From: Florian Weimer <fweimer@redhat.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: linux-api@vger.kernel.org, Khalid Aziz <khalid.aziz@oracle.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Andrew Morton <akpm@linux-foundation.org>,
Russell King - ARM Linux <linux@armlinux.org.uk>,
Andrea Arcangeli <aarcange@redhat.com>,
linux-mm@kvack.org, LKML <linux-kernel@vger.kernel.org>,
linux-arch@vger.kernel.org
Subject: Re: [RFC PATCH 1/2] mm: introduce MAP_FIXED_SAFE
Date: Mon, 20 Nov 2017 10:10:32 +0100 [thread overview]
Message-ID: <37a6e9ba-e0df-b65f-d5ef-871c25b5cb87@redhat.com> (raw)
In-Reply-To: <20171120085524.y4onsl5dpd3qbh7y@dhcp22.suse.cz>
On 11/20/2017 09:55 AM, Michal Hocko wrote:
> On Fri 17-11-17 08:30:48, Florian Weimer wrote:
>> On 11/16/2017 11:18 AM, Michal Hocko wrote:
>>> + if (flags & MAP_FIXED_SAFE) {
>>> + struct vm_area_struct *vma = find_vma(mm, addr);
>>> +
>>> + if (vma && vma->vm_start <= addr)
>>> + return -ENOMEM;
>>> + }
>>
>> Could you pick a different error code which cannot also be caused by a an
>> unrelated, possibly temporary condition? Maybe EBUSY or EEXIST?
>
> Hmm, none of those are described in the man page. I am usually very
> careful to not add new and potentially unexpected error codes but it is
I think this is a bad idea. It leads to bizarre behavior, like open
failing with EOVERFLOW with certain namespace configurations (which have
nothing to do with file sizes).
Most of the manual pages are incomplete regarding error codes, and with
seccomp filters and security modules, what error codes you actually get
is anyone's guess.
> true that a new flag should warrant a new error code. I am not sure
> which one is more appropriate though. EBUSY suggests that retrying might
> help which is true only if some other party unmaps the range. So EEXIST
> would sound more natural.
Sure, EEXIST is completely fine.
>> This would definitely help with application-based randomization of mappings,
>> and there, actual ENOMEM and this error would have to be handled
>> differently.
>
> I see. Could you be more specific about the usecase you have in mind? I
> would incorporate it into the patch description.
glibc ld.so currently maps DSOs without hints. This means that the
kernel will map right next to each other, and the offsets between them a
completely predictable. We would like to change that and supply a
random address in a window of the address space. If there is a
conflict, we do not want the kernel to pick a non-random address.
Instead, we would try again with a random address.
Thanks,
Florian
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Florian Weimer <fweimer@redhat.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: linux-api@vger.kernel.org, Khalid Aziz <khalid.aziz@oracle.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Andrew Morton <akpm@linux-foundation.org>,
Russell King - ARM Linux <linux@armlinux.org.uk>,
Andrea Arcangeli <aarcange@redhat.com>,
linux-mm@kvack.org, LKML <linux-kernel@vger.kernel.org>,
linux-arch@vger.kernel.org
Subject: Re: [RFC PATCH 1/2] mm: introduce MAP_FIXED_SAFE
Date: Mon, 20 Nov 2017 10:10:32 +0100 [thread overview]
Message-ID: <37a6e9ba-e0df-b65f-d5ef-871c25b5cb87@redhat.com> (raw)
Message-ID: <20171120091032.qzX8PpHLT-A8yb42twRmH00YQwRzWC4uIqDZlfba4F8@z> (raw)
In-Reply-To: <20171120085524.y4onsl5dpd3qbh7y@dhcp22.suse.cz>
On 11/20/2017 09:55 AM, Michal Hocko wrote:
> On Fri 17-11-17 08:30:48, Florian Weimer wrote:
>> On 11/16/2017 11:18 AM, Michal Hocko wrote:
>>> + if (flags & MAP_FIXED_SAFE) {
>>> + struct vm_area_struct *vma = find_vma(mm, addr);
>>> +
>>> + if (vma && vma->vm_start <= addr)
>>> + return -ENOMEM;
>>> + }
>>
>> Could you pick a different error code which cannot also be caused by a an
>> unrelated, possibly temporary condition? Maybe EBUSY or EEXIST?
