| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171208142714.GB7793@amd>
Date: Fri, 8 Dec 2017 15:27:14 +0100
From: Pavel Machek <pavel@....cz>
To: Michael Ellerman <mpe@...erman.id.au>
Cc: Matthew Wilcox <willy@...radead.org>,
Kees Cook <keescook@...omium.org>,
Cyril Hrubis <chrubis@...e.cz>,
Michal Hocko <mhocko@...nel.org>,
Linux API <linux-api@...r.kernel.org>,
Khalid Aziz <khalid.aziz@...cle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Russell King - ARM Linux <linux@...linux.org.uk>,
Andrea Arcangeli <aarcange@...hat.com>,
Linux-MM <linux-mm@...ck.org>,
LKML <linux-kernel@...r.kernel.org>,
linux-arch <linux-arch@...r.kernel.org>,
Florian Weimer <fweimer@...hat.com>,
John Hubbard <jhubbard@...dia.com>,
Abdul Haleem <abdhalee@...ux.vnet.ibm.com>,
Joel Stanley <joel@....id.au>
Subject: Re: [PATCH 0/2] mm: introduce MAP_FIXED_SAFE
On Fri 2017-12-08 22:08:07, Michael Ellerman wrote:
> Matthew Wilcox <willy@...radead.org> writes:
>
> > On Thu, Dec 07, 2017 at 11:14:27AM -0800, Kees Cook wrote:
> >> On Wed, Dec 6, 2017 at 9:46 PM, Michael Ellerman <mpe@...erman.id.au> wrote:
> >> > Matthew Wilcox <willy@...radead.org> writes:
> >> >> So, just like we currently say "exactly one of MAP_SHARED or MAP_PRIVATE",
> >> >> we could add a new paragraph saying "at most one of MAP_FIXED or
> >> >> MAP_REQUIRED" and "any of the following values".
> >> >
> >> > MAP_REQUIRED doesn't immediately grab me, but I don't actively dislike
> >> > it either :)
> >> >
> >> > What about MAP_AT_ADDR ?
> >> >
> >> > It's short, and says what it does on the tin. The first argument to mmap
> >> > is actually called "addr" too.
> >>
> >> "FIXED" is supposed to do this too.
> >>
> >> Pavel suggested:
> >>
> >> MAP_ADD_FIXED
> >>
> >> (which is different from "use fixed", and describes why it would fail:
> >> can't add since it already exists.)
> >>
> >> Perhaps "MAP_FIXED_NEW"?
> >>
> >> There has been a request to drop "FIXED" from the name, so these:
> >>
> >> MAP_FIXED_NOCLOBBER
> >> MAP_FIXED_NOREPLACE
> >> MAP_FIXED_ADD
> >> MAP_FIXED_NEW
> >>
> >> Could be:
> >>
> >> MAP_NOCLOBBER
> >> MAP_NOREPLACE
> >> MAP_ADD
> >> MAP_NEW
> >>
> >> and we still have the unloved, but acceptable:
> >>
> >> MAP_REQUIRED
> >>
> >> My vote is still for "NOREPLACE" or "NOCLOBBER" since it's very
> >> specific, though "NEW" is pretty clear too.
> >
> > How about MAP_NOFORCE?
>
> It doesn't tell me that addr is not a hint. That's a crucial detail.
>
> Without MAP_FIXED mmap never "forces/replaces/clobbers", so why would I
> need MAP_NOFORCE if I don't have MAP_FIXED?
>
> So it needs something in there to indicate that the addr is not a hint,
> that's the only thing that flag actually *does*.
>
>
> If we had a time machine, the right set of flags would be:
>
> - MAP_FIXED: don't treat addr as a hint, fail if addr is not free
> - MAP_REPLACE: replace an existing mapping (or force or clobber)
Actually, if we had a time machine... would we even provide
MAP_REPLACE functionality?
> But the two were conflated for some reason in the current MAP_FIXED.
>
> Given we can't go back and fix it, the closest we can get is to add a
> variant of MAP_FIXED which subtracts the "REPLACE" semantic.
>
> ie: MAP_FIXED_NOREPLACE
I like MAP_FIXED_NOREPLACE.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)
Powered by blists - more mailing lists