From: Nicholas Piggin <npiggin@gmail.com>
To: Florian Weimer <fweimer@redhat.com>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
linuxppc-dev@lists.ozlabs.org, linux-mm <linux-mm@kvack.org>
Subject: Re: POWER: Unexpected fault when writing to brk-allocated memory
Date: Mon, 6 Nov 2017 21:20:38 +1100 [thread overview]
Message-ID: <20171106212038.61163712@roar.ozlabs.ibm.com> (raw)
In-Reply-To: <546d4155-5b7c-6dba-b642-29c103e336bc@redhat.com>
On Mon, 6 Nov 2017 09:32:25 +0100
Florian Weimer <fweimer@redhat.com> wrote:
> On 11/06/2017 09:30 AM, Aneesh Kumar K.V wrote:
> > On 11/06/2017 01:55 PM, Nicholas Piggin wrote:
> >> On Mon, 6 Nov 2017 09:11:37 +0100
> >> Florian Weimer <fweimer@redhat.com> wrote:
> >>
> >>> On 11/06/2017 07:47 AM, Nicholas Piggin wrote:
> >>>> "You get < 128TB unless explicitly requested."
> >>>>
> >>>> Simple, reasonable, obvious rule. Avoids breaking apps that store
> >>>> some bits in the top of pointers (provided that memory allocator
> >>>> userspace libraries also do the right thing).
> >>>
> >>> So brk would simplify fail instead of crossing the 128 TiB threshold?
> >>
> >> Yes, that was the intention and that's what x86 seems to do.
> >>
> >>>
> >>> glibc malloc should cope with that and switch to malloc, but this code
> >>> path is obviously less well-tested than the regular way.
> >>
> >> Switch to mmap() I guess you meant?
>
> Yes, sorry.
>
> >> powerpc has a couple of bugs in corner cases, so those should be fixed
> >> according to intended policy for stable kernels I think.
> >>
> >> But I question the policy. Just seems like an ugly and ineffective wart.
> >> Exactly for such cases as this -- behaviour would change from run to run
> >> depending on your address space randomization for example! In case your
> >> brk happens to land nicely on 128TB then the next one would succeed.
> >
> > Why ? It should not change between run to run. We limit the free
> > area search range based on hint address. So we should get consistent
> > results across run. even if we changed the context.addr_limit.
>
> The size of the gap to the 128 TiB limit varies between runs because of
> ASLR. So some runs would use brk alone, others would use brk + malloc.
> That's not really desirable IMHO.
Yeah. Actually I looked at the code a bit more, and it seems that the
intention is for MAP_FIXED to do exactly what I wanted. brk() uses
MAP_FIXED under the covers, so this case should be okay I think. I'm
just slightly happier now, but I still think it's not the right thing
to do to fail an explicit request for crossing 128TB with a hint. Same
fundamental criticism still applies -- it does not really solve bugs
and just adds an unintuitive wart to the API, and a random change in
behaviour based on randomization.
Anyway I sent some patches that are split up better and hopefully solve
some bugs for powerpc without changing intended policy. That's left for
another discussion.
Thanks,
Nick
next prev parent reply other threads:[~2017-11-06 10:20 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-03 17:05 POWER: Unexpected fault when writing to brk-allocated memory Florian Weimer
2017-11-05 12:18 ` Nicholas Piggin
2017-11-05 12:35 ` Florian Weimer
2017-11-05 12:54 ` Nicholas Piggin
2017-11-05 14:50 ` Florian Weimer
2017-11-06 6:18 ` Aneesh Kumar K.V
2017-11-06 6:47 ` Nicholas Piggin
2017-11-06 8:11 ` Florian Weimer
2017-11-06 8:25 ` Nicholas Piggin
2017-11-06 8:30 ` Aneesh Kumar K.V
2017-11-06 8:32 ` Florian Weimer
2017-11-06 10:20 ` Nicholas Piggin [this message]
2017-11-07 5:07 ` Nicholas Piggin
2017-11-07 8:15 ` Florian Weimer
2017-11-07 9:24 ` Nicholas Piggin
2017-11-07 11:16 ` Kirill A. Shutemov
2017-11-07 11:15 ` Kirill A. Shutemov
2017-11-07 11:26 ` Florian Weimer
2017-11-07 11:44 ` Kirill A. Shutemov
2017-11-07 13:05 ` Florian Weimer
2017-11-07 13:16 ` Kirill A. Shutemov
2017-11-08 6:08 ` Michael Ellerman
2017-11-08 6:18 ` Florian Weimer
2017-11-07 11:56 ` Nicholas Piggin
2017-11-07 12:28 ` Kirill A. Shutemov
2017-11-07 13:33 ` Nicholas Piggin
2017-11-07 13:45 ` Aneesh Kumar K.V
2017-11-07 14:01 ` Kirill A. Shutemov
2017-11-09 17:15 ` Nicholas Piggin
2017-11-09 19:44 ` Matthew Wilcox
2017-11-10 1:26 ` Nicholas Piggin
2017-11-10 12:08 ` David Laight
2017-11-11 10:30 ` Nicholas Piggin
2017-11-08 4:56 ` Michael Ellerman
2017-11-08 8:30 ` Kirill A. Shutemov
2017-11-06 8:10 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171106212038.61163712@roar.ozlabs.ibm.com \
--to=npiggin@gmail.com \
--cc=aneesh.kumar@linux.vnet.ibm.com \
--cc=fweimer@redhat.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).