* Marc Reisner <reisner.marc@xxxxxxxxx> [240808 11:03]: > On Thu, Aug 08, 2024 at 09:12:59PM +0800, Kefeng Wang wrote: > > > > OK,revert patch is sent, but I am also curious about it. > > > > https://lore.kernel.org/all/20240808130909.1027860-1-wangkefeng.wang@xxxxxxxxxx/ > > I am also curious. It seems like the "real" fix would be in mmap - my > understanding is that it should not intersect with heap, even when heap > is empty (start_brk == brk). > > It looks like start_brk is fixed in place when the ELF is > loaded in fs/binfmt_elf.c:load_elf_binary (line 1288). > > if ((current->flags & PF_RANDOMIZE) && (snapshot_randomize_va_space > 1)) { > /* > * For architectures with ELF randomization, when executing > * a loader directly (i.e. no interpreter listed in ELF > * headers), move the brk area out of the mmap region > * (since it grows up, and may collide early with the stack > * growing down), and into the unused ELF_ET_DYN_BASE region. > */ > if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) && > elf_ex->e_type == ET_DYN && !interpreter) { > mm->brk = mm->start_brk = ELF_ET_DYN_BASE; > } else { > /* Otherwise leave a gap between .bss and brk. */ > mm->brk = mm->start_brk = mm->brk + PAGE_SIZE; > } > > mm->brk = mm->start_brk = arch_randomize_brk(mm); > #ifdef compat_brk_randomized > current->brk_randomized = 1; > #endif > } Have a look at the mmapstress 3 test in ltp [1]. The tests pokes holes and mmaps into those holes throughout the brk range. [1]. https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/mem/mmapstress/mmapstress03.c
