Re: [PATCH] mm: mmap() sometimes succeeds even if the region to mapis invalid.

From: Naotaka Hamaguchi
Date: Mon Feb 20 2012 - 02:24:19 EST

Next message: Naoya Horiguchi: "Re: [PATCH 2/6] thp: optimize away unnecessary page table locking"
Previous message: Lai Jiangshan: "Re: [PATCH RFC tip/core/rcu] rcu: direct algorithmic SRCU implementation"
In reply to: Venu Byravarasu: "RE: [PATCH] mm: mmap() sometimes succeeds even if the region to mapis invalid."
Next in thread: Hugh Dickins: "Re: [PATCH] mm: mmap() sometimes succeeds even if the region to mapis invalid."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Venu,

1. mmap() succeeds even if "offset" argument is a negative value, although
it should return EINVAL in such case.

In such case, it is actually regarded as big positive value
because the type of "off" is "unsigned long" in the kernel.
For example, off=-4096 (-0x1000) is regarded as
off = 0xfffffffffffff000 (x86_64) and as off = 0xfffff000 (x86).
It results in mapping too big offset region.

It is not true always.

Considering your example, say if page size is 4k, then PAGE_MASK = 0xFFF
hence (off& ~PAGE_MASK) will be true and " -EINVAL" will be returned.

Is PAGE_MASK 0xfffffffffffff000 (x86_64) and 0xfffff000 (x86), isn't it?
Or am I missing something?

arch/x86/include/asm/page_types.h
=================================================
...
#define PAGE_SHIFT 12
#define PAGE_SIZE (_AC(1,UL) << PAGE_SHIFT)
#define PAGE_MASK (~(PAGE_SIZE-1))
...
=================================================

Thanks,
Naotaka Hamaguchi

(2012/02/17 18:04), Venu Byravarasu wrote:

The detail of these problems is as follows:

1. mmap() succeeds even if "offset" argument is a negative value, although
it should return EINVAL in such case.

In such case, it is actually regarded as big positive value
because the type of "off" is "unsigned long" in the kernel.
For example, off=-4096 (-0x1000) is regarded as
off = 0xfffffffffffff000 (x86_64) and as off = 0xfffff000 (x86).
It results in mapping too big offset region.

It is not true always.

Considering your example, say if page size is 4k, then PAGE_MASK = 0xFFF
hence (off& ~PAGE_MASK) will be true and " -EINVAL" will be returned.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Naoya Horiguchi: "Re: [PATCH 2/6] thp: optimize away unnecessary page table locking"
Previous message: Lai Jiangshan: "Re: [PATCH RFC tip/core/rcu] rcu: direct algorithmic SRCU implementation"
In reply to: Venu Byravarasu: "RE: [PATCH] mm: mmap() sometimes succeeds even if the region to mapis invalid."
Next in thread: Hugh Dickins: "Re: [PATCH] mm: mmap() sometimes succeeds even if the region to mapis invalid."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]