[Intel-gfx] [PATCH] drm/i915: Sanity check mmap length against object size
Chris Wilson
chris at chris-wilson.co.uk
Thu Mar 14 11:44:37 UTC 2019
Quoting Tvrtko Ursulin (2019-03-14 11:33:43)
> I am only wondering what happens to reads/write to the trailing area?
> Does shmemfs expands the backing store for this mmap and we just end up
> with otherwise unused chunk at the end?
My expectation would be that they generate a SIGBUS since the filp
should not be extended to cover the absent pages. So it would be the
equivalent of mmaping a file then calling ftruncate(0).
I admit it's not obvious if shmem_getpage_gfp (backing shmem_fault)
would prevent allocation of fresh backing pages beyond the initial filp
size. Afaict, we would end up at alloc_page_vma() without rejecting an
index beyond the end of the file.
-Chris
More information about the Intel-gfx
mailing list