On Sat, Dec 13, 2003 at 05:05:36PM +0100, Ralf Baechle wrote:
> On Sat, Dec 13, 2003 at 11:41:34AM +0000, Peter Horton wrote:
>
> > The current MIPS 2.4 kernel (from CVS) currently allows fixed shared
> > mappings to violate D-cache aliasing constraints.
> >
> > The check for illegal fixed mappings is done in
> > arch_get_unmapped_area(), but these mappings are granted in
> > get_unmapped_area() and arch_get_unmapped_area() is never called.
> >
> > A quick look at sparc and sparc64 seem to show the same problem.
>
> Ehh... <asm/pgtable.h> defines HAVE_ARCH_UNMAPPED_AREA therefore
> get_unmapped_area calls the arch's version of arch_get_unmapped_area
> instead of the generic version in mm/mmap.c
>
arch_get_unmapped_area() never get called because get_unmapped_area()
notices the MAP_FIXED flag and returns success.
In the example below the second mmap() should fail because it violates
the shm_align_mask.
P.
pdh@qube2:~$ uname -a
Linux qube2 2.4.23 #2 Sat Dec 13 18:03:10 GMT 2003 mips unknown
pdh@qube2:~$ ./shared
0xdeadbeef 0
pdh@qube2:~$ cat shared.c
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <sys/user.h>
int main(int argc, char *argv[])
{
static char zero;
void *p1, *p2;
int fd;
fd = open("/tmp/test.shared", O_CREAT|O_RDWR|O_TRUNC, 0664);
if(fd == -1)
return 1;
unlink("/tmp/test.shared");
lseek(fd, PAGE_SIZE - 1, SEEK_SET);
if(write(fd, &zero, 1) != 1)
return 1;
p1 = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_SHARED, fd, 0);
if(p1 == MAP_FAILED)
return 1;
p2 = mmap(p1 + PAGE_SIZE, PAGE_SIZE, PROT_WRITE, MAP_SHARED|MAP_FIXED, fd, 0);
if(p2 == MAP_FAILED || p2 - p1 != PAGE_SIZE)
return 1;
*(int *) p2 = 0xdeadbeef;
printf("%#x %#x\n", *(int *) p2, *(int *) p1);
return 0;
}
pdh@qube2:~$
