Re: git: 50d663b14b31 - main - vm: Fix vm_map_find_min()

In reply to: Dmitry Chagin : "Re: git: 50d663b14b31 - main - vm: Fix vm_map_find_min()"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Alan Cox <alc_at_rice.edu>
Date: Sun, 30 Jul 2023 17:35:02 UTC
I see.  That change fixed the case where the address hint is non-zero, 
e.g., 0x100000, but not zero.

On 7/30/23 05:58, Dmitry Chagin wrote:
> On Sun, Jul 30, 2023 at 01:30:37PM +0300, Dmitry Chagin wrote:
>> On Wed, Jul 26, 2023 at 05:25:37AM +0000, Alan Cox wrote:
>>> The branch main has been updated by alc:
>>>
>>> URL: https://urldefense.com/v3/__https://cgit.FreeBSD.org/src/commit/?id=50d663b14b310d6020b4b6cc92d4fae985f086f2__;!!BuQPrrmRaQ!mJGmkdRJ06TT6ocFnVe7lPS7hSNIIhrCQH9IKMbB6XZVJuiUc2_wPJ55o1zzD6AhClmQwgQKHvKnW4rs75yVrtax$
>>>
>>> commit 50d663b14b310d6020b4b6cc92d4fae985f086f2
>>> Author:     Alan Cox <alc@FreeBSD.org>
>>> AuthorDate: 2023-07-25 07:24:19 +0000
>>> Commit:     Alan Cox <alc@FreeBSD.org>
>>> CommitDate: 2023-07-26 05:24:50 +0000
>>>
>>>      vm: Fix vm_map_find_min()
>>>      
>>>      Fix the handling of address hints that are less than min_addr by
>>>      vm_map_find_min().
>>>      
>> Thank you for fixing that, however it still fails under Linuxulator.
>>
>>
>> #include <sys/mman.h>
>> #include <sys/stat.h>
>>
>> #include <assert.h>
>> #include <fcntl.h>
>> #include <stdint.h>
>> #include <stdio.h>
>> #include <stdlib.h>
>> #include <unistd.h>
>>
>> int
>> main(int argc, char** argv)
>> {
>> 	struct stat sb;
>> 	void *s32;
>> 	int f, r;
>>
>> 	f = open(argv[0], O_RDONLY);
>> 	assert(f > 0);
>>
>> 	r = fstat(f, &sb);
>> 	assert(r == 0);
>>
>> 	s32  = mmap(NULL, sb.st_size, PROT_READ,
>> 	    MAP_32BIT|MAP_PRIVATE, f, 0);
>> 	assert(s32 != MAP_FAILED);
>> 	assert((uintptr_t)s32 < 0x80000000);
>>
>> 	close(f);
>> 	munmap(s32, sb.st_size);
>> 	return (0);
>> }
>>
> hmm, it also fails natively with disable aslr
>
>
>>
>>>      Reported by:    dchagin
>>>      Reviewed by:    kib
>>>      Fixes:  d8e6f4946cec0 "vm: Fix anonymous memory clustering under ASLR"
>>>      Differential Revision:  https://urldefense.com/v3/__https://reviews.freebsd.org/D41159__;!!BuQPrrmRaQ!mJGmkdRJ06TT6ocFnVe7lPS7hSNIIhrCQH9IKMbB6XZVJuiUc2_wPJ55o1zzD6AhClmQwgQKHvKnW4rs70ygLqzX$
>>> ---
>>>   sys/vm/vm_map.c | 4 ++--
>>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c
>>> index 444e09986d4e..eb607d519247 100644
>>> --- a/sys/vm/vm_map.c
>>> +++ b/sys/vm/vm_map.c
>>> @@ -2255,10 +2255,10 @@ vm_map_find_min(vm_map_t map, vm_object_t object, vm_ooffset_t offset,
>>>   	int rv;
>>>   
>>>   	hint = *addr;
>>> -	if (hint == 0)
>>> +	if (hint == 0) {
>>>   		cow |= MAP_NO_HINT;
>>> -	if (hint < min_addr)
>>>   		*addr = hint = min_addr;
>>> +	}
>>>   	for (;;) {
>>>   		rv = vm_map_find(map, object, offset, addr, length, max_addr,
>>>   		    find_space, prot, max, cow);