From patchwork Wed Sep 30 01:19:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn X-Patchwork-Id: 11807515 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9D889112E for ; Wed, 30 Sep 2020 01:20:04 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 302BB2158C for ; Wed, 30 Sep 2020 01:20:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="DBxbgXYa" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 302BB2158C Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 119D26B005C; Tue, 29 Sep 2020 21:20:03 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 0CC366B005D; Tue, 29 Sep 2020 21:20:03 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EFC726B0068; Tue, 29 Sep 2020 21:20:02 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0226.hostedemail.com [216.40.44.226]) by kanga.kvack.org (Postfix) with ESMTP id D62D36B005C for ; Tue, 29 Sep 2020 21:20:02 -0400 (EDT) Received: from smtpin13.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 8BE465003 for ; Wed, 30 Sep 2020 01:20:02 +0000 (UTC) X-FDA: 77317971444.13.smell15_12023892718e Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin13.hostedemail.com (Postfix) with ESMTP id 6C89F18140B60 for ; Wed, 30 Sep 2020 01:20:02 +0000 (UTC) X-Spam-Summary: 10,1,0,63075b1523049d7b,d41d8cd98f00b204,jannh@google.com,,RULES_HIT:41:152:355:379:541:800:960:966:973:988:989:1260:1277:1313:1314:1345:1437:1516:1518:1535:1542:1593:1594:1711:1730:1747:1777:1792:2194:2196:2199:2200:2393:2559:2562:2693:3138:3139:3140:3141:3142:3152:3353:3865:3866:3867:3868:3870:3871:3872:4250:4321:4385:5007:6119:6261:6653:7903:8603:10004:10400:11026:11232:11473:11658:11914:12043:12266:12296:12297:12438:12519:12555:12698:12737:12895:12986:13870:14096:14097:14181:14394:14659:14721:21080:21365:21444:21451:21627:21889:21990:30012:30054:30056:30070,0,RBL:209.85.218.65:@google.com:.lbl8.mailshell.net-62.18.0.100 66.100.201.100;04yragta8u49kjoir9ykj7kc7j8rkypgjzpjae9hxhj5utra8n1g46e9eyskpoq.7jiniwnedu6af73ta6yjhomhw5rj3swz1qzc6xhder59ba399cn6mp9ifmy3os7.e-lbl8.mailshell.net-223.238.255.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:24,LUA_SUMMARY:none X-HE-Tag: smell15_12023892718e X-Filterd-Recvd-Size: 5199 Received: from mail-ej1-f65.google.com (mail-ej1-f65.google.com [209.85.218.65]) by imf15.hostedemail.com (Postfix) with ESMTP for ; Wed, 30 Sep 2020 01:20:02 +0000 (UTC) Received: by mail-ej1-f65.google.com with SMTP id r7so340555ejs.11 for ; Tue, 29 Sep 2020 18:20:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:mime-version:date:message-id:subject:to:cc; bh=ceFxcTCYRKLuxiHOByyD9j4jdBXW0kpXxXjKaD9WHxg=; b=DBxbgXYayiYwdgCUHtw8cmgK7E4F3rxLk6W7yvJ77q+SAVcL7yCMFoaBjRW3LbGxUD 7Y72wPJpphNqkQjX8sFI1D0s32NfQLIqUDqItk4OWZNA4NeVImf3ZqOYwLKdt0W/3Xei /eUTntmGs/UcQijT4MgKu1zdcPxuj6EJF9JBHBNegG3z40hskBdBFyXeN18Ay2pbtsCV HYHm+IyYEp0zuULgqnmHTej+SaPLEr63COCMsbbFIGm78MBCMAE/ZIivjfGj2DKyT7EA B/ceRn094uhLjQGlCllBfqCkBsXEq3yshO8sX/B0YN6fs7DLA7hBB5mB2eNlE0jkFNwk dmHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:date:message-id:subject:to:cc; bh=ceFxcTCYRKLuxiHOByyD9j4jdBXW0kpXxXjKaD9WHxg=; b=jfITurYjn+Hd/C9taZs/tWFb+CGj1px56H6BUMJOW1LxdowLbSY4uxCRCR3AZ+RAk5 /ioenaLGAn51ZDZzm9C9b6pCQiROVuoXHAdK57Lhdw+BSfO58mF4Jm3Epkz7LZk56YU9 sgaddQkop+PhY8TB+R96QjXU1OsI0Zt/n3XNUXkJTsvk77bMJD6D8rWl2s4h+8Lafkqm aFwapuENZ8VNeKul+wqFAkw08sRD4ebWOHraq9Jh+X38CfSZEKT91P2Aau52ejEZGRak wNRwJv1oyR/pQWuz8vLd/fxjTnNEYunkmo3C+k63mwdyRrlvr3JrpLI6JdhzRfSf+XzV 