FS#79656 - [linux] mprotect on mmaped pages at 0x0 fails

Attached to Project: Arch Linux
Opened by Arvid Norlander (VorpalGun) - Monday, 11 September 2023, 15:20 GMT
Last edited by Toolybird (Toolybird) - Sunday, 08 October 2023, 07:12 GMT
Task Type Bug Report
Category Kernel
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

I'm using the SheepShaver classic Mac emulator (in AUR), which needs to map memory at 0x0 (thus I have set vm.mmap_min_addr=0 when running it). As of 6.5.2-arch1-1 this is not enough. On the previous kernel (not sure the exact version, but I update every week) this worked.

The actual allocation (using mmap) in SheepShaver works, but then it does a mprotect(0x0, SIZE_OF_EMULATED_RAM, PROT_READ | PROT_WRITE) which for some odd reason fails. This appears to be a kernel user space regression. I'm not sure what the next step in diagnosing this is. Presumably I should figure out if an upstream kernel has the issue, and if so report it to the linux kernel bug tracker? Some advise would be useful here.


Additional info:
* package version(s): linux-6.5.2-arch1-1, sheepshaver-git r2687.g720eb598-1 (from AUR)

Steps to reproduce:
* mmap 512 MB at 0x0.
* Call mprotect(0x0, 512*1024*1024, PROT_READ | PROT_WRITE)

Strangely this second call fails.
This task depends upon

Closed by  Toolybird (Toolybird)
Sunday, 08 October 2023, 07:12 GMT
Reason for closing:  Upstream
Additional comments about closing:  Fix coming in 6.5.7, real soon now..
Comment by Arvid Norlander (VorpalGun) - Monday, 11 September 2023, 15:21 GMT
Link to sheepshaver bug report: https://github.com/cebix/macemu/issues/271
Comment by loqs (loqs) - Monday, 11 September 2023, 16:23 GMT
Please confirm it was introduced by a kernel change by downgrading the linux package.
Comment by Arvid Norlander (VorpalGun) - Monday, 11 September 2023, 16:47 GMT
Here is a reproducer: https://gist.githubusercontent.com/heatd/85d2971fae1501b55b6ea401fbbe485b/raw/dc4447c235c3fad49c397652719c3ba1761eebae/mmap_repro.c
Comment by Toolybird (Toolybird) - Monday, 11 September 2023, 23:15 GMT
Very difficult to see how this is an Arch packaging issue. It seems like an upstream kernel regression [1], but it might also be on purpose in the 6.5.x kernel. You might have better luck reporting it upstream to the kernel folks, but it would be wise to first of all perform a git bisection to identify the causal commit. Please let us know what you find out.

[1] https://wiki.archlinux.org/title/Kernel#Debugging_regressions
Comment by Arvid Norlander (VorpalGun) - Wednesday, 13 September 2023, 20:26 GMT
> Please confirm it was introduced by a kernel change by downgrading the linux package.

Yes, it was between 6.4 and 6.5

> Very difficult to see how this is an Arch packaging issue. It seems like an upstream kernel regression [1],

That seems to be the case after further investigation. However, it wasn't clear when I reported this if it was due to Arch patches or not.

> but it might also be on purpose in the 6.5.x kernel.

Doubtful, as the linux kernel has a no-userspace regression policy. In addition it isn't the mmap that fails, it is the mprotect.

> You might have better luck reporting it upstream to the kernel folks, but it would be wise to first of all perform a git bisection to identify the causal commit. Please let us know what you find out.

Someone named "heat" in the #archlinux IRC channel helped me bisect this, and he reported it upwards. Apparently a change in the maple tree code.

Comment by loqs (loqs) - Wednesday, 13 September 2023, 20:34 GMT
Do you know what commit was the identified as the cause by the bisection?
Do you have a link to the upstream bug report?
Comment by Arvid Norlander (VorpalGun) - Thursday, 14 September 2023, 21:23 GMT
The commit ID was 39193685d585e573592e58204c445bfc5c3cafb3

I don't have a link to a bug report: [19:00] <heat> i found the root problem and handed it off to the guy who last touched it
I take that as the report was done by email or email list.
Comment by Toolybird (Toolybird) - Friday, 15 September 2023, 03:26 GMT
For the lazy (like me):

https://github.com/archlinux/linux/commit/39193685d585e573592e58204c445bfc5c3cafb3

Hopefully upstream are "on the case". PM notified but probably nothing we can do at this stage.
Comment by loqs (loqs) - Thursday, 28 September 2023, 22:57 GMT
Fix is now being tested in mm-hotfixes-unstable [1][2]

[1] https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?h=mm-hotfixes-unstable&id=5571465d7a74a20d89440831fb8aa07c0cec9a04
[2] https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?h=mm-hotfixes-unstable&id=794da4b2797558af76ab7f1c3bc6117f2b16fe39
Comment by loqs (loqs) - Monday, 02 October 2023, 00:23 GMT
@VorpalGun can you try linux 6.6-rc4 which contains [1][2] or try back-porting them to the latest stable?
Edit:
Prerequisite [3] now queued for 6.5.7.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c590804b6b0ff933ed4e5cee5d76de3a5048d9f
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8091f039c1ebf5cb0d5261e3613f18eb2a5d8b7
[3] https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/queue-6.5/maple_tree-add-mas_is_active-to-detect-in-tree-walks.patch?id=a7a23ca4c104ea752963796b13bf43cadb745557
Comment by Arvid Norlander (VorpalGun) - Friday, 06 October 2023, 21:39 GMT
@loqs I would love to but I'm currently travelling without a computer (just phone) and won't be back for several weeks.
Comment by Mark Fisher (Stormrvr) - Saturday, 07 October 2023, 03:16 GMT
I just installed linux-mainline (6.6rc4-1 at time of writing) - SheepShaver is back to working for me atleast.
Comment by loqs (loqs) - Saturday, 07 October 2023, 12:22 GMT
The fix is now queued for 6.5.7 [1] in addition to its prerequisite [2] that was already queued.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/queue-6.5/maple_tree-add-mas_underflow-and-mas_overflow-states.patch?id=8a07dfa7639b7ba6b1fcf24453e2982e01b23d17
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/queue-6.5/maple_tree-add-mas_is_active-to-detect-in-tree-walks.patch?id=a7a23ca4c104ea752963796b13bf43cadb745557
Comment by Toolybird (Toolybird) - Sunday, 08 October 2023, 07:11 GMT
@loqs, thanks for keeping track of this (as always!). Will close now on the basis it will be fixed in 6.5.7 (i.e. next pkgver bump...coming real soon).

Loading...