Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in __vma_reservation_common

From: Oscar Salvador
Date: Tue Apr 16 2024 - 01:37:17 EST

Next message: Mike Galbraith: "Re: [RFC][PATCH 08/10] sched/fair: Implement delayed dequeue"
Previous message: Pankaj Gupta: "[PATCH v3 2/2] drivers: crypto: caam: i.MX8ULP donot have CAAM page0 access"
In reply to: Matthew Wilcox: "Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in __vma_reservation_common"
Next in thread: syzbot: "Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in __vma_reservation_common"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 16, 2024 at 05:35:50AM +0100, Matthew Wilcox wrote:
> Why does hugetlbfs use VM_MAYSHARE while regular faults use VM_SHARED?

It goes back to:

commit f83a275dbc5ca1721143698e844243fcadfabf6a
Author: Mel Gorman <mel@xxxxxxxxx>
Date: Thu May 28 14:34:40 2009 -0700

mm: account for MAP_SHARED mappings using VM_MAYSHARE and not VM_SHARED in hugetlbfs

"hugetlbfs currently checks if a VMA is MAP_SHARED with the VM_SHARED flag
and not VM_MAYSHARE. For file-backed mappings, such as hugetlbfs,
VM_SHARED is set only if the mapping is MAP_SHARED and the file was opened
read-write. If a shared memory mapping was mapped shared-read-write for
populating of data and mapped shared-read-only by other processes, then
hugetlbfs would account for the mapping as if it was MAP_PRIVATE. This
causes processes to fail to map the file MAP_SHARED even though it should
succeed as the reservation is there."

--
Oscar Salvador
SUSE Labs

Next message: Mike Galbraith: "Re: [RFC][PATCH 08/10] sched/fair: Implement delayed dequeue"
Previous message: Pankaj Gupta: "[PATCH v3 2/2] drivers: crypto: caam: i.MX8ULP donot have CAAM page0 access"
In reply to: Matthew Wilcox: "Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in __vma_reservation_common"
Next in thread: syzbot: "Re: [syzbot] [mm?] KASAN: slab-use-after-free Read in __vma_reservation_common"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]