8tsg== X-Gm-Message-State: AOAM531Lzxy3o6xPS7wC6tkKVlvPmzum6x32uvgC6v6IT+bziWfsKwzS CJEwVRtRZmsnDK69Y6IoD/i2B+iEIm5GWZh0I9hp0Q== X-Google-Smtp-Source: ABdhPJxIukGJ1NgumS/+8d48NIsdATIpf5NHra52OAWr6P/EU6U3IDQj2RSqcmptxqHfgaPNTaVX9nfHEaSsOliJ0CI= X-Received: by 2002:a17:907:64d:: with SMTP id wq13mr364490ejb.513.1601428800706; Tue, 29 Sep 2020 18:20:00 -0700 (PDT) Received: from 913411032810 named unknown by gmailapi.google.com with HTTPREST; Tue, 29 Sep 2020 18:19:59 -0700 From: Jann Horn X-Mailer: git-send-email 2.28.0.709.gb0816b6eb0-goog MIME-Version: 1.0 Date: Tue, 29 Sep 2020 18:19:59 -0700 Message-ID: Subject: [PATCH 1/4] mm/gup_benchmark: Take the mmap lock around GUP To: Andrew Morton , linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, "Eric W . Biederman" , Michel Lespinasse , Mauro Carvalho Chehab , Sakari Ailus X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: To be safe against concurrent changes to the VMA tree, we must take the mmap lock around GUP operations (excluding the GUP-fast family of operations, which will take the mmap lock by themselves if necessary). This code is only for testing, and it's only reachable by root through debugfs, so this doesn't really have any impact; however, if we want to add lockdep asserts into the GUP path, we need to have clean locking here. Signed-off-by: Jann Horn Reviewed-by: Jason Gunthorpe Reviewed-by: John Hubbard Acked-by: Michel Lespinasse --- This series should go on top of the coredump locking series (in particular "mm/gup: Take mmap_lock in get_dump_page()"), which is already in the mm tree. mm/gup_benchmark.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) base-commit: fb0155a09b0224a7147cb07a4ce6034c8d29667f prerequisite-patch-id: 08f97130a51898a5f6efddeeb5b42638577398c7 prerequisite-patch-id: 577664d761cd23fe9031ffdb1d3c9ac313572c67 prerequisite-patch-id: dc29a39716aa8689f80ba2767803d9df3709beaa prerequisite-patch-id: 42b1b546d33391ead2753621f541bcc408af1769 prerequisite-patch-id: 2cbb839f57006f32e21f4229e099ae1bd782be24 prerequisite-patch-id: 1b4daf01cf61654a5ec54b5c3f7c7508be7244ee prerequisite-patch-id: f46cc8c99f1909fe2a65fbc3cf1f6bc57489a086 diff --git a/mm/gup_benchmark.c b/mm/gup_benchmark.c index be690fa66a46..558595610650 100644 --- a/mm/gup_benchmark.c +++ b/mm/gup_benchmark.c @@ -71,6 +71,8 @@ static int __gup_benchmark_ioctl(unsigned int cmd, int nr; struct page **pages; int ret = 0; + bool needs_mmap_lock = + cmd != GUP_FAST_BENCHMARK && cmd != PIN_FAST_BENCHMARK; if (gup->size > ULONG_MAX) return -EINVAL; @@ -80,6 +82,11 @@ static int __gup_benchmark_ioctl(unsigned int cmd, if (!pages) return -ENOMEM; + if (needs_mmap_lock && mmap_read_lock_killable(current->mm)) { + ret = -EINTR; + goto free_pages; + } + i = 0; nr = gup->nr_pages_per_call; start_time = ktime_get(); @@ -119,9 +126,8 @@ static int __gup_benchmark_ioctl(unsigned int cmd, NULL); break; default: - kvfree(pages); ret = -EINVAL; - goto out; + goto unlock; } if (nr <= 0) @@ -149,8 +155,11 @@ static int __gup_benchmark_ioctl(unsigned int cmd, end_time = ktime_get(); gup->put_delta_usec = ktime_us_delta(end_time, start_time); +unlock: + if (needs_mmap_lock) + mmap_read_unlock(current->mm); +free_pages: kvfree(pages); -out: return ret; } From patchwork Wed Sep 30 01:20:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn X-Patchwork-Id: 11807521 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A0972112E