On 11/20/19 11:57 AM, Huw Davies wrote:
On Mon, Nov 04, 2019 at 04:51:56PM +0100, Rémi Bernon wrote:
The search was initiated with base == 0, which returns NULL immediately if MEM_TOP_DOWN is not used. Using address_space_start instead fixes this issue.
Then we assumed that all mmapped regions are known by Wine view tree, which is obviously not the case with external allocations. This could lead to memory corruption when find_free_area returns an expected free region which is already mmapped. Using MAP_FIXED forces mmap to succeed and corrupts the mapping.
So it seems this patch is trying to fix two bugs. You should be able to split this so that a first patch addresses the !top_down issue and a second patch addresses the assumption about mmapped regions being known.
Huw.
Yeah I had the discussion with Paul (he reported the bug and wrote the original patch), and he argued that fixing the !top_down issue first would create a regression as it would potentially then return an already used memory region, and the other way around would be modifying code that is not executed first. But I guess there's always the top_down case.
So I think it could be fixing the search first, then the !top_down case.