| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Jun 2008 09:45:59 +1000 From: "Robert Mueller" <robm@...tmail.fm> To: "Linus Torvalds" <torvalds@...ux-foundation.org>, "Bron Gondwana" <brong@...tmail.fm> Cc: "Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>, "Nick Piggin" <npiggin@...e.de>, "Andrew Morton" <akpm@...ux-foundation.org>, "Andi Kleen" <andi@...stfloor.org>, "Ingo Molnar" <mingo@...e.hu>, "Ken Murchison" <murch@...rew.cmu.edu> Subject: Re: Cyrus mmap vs lseek/write usage - (WAS: BUG: mmapfile/writev spurious zero bytes (x86_64/not i386, bisected, reproducable)) >> It actually does use MAP_SHARED already, but only for reading. >> Writing is all done with seeks and writes, followed by a map >> "refresh", which is really just an unmmap/mmap if the file has >> extended past the "SLOP" (between 8 and 16 k after the end of the >> file length at last mapping). > > So the more traditional way would be to do an all-mmap thing, and > extend the file with ftruncate(), not write. That's somethign that > programs like nntpd have been doing for decades, so it's a very > "traditional" model and thus much more likely to be safe. It also > avoids all the aliasing issues, if all accesses are done the same way. As noted above, one thing cyrus does which does seem to be plain "wrong" is that it mmaps a region greater the file size (rounds to an 8k boundary, but 8k-16k past the current end of the file) and then assumes that when it writes to the end of the file (but less than the end of the mmap region) that there's no need to remmap and that data is immediately available within the previous mmaped region. Apparently that works on most OS's (but is what this bug actually exposed), but according to the mmap docs: --- If the size of the mapped file changes after the call to mmap() as a result of some other operation on the mapped file, the effect of references to portions of the mapped region that correspond to added or removed portions of the file is unspecified. --- The way I read that, even if you mmap a file with a size past the end of the file currently, if you subsequently write to the end of that file, you shouldn't assume that written data is available in the region you previously mmaped, which cyrus definitely does do. Amazingly (apart from HP/UX) no OS actually seems to have a problem with this since there would be massive cyrus bug reports otherwise. Rob ---------- robm@...tmail.fm Sign up at http://fastmail.fm for fast, ad free, IMAP accessible email -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists