Re: [PATCH] mm/mremap: Fail map duplication attempts for private mappings

From: Michal Hocko
Date: Mon Jul 17 2017 - 02:44:18 EST


On Fri 14-07-17 10:29:01, Mike Kravetz wrote:
> On 07/14/2017 01:26 AM, Michal Hocko wrote:
> > On Thu 13-07-17 15:33:47, Mike Kravetz wrote:
> >> On 07/13/2017 12:11 PM, Vlastimil Babka wrote:
> >>> [+CC linux-api]
> >>>
> >>> On 07/13/2017 05:58 PM, Mike Kravetz wrote:
> >>>> mremap will create a 'duplicate' mapping if old_size == 0 is
> >>>> specified. Such duplicate mappings make no sense for private
> >>>> mappings. If duplication is attempted for a private mapping,
> >>>> mremap creates a separate private mapping unrelated to the
> >>>> original mapping and makes no modifications to the original.
> >>>> This is contrary to the purpose of mremap which should return
> >>>> a mapping which is in some way related to the original.
> >>>>
> >>>> Therefore, return EINVAL in the case where if an attempt is
> >>>> made to duplicate a private mapping.
> >>>>
> >>>> Signed-off-by: Mike Kravetz <mike.kravetz@xxxxxxxxxx>
> >>>
> >>> Acked-by: Vlastimil Babka <vbabka@xxxxxxx>
> >>>
> >>
> >> In another e-mail thread, Andrea makes the case that mremap(old_size == 0)
> >> of private file backed mappings could possibly be used for something useful.
> >> For example to create a private COW mapping.
> >
> > What does this mean exactly? I do not see it would force CoW so again
> > the new mapping could fail with the basic invariant that the content
> > of the new mapping should match the old one (e.g. old mapping already
> > CoWed some pages the new mapping would still contain the origin content
> > unless I am missing something).
>
> I do not think you are missing anything. You are correct in saying that
> the new mapping would be COW of the original file contents. It is NOT
> based on any private pages of the old private mapping. Sorry, my wording
> above was not quite clear.
>
> As previously discussed, the more straight forward to way to accomplish
> the same thing would be a simple call to mmap with the fd.
>
> After thinking about this some more, perhaps the original patch to return
> EINVAL for all private mappings makes more sense. Even in the case of a
> file backed private mapping, the new mapping will be based on the file and
> not the old mapping. The purpose of mremap is to create a new mapping
> based on the old mapping. So, this is not strictly in line with the purpose
> of mremap.

Yes that is exactly my point. One would expect that the new mapping has
the same content as the previous mapping at the time when it was created
and the copy will be "atomic" (wrt. page faults). Otherwise you could
simply implement it in the userspace.

That being said, I do not think we should try to pretend this is a
correct behavior and the !old_len should be supported only for the
shared mappings which have at least reasonable semantic.

> Actually, the more I think about this, the more I wish there was some way
> to deprecate and eventually eliminate the old_size == 0 behavior.
>
> > [...]
> >> + /*
> >> + * !old_len is a special case where a mapping is 'duplicated'.
> >> + * Do not allow this for private anon mappings.
> >> + */
> >> + if (!old_len && vma_is_anonymous(vma) &&
> >> + !(vma->vm_flags & (VM_SHARED | VM_MAYSHARE)))
> >> + return ERR_PTR(-EINVAL);
> >
> > Why is vma_is_anonymous() without VM_*SHARE* check insufficient?
>
> Are you asking,
> why is if (!old_len && vma_is_anonymous(vma)) insufficient?

yes

> If so, you are correct that the additional check for VM_*SHARE* is not
> necessary. Shared mappings are technically not anonymous as they must
> contain a common backing object.

that is my understanding as well. But maybe there are some weird
mappings which do not have vm_ops and populate the whole range inside
the mmap callback. I remember we had a CVE for those but forgot all
details of course. Failing on those doesn't seem like a tragedy to me
and maybe it is even correct.
--
Michal Hocko
SUSE Labs