From patchwork Tue Aug 18 06:12:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn X-Patchwork-Id: 11720033 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0D0D3739 for ; Tue, 18 Aug 2020 06:12:50 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id C79E92076E for ; Tue, 18 Aug 2020 06:12:49 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="lyPvpxTA" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C79E92076E Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id DBBCB6B0002; Tue, 18 Aug 2020 02:12:48 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id D6C8E6B0005; Tue, 18 Aug 2020 02:12:48 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C82656B0006; Tue, 18 Aug 2020 02:12:48 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0120.hostedemail.com [216.40.44.120]) by kanga.kvack.org (Postfix) with ESMTP id B36586B0002 for ; Tue, 18 Aug 2020 02:12:48 -0400 (EDT) Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 6FB99181AEF1F for ; Tue, 18 Aug 2020 06:12:48 +0000 (UTC) X-FDA: 77162670816.16.soda64_170f9f02701d Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin16.hostedemail.com (Postfix) with ESMTP id 4104E100E690C for ; Tue, 18 Aug 2020 06:12:48 +0000 (UTC) X-Spam-Summary: 50,0,0,1e83c2be8fd3a9b0,d41d8cd98f00b204,3xne7xwukcc8ulyysrzzrwp.nzxwtyfi-xxvglnv.zcr@flex--jannh.bounces.google.com,,RULES_HIT:41:69:152:355:379:541:960:967:973:988:989:1260:1277:1313:1314:1345:1437:1516:1518:1535:1542:1593:1594:1711:1730:1747:1777:1792:2393:2525:2560:2563:2682:2685:2859:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3152:3354:3622:3865:3866:3867:3868:3870:3871:3872:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4250:4605:5007:6119:6261:6653:7875:7974:9010:9025:9969:10004:10400:10450:10455:11026:11658:11914:12043:12266:12291:12294:12296:12297:12438:12663:12679:12683:12895:13161:13229:13255:14096:14097:14181:14394:14659:14721:19904:19999:21080:21324:21325:21365:21444:21451:21524:21627:21740:21795:30012:30051:30054:30070:30079,0,RBL:209.85.218.74:@flex--jannh.bounces.google.com:.lbl8.mailshell.net-66.100.201.100 62.18.0.100;04y8xjyrtfa77yoghnf91uhw9xkjdypyqq3xxkygjky6xohdzjjzpb11yjkcxbc.7ct7fgf5zo55yunewhzgpcertay hhseua4r X-HE-Tag: soda64_170f9f02701d X-Filterd-Recvd-Size: 5146 Received: from mail-ej1-f74.google.com (mail-ej1-f74.google.com [209.85.218.74]) by imf26.hostedemail.com (Postfix) with ESMTP for ; Tue, 18 Aug 2020 06:12:47 +0000 (UTC) Received: by mail-ej1-f74.google.com with SMTP id gg11so6417161ejb.6 for ; Mon, 17 Aug 2020 23:12:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=eFG3+ZU04dg7j/n8RQMsX5KJHQEOve2F0DGeAT5bRdQ=; b=lyPvpxTAYkmA1z+nQG0Kuj8CGkbqhbEixqfs7MpHSSXUBLVcJi6NLxh/KEhmQL5EH7 5LSouC2V3yBab61eAHZyRvORAUg5Be9pSM+3L3iUKRgDm6Mht1H4yvISTZ0Ww03gpvdg pnVXfrkIqkKKPA6Kdb1H+YIfNpae2jXeKun5A+WYPF6E9AF4vTnFoEs9MtZZqYuyqUoG /O9iGZrtwqIJ4vBGeVgVfTjOsU2HyLOMVEYbXkMZdWfbUSDhXrtKg1BKoyYesGENNP4o h9VEoWGepxLcXumVisMg6kou8lmk28WgL62sHFtT2pC/3sWTKoXMY3O1d5+rjCTOUoAb /vRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=eFG3+ZU04dg7j/n8RQMsX5KJHQEOve2F0DGeAT5bRdQ=; b=hj4L+ybbBPm9OokVq+jHn866SjOOp7aDqQuYM1u54F+n7gCuc6N/K6DvWTZkZ+/IiJ IdvlpnVRZCrvTSCBdbBLrvW3+1Q3MkedG4VhIVeggYpreoUCqiIrz+XwdIiGJjDWODoH 9J/pxdZEitL54lZ8JnNuqJEH0BGSqVrKCDg/2jvwCPuvpIFNu7Ylh0oCnEzdvggm24OJ XS9L3uPuh6BrmqNDZN1WdOLYykPHsOV0L8v9evgOaOQt7PIaIYWkOr+n8HE69eKkkxGa