From patchwork Wed Aug 26 15:14:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn X-Patchwork-Id: 11738957 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 557C117C7 for ; Wed, 26 Aug 2020 15:15:48 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 21A792075E for ; Wed, 26 Aug 2020 15:15:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="CW0NVHqq" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 21A792075E Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 46DF66B002D; Wed, 26 Aug 2020 11:15:47 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 41FC56B002F; Wed, 26 Aug 2020 11:15:47 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3342D6B0030; Wed, 26 Aug 2020 11:15:47 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0181.hostedemail.com [216.40.44.181]) by kanga.kvack.org (Postfix) with ESMTP id 1A0356B002D for ; Wed, 26 Aug 2020 11:15:47 -0400 (EDT) Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 38825180AD820 for ; Wed, 26 Aug 2020 15:15:46 +0000 (UTC) X-FDA: 77193069492.16.route41_300420f27065 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin16.hostedemail.com (Postfix) with ESMTP id 2E84F100E691F for ; Wed, 26 Aug 2020 15:15:36 +0000 (UTC) X-Spam-Summary: 50,0,0,466719fd6f835898,d41d8cd98f00b204,3lxxgxwukckgrivvpowwotm.kwutqvcf-uusdiks.wzo@flex--jannh.bounces.google.com,,RULES_HIT:41:69:152:355:379:541:960:967:973:988:989:1260:1277:1313:1314:1345:1437:1516:1518:1535:1542:1593:1594:1711:1730:1747:1777:1792:2393:2525:2560:2563:2682:2685:2859:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3152:3355:3865:3866:3867:3868:3870:3871:3872:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4250:4605:5007:6119:6261:6653:7875:7903:7974:9010:9025:9969:10004:10400:10450:10455:11026:11658:11914:12043:12266:12291:12294:12296:12297:12438:12663:12679:12683:12895:13161:13229:13255:14096:14097:14181:14394:14659:14721:19904:19999:21080:21324:21325:21365:21444:21451:21524:21627:21740:21795:30012:30051:30054:30070:30079,0,RBL:209.85.218.73:@flex--jannh.bounces.google.com:.lbl8.mailshell.net-62.18.0.100 66.100.201.100;04yrbnk4ds8z6noftnd7kpeagkb94yp6gy9gm8nsjhp5h3h8qpgojphkp5q51nq.qkmha7i6ebyogbg7m3c35rhquex sww87y3u X-HE-Tag: route41_300420f27065 X-Filterd-Recvd-Size: 5686 Received: from mail-ej1-f73.google.com (mail-ej1-f73.google.com [209.85.218.73]) by imf41.hostedemail.com (Postfix) with ESMTP for ; Wed, 26 Aug 2020 15:15:35 +0000 (UTC) Received: by mail-ej1-f73.google.com with SMTP id fy10so1138824ejb.9 for ; Wed, 26 Aug 2020 08:15:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:message-id:mime-version:subject:from:to:cc; bh=AWpqH+Dejg28Roy1rqzZRhfYiQLMimyCDG9hT7Ygkv8=; b=CW0NVHqq7aTBdhwV7EWyH8DzEZU6fXX8Sc7G+UFN0jCiQ+flcssLRXEaMZeBsQRvLR YB4t/lvwg8jZwjQins9aNslSurxcOl8DauW/dA/N4CpZHmZxcemnx1If+zIRMo8OyIDk EBlAGY6WJupZb6imUULcrsSK7hWyP3O0XkROSx76IhkTPlFwQYxbBeA+GuPyNfYBIlLD u0K4iwOmflvuw3XViSsH/k93TSD1EP6fRaOKUq809Hfm96+wl4lLznht8LnEIIFKfurf yWeJJBnVdbRfUKYZi5X+Jakf1cbsTTRtHRy+ggML1PvF/OinihAWcY+nnqpArLOzq//O Fo0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:message-id:mime-version:subject:from :to:cc; bh=AWpqH+Dejg28Roy1rqzZRhfYiQLMimyCDG9hT7Ygkv8=; b=CEfTJKRauAu8O8nSsTVHY5a6XQQ5JG5ypnINsPyb+O7+7Ihd6Fb4BtUpO51fJCLkbA UPpM93/JbRxc3luhwuhHQaXRbibNPcx+SNLpx/rPuI5NQwD1SdPLexO4yltnfNhDoyRd PrGZpdK//hlxIRhOxND4vEiEz7QbPXhgbV0zCUQLxvBVvjKz7He1qgg9dken4Q1TdRII EWYPGQafwERFdZXm3UBReJFRfu0F1rWNiU0AQPvgz73DlQVsgHKi2yaGOz5hmT6I4Epu xCJOowIDTFD+ajjtigGtu0ZfvVNl5HoBt7hZUt2Ev8Gnno2LlbLRZXbZ2lNBYVtbeT+z goLg== X-Gm-Message-State: AOAM531bwWnsU98sC9A8i+PZvVMmLiYvhSjVrnjtoE8qB0ONdSuXkuTw