I tried out the MAP_FIXED_NOREPLACE API introduced in Linux 4.17 for a minor use case in my hardened allocator and it turns out that it has been very broken since it was introduced. It can clobber adjacent mappings:
marc.info/?l=linux-mm&m=
It will hopefully be fixed in 4.19.
Conversation
Replying to
Even if fixed, it seems permanently unusable unless there's a way to ensure your kernel isn't affected.
1
1
Replying to
It causes memory corruption so it's a security bug and could get a CVE assigned to encourage backporting for anyone using 4.17 and 4.18. It will hopefully be fixed before 4.19 is released. Bugs are usually a lot more subtle than this but that isn't necessarily a positive thing.
It''s possible to make a race-free test to detect this bug, which is what I could do if I end up wanting to use it. I can use mremap with flags set to 0 for some of the potential use cases that I had for it but it doesn't work for every use case I have in mind and has issues.