adWH+osx1ZM4pm6iFYfXKFh7QXDsqEK45TqkRKCKgeKQfVLMMK3tWj0JexPTsmCtd7NN AOQg== X-Gm-Message-State: AOAM532ufNCC3zfjpKIjSP5S+29Mkz5vQ0mgrYtOYWysNFtQnU4qZGL1 E+UriJKx4k9N3fRcModjH0zIVU0RUg== X-Google-Smtp-Source: ABdhPJx/znTRf5ONMvee2ts2374fyNiuRaF1EBB88UBg4JiH+0EZjiz4EMZMQwRCBdDWPBloMOlMMnRJdw== X-Received: by 2002:a05:6402:1ca6:: with SMTP id cz6mr17981292edb.310.1597731166134; Mon, 17 Aug 2020 23:12:46 -0700 (PDT) Date: Tue, 18 Aug 2020 08:12:34 +0200 Message-Id: <20200818061239.29091-1-jannh@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.28.0.220.ged08abb693-goog Subject: [PATCH v3 0/5] Fix ELF / FDPIC ELF core dumping, and use mmap_lock properly in there From: Jann Horn To: Andrew Morton Cc: Linus Torvalds , Christoph Hellwig , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Alexander Viro , "Eric W . Biederman" , Oleg Nesterov X-Rspamd-Queue-Id: 4104E100E690C X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam02 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: At the moment, we have that rather ugly mmget_still_valid() helper to work around : ELF core dumping doesn't take the mmap_sem while traversing the task's VMAs, and if anything (like userfaultfd) then remotely messes with the VMA tree, fireworks ensue. So at the moment we use mmget_still_valid() to bail out in any writers that might be operating on a remote mm's VMAs. With this series, I'm trying to get rid of the need for that as cleanly as possible. ("cleanly" meaning "avoid holding the mmap_lock across unbounded sleeps".) Patches 1, 2 and 3 are relatively unrelated cleanups in the core dumping code. Patches 4 and 5 implement the main change: Instead of repeatedly accessing the VMA list with sleeps in between, we snapshot it at the start with proper locking, and then later we just use our copy of the VMA list. This ensures that the kernel won't crash, that VMA metadata in the coredump is consistent even in the presence of concurrent modifications, and that any virtual addresses that aren't being concurrently modified have their contents show up in the core dump properly. The disadvantage of this approach is that we need a bit more memory during core dumping for storing metadata about all VMAs. After this series has landed, we should be able to rip out mmget_still_valid(). I have tested: - Creating a simple core dump on X86-64 still works. - The created coredump on X86-64 opens in GDB and looks plausible. - NOMMU 32-bit ARM can still generate plausible-looking core dumps through the FDPIC implementation. (I can't test this with GDB because GDB is missing some structure definition for nommu ARM, but I've poked around in the hexdump and it looked decent.) Jann Horn (5): binfmt_elf_fdpic: Stop using dump_emit() on user pointers on !MMU coredump: Let dump_emit() bail out on short writes coredump: Refactor page range dumping into common helper binfmt_elf, binfmt_elf_fdpic: Use a VMA list snapshot mm/gup: Take mmap_lock in get_dump_page() fs/binfmt_elf.c | 184 ++++++++++++++------------------------- fs/binfmt_elf_fdpic.c | 106 +++++++++------------- fs/coredump.c | 125 +++++++++++++++++++++++--- include/linux/coredump.h | 11 +++ mm/gup.c | 61 +++++++------ 5 files changed, 265 insertions(+), 222 deletions(-) base-commit: 06a4ec1d9dc652e17ee3ac2ceb6c7cf6c2b75cdd