RcSxZD/945G+xLH7bFq1rGCVTYW+jg== X-Google-Smtp-Source: ABdhPJyrgoBll+EfEon55MbRPtFm8Q5Q5JISmT8yAVysaWfWUK+wYM7LZLfWqX+1CxCDtCpTw9qU2XivEA== X-Received: from jannh2.zrh.corp.google.com ([2a00:79e0:1b:201:1a60:24ff:fea6:bf44]) (user=jannh job=sendgmr) by 2002:a17:906:19d5:: with SMTP id h21mr15903316ejd.505.1598454933638; Wed, 26 Aug 2020 08:15:33 -0700 (PDT) Date: Wed, 26 Aug 2020 17:14:43 +0200 Message-Id: <20200826151448.3404695-1-jannh@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.28.0.297.g1956fa8f8d-goog Subject: [PATCH v4 0/5] Fix ELF / FDPIC ELF core dumping, and use mmap_lock properly in there From: Jann Horn To: Andrew Morton Cc: Linus Torvalds , Christoph Hellwig , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Alexander Viro , "Eric W . Biederman" , Oleg Nesterov X-Rspamd-Queue-Id: 2E84F100E691F X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam05 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: new in v4: - simplify patch 4/5 by replacing the heuristic for dumping the first pages of ELF mappings with what Linus suggested At the moment, we have that rather ugly mmget_still_valid() helper to work around : ELF core dumping doesn't take the mmap_sem while traversing the task's VMAs, and if anything (like userfaultfd) then remotely messes with the VMA tree, fireworks ensue. So at the moment we use mmget_still_valid() to bail out in any writers that might be operating on a remote mm's VMAs. With this series, I'm trying to get rid of the need for that as cleanly as possible. ("cleanly" meaning "avoid holding the mmap_lock across unbounded sleeps".) Patches 1, 2 and 3 are relatively unrelated cleanups in the core dumping code. Patches 4 and 5 implement the main change: Instead of repeatedly accessing the VMA list with sleeps in between, we snapshot it at the start with proper locking, and then later we just use our copy of the VMA list. This ensures that the kernel won't crash, that VMA metadata in the coredump is consistent even in the presence of concurrent modifications, and that any virtual addresses that aren't being concurrently modified have their contents show up in the core dump properly. The disadvantage of this approach is that we need a bit more memory during core dumping for storing metadata about all VMAs. After this series has landed, we should be able to rip out mmget_still_valid(). I have tested: - Creating a simple core dump on X86-64 still works. - The created coredump on X86-64 opens in GDB and looks plausible. - X86-64 core dumps contain the first page for executable mappings at offset 0, and don't contain the first page for non-executable file mappings or executable mappings at offset !=0. - NOMMU 32-bit ARM can still generate plausible-looking core dumps through the FDPIC implementation. (I can't test this with GDB because GDB is missing some structure definition for nommu ARM, but I've poked around in the hexdump and it looked decent.) Jann Horn (5): binfmt_elf_fdpic: Stop using dump_emit() on user pointers on !MMU coredump: Let dump_emit() bail out on short writes coredump: Refactor page range dumping into common helper binfmt_elf, binfmt_elf_fdpic: Use a VMA list snapshot mm/gup: Take mmap_lock in get_dump_page() fs/binfmt_elf.c | 147 ++++++++------------------------------- fs/binfmt_elf_fdpic.c | 106 +++++++++++----------------- fs/coredump.c | 125 ++++++++++++++++++++++++++++++--- include/linux/coredump.h | 11 +++ mm/gup.c | 61 ++++++++-------- 5 files changed, 227 insertions(+), 223 deletions(-) base-commit: 06a4ec1d9dc652e17ee3ac2ceb6c7cf6c2b75cdd