[Intel-gfx] [PATCH] drm/i915: Sanity check mmap length against object size
Chris Wilson
chris at chris-wilson.co.uk
Mon Mar 18 12:10:12 UTC 2019
Quoting Chris Wilson (2019-03-14 11:44:37)
> Quoting Tvrtko Ursulin (2019-03-14 11:33:43)
> > I am only wondering what happens to reads/write to the trailing area?
> > Does shmemfs expands the backing store for this mmap and we just end up
> > with otherwise unused chunk at the end?
>
> My expectation would be that they generate a SIGBUS since the filp
> should not be extended to cover the absent pages. So it would be the
> equivalent of mmaping a file then calling ftruncate(0).
Ok, having just checked, what actually happens is that shmemfs quite
happily allocates the extra page beyond the end of the object and
userspace can freely read/write into that address space with only the
mere consequence that those pages are not mapped to the GPU.
-Chris
More information about the Intel-gfx
mailing list