>
> Hmm, none of those are described in the man page. I am usually very
> careful to not add new and potentially unexpected error codes but it is
I think this is a bad idea. It leads to bizarre behavior, like open
failing with EOVERFLOW with certain namespace configurations (which have
nothing to do with file sizes).
Most of the manual pages are incomplete regarding error codes, and with
seccomp filters and security modules, what error codes you actually get
is anyone's guess.
> true that a new flag should warrant a new error code. I am not sure
> which one is more appropriate though. EBUSY suggests that retrying might
> help which is true only if some other party unmaps the range. So EEXIST
> would sound more natural.
Sure, EEXIST is completely fine.
>> This would definitely help with application-based randomization of mappings,
>> and there, actual ENOMEM and this error would have to be handled
>> differently.
>
> I see. Could you be more specific about the usecase you have in mind? I
> would incorporate it into the patch description.
glibc ld.so currently maps DSOs without hints. This means that the
kernel will map right next to each other, and the offsets between them a
completely predictable. We would like to change that and supply a
random address in a window of the address space. If there is a
conflict, we do not want the kernel to pick a non-random address.
Instead, we would try again with a random address.
Thanks,
Florian
next prev parent reply other threads:[~2017-11-20 9:10 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-16 10:18 (unknown), Michal Hocko
2017-11-16 10:18 ` Michal Hocko
2017-11-16 10:18 ` [RFC PATCH 1/2] mm: introduce MAP_FIXED_SAFE Michal Hocko
2017-11-17 0:27 ` Kees Cook
2017-11-17 0:27 ` Kees Cook
[not found] ` <CAGXu5jKssQCcYcZujvQeFy5LTzhXSW=f-a0riB=4+caT1i38BQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-11-17 19:12 ` Matthew Wilcox
2017-11-17 19:12 ` Matthew Wilcox
2017-11-20 8:43 ` Michal Hocko
2017-11-20 8:43 ` Michal Hocko
2017-11-17 7:30 ` Florian Weimer
2017-11-20 8:55 ` Michal Hocko
2017-11-20 9:10 ` Florian Weimer [this message]
2017-11-20 9:10 ` Florian Weimer
[not found] ` <37a6e9ba-e0df-b65f-d5ef-871c25b5cb87-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-11-20 9:33 ` Michal Hocko
2017-11-20 9:33 ` Michal Hocko
2017-11-20 9:45 ` Florian Weimer
2017-11-20 9:45 ` Florian Weimer
2017-11-17 8:37 ` John Hubbard
2017-11-20 9:02 ` Michal Hocko
2017-11-20 9:02 ` Michal Hocko
2017-11-16 10:19 ` [PATCH 2/2] fs, elf: drop MAP_FIXED usage from elf_map Michal Hocko
2017-11-16 10:19 ` Michal Hocko
2017-11-17 0:30 ` Kees Cook
2017-11-17 0:30 ` Kees Cook
[not found] ` <20171116101900.13621-1-mhocko-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2017-11-16 12:14 ` [RFC PATCH 0/2] mm: introduce MAP_FIXED_SAFE Michal Hocko
2017-11-16 12:14 ` Michal Hocko
[not found] ` <20171116121438.6vegs4wiahod3byl-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2017-11-17 8:45 ` John Hubbard
2017-11-17 8:45 ` John Hubbard
2017-11-20 9:05 ` Michal Hocko
2017-11-20 9:05 ` Michal Hocko
2017-11-22 1:48 ` John Hubbard
2017-11-22 13:12 ` Michal Hocko
2017-11-22 13:12 ` Michal Hocko
2017-11-22 13:20 ` Vlastimil Babka
2017-11-24 8:54 ` Michal Hocko
2017-11-27 15:51 ` Khalid Aziz
2017-11-27 15:51 ` Khalid Aziz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=37a6e9ba-e0df-b65f-d5ef-871c25b5cb87@redhat.com \
--to=fweimer@redhat.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=khalid.aziz@oracle.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@armlinux.org.uk \
--cc=mhocko@kernel.org \
--cc=mpe@ellerman.id.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).