 [thread overview]
Message-ID: <Z6R6USWFfyjWljth@localhost.localdomain> (raw)
In-Reply-To: <Z6RUOjNaBpTYUAs6@dev-ushankar.dev.purestorage.com>
On Wed, Feb 05, 2025 at 11:18:34PM -0700, Uday Shankar wrote:
> I was debugging an issue with a malloc implementation when I noticed
> some unintuitive behavior that happens when someone attempts to
> overwrite part of a hugepage-backed PROT_NONE mapping with another
> mapping. I've isolated the issue and reproduced it with the following
> program:
...
> First, we map a 2G PROT_NONE region using hugepages. This succeeds. Then
> we try to map a 4096-length PROT_READ | PROT_WRITE region at the
> beginning of the PROT_NONE region, still using hugepages. This fails, as
> expected, because 4096 is much smaller than the hugepage size configured
> on the system (this is x86 with a default hugepage size of 2M). The
Not really, see how ksys_mmap_pgoff() aligns len to huge_page_size if we
set MAP_HUGETLB.
It fails with ENOMEM because likely you did not preallocate any hugetlb
pages, so by the time we do hugetlbfs_file_mmap()->hugetlb_reserve_pages(),
it sees that we do not have enough hugetlb pages in the pool to be reserved,
so it bails out.
> surprising thing is the difference in /proc/pid/smaps before and after
> the failed mmap. Even though the mmap failed, the value in
> /proc/pid/smaps changed, with a 2M-sized bite being taken out the front
> of the mapping. This feels unintuitive to me, as I'd expect a failed
> mmap to have no effect on the virtual memory mappings of the calling
> process whatsoever.
That is because the above happens after __mmap_prepare(), which is
responsible of unmapping any overlapping areas, is executed.
I guess this is done this way because rolling back at this point would be
quite tricky.
--
Oscar Salvador
SUSE Labs
next prev parent reply other threads:[~2025-02-06 9:01 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-06 6:18 [bug report?] unintuitive behavior when mapping over hugepage-backed PROT_NONE regions Uday Shankar
2025-02-06 9:01 ` Oscar Salvador [this message]
2025-02-06 18:11 ` Jörn Engel
2025-02-06 18:54 ` Oscar Salvador
2025-02-07 10:29 ` Lorenzo Stoakes
2025-02-07 10:49 ` Vlastimil Babka
2025-02-07 12:33 ` Lorenzo Stoakes
2025-02-06 19:44 ` Uday Shankar
2025-02-07 13:12 ` Lorenzo Stoakes
2025-02-07 19:35 ` Jörn Engel
2025-02-08 16:02 ` Lorenzo Stoakes
2025-02-08 17:37 ` Jörn Engel
2025-02-08 17:40 ` Lorenzo Stoakes
2025-02-08 17:53 ` Jörn Engel
2025-02-08 18:00 ` Lorenzo Stoakes
2025-02-08 21:16 ` Jörn Engel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z6R6USWFfyjWljth@localhost.localdomain \
--to=osalvador@suse.de \
--cc=akpm@linux-foundation.org \
--cc=joern@purestorage.com \
--cc=linux-mm@kvack.org \
--cc=muchun.song@linux.dev \
--cc=ushankar@purestorage.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.