for ; Wed, 30 Sep 2020 01:20:10 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 4EB6C212CC for ; Wed, 30 Sep 2020 01:20:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="dABZmGqS" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4EB6C212CC Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 24D926B0068; Tue, 29 Sep 2020 21:20:05 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id DAAF36B0070; Tue, 29 Sep 2020 21:20:04 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id ADD6C6B006C; Tue, 29 Sep 2020 21:20:04 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0181.hostedemail.com [216.40.44.181]) by kanga.kvack.org (Postfix) with ESMTP id 805AC6B006E for ; Tue, 29 Sep 2020 21:20:04 -0400 (EDT) Received: from smtpin28.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 405CF52A6 for ; Wed, 30 Sep 2020 01:20:04 +0000 (UTC) X-FDA: 77317971528.28.bells41_5d004e12718e Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin28.hostedemail.com (Postfix) with ESMTP id 1C74D6C04 for ; Wed, 30 Sep 2020 01:20:04 +0000 (UTC) X-Spam-Summary: 1,0,0,e31100ec298f70be,d41d8cd98f00b204,jannh@google.com,,RULES_HIT:41:152:355:379:541:800:960:973:988:989:1260:1277:1313:1314:1345:1359:1437:1516:1518:1534:1541:1593:1594:1711:1730:1747:1777:1792:2198:2199:2393:2553:2559:2562:2691:2731:2901:3138:3139:3140:3141:3142:3152:3353:3865:3867:3868:3870:3871:3872:3874:4250:4321:5007:6261:6653:7903:7974:10004:10400:11026:11658:11914:12296:12297:12438:12519:12555:12663:12895:13069:13311:13357:14096:14097:14181:14394:14659:14721:21080:21324:21444:21627:21795:21990:30054:30070:30090,0,RBL:209.85.218.65:@google.com:.lbl8.mailshell.net-62.18.0.100 66.100.201.100;04y8sy7q38ujh839sp7rs7gqtazfaopmhxe5gc3pnqxwacrgzuk3ddf3z517j3f.fuqh8455jizwa459tnggug4xmd7cbrdwqu97d8zfgxhjthoopjx85umbmoo4wyb.q-lbl8.mailshell.net-223.238.255.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:24,LUA_SUMMARY:none X-HE-Tag: bells41_5d004e12718e X-Filterd-Recvd-Size: 4477 Received: from mail-ej1-f65.google.com (mail-ej1-f65.google.com [209.85.218.65]) by imf47.hostedemail.com (Postfix) with ESMTP for ; Wed, 30 Sep 2020 01:20:03 +0000 (UTC) Received: by mail-ej1-f65.google.com with SMTP id z23so328301ejr.13 for ; Tue, 29 Sep 2020 18:20:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=SkYLlbk/QVyeZ8H3h2WamWGpJNG0N9vY2AmCSYNYmgU=; b=dABZmGqSFzz1GK4Q+V0hn9ld2fPMleDQjezgEMJkJZGD62P+xTxnTxGDANGDc8C7o9 jCDXXcQF3qaIm5Y8OwGDyksok9iMW7PNCeObEsV9rwTdf/iV/EgW0Cc7GicAAKCGPL8X yTYkh65gsS6D+G0kp+x5azhPTg+ETy8ESTyvoelAvBCwyWMx+Von5HWD7x8r8ju90oRt RqwGrk59E9vqEs0m3xifUjjCzsVLRrGHdbYx6wA0qsepY7QsERrTvWfvzEvmsfSTStxJ 8p+fusYhMs3Khus78/5Z9j/RVbI6W8V88/bHj0h8BauS3PkQJsA4YoFr/InVEZ04NaBe lKbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=SkYLlbk/QVyeZ8H3h2WamWGpJNG0N9vY2AmCSYNYmgU=; b=rKAJcsdpdG+txhZlr0IXyVTR9ziXzq6hwOnrHMN00d++qKMP9sy9K6+K9Ym/zhoc8B vIhVWA6e7pvbh7UnNTRVCYw/zBY+JL4n1sMqqnZlhYK4RG7BJB8dGoNXmG0iPduOVBtI J7gOhoPFES0wISzgXPFAxuOzir0L+08PzwBDjQ3aSm9lZJqoKZMQY/GWD3kY0JGxkEqB IPbE8NZlBHJTTh9xtoT0TSYFIwHDFhWga8njjsf8dkucjHJMmoCQ7KrBTwyioSBHbxmM rXLISic2Ij5TmaVRVtb+wjymdyW+C/ZLsZw00DTbuG4Gi9o6pmZ2YcamzWVptpSDe7yv SiqQ== X-Gm-Message-State: AOAM533ZuCOjqGmUsTi3gON4ZhDd5e21Wwsz+q01miGVqIGElJuDyBTE +7+4g+p6LkVYWKF3eB4IIJAJoFIohyA/ZfujCQeV6TD1I9E= X-Google-Smtp-Source: ABdhPJyIzeDgcumibpF4LXHJo9wpiZYhqcK1auU45s2iksKYX+f5p+9ffbvzpcy8gSwTcSNY0TW02yvSdMOFR9CbRJA= X-Received: by 2002:a17:906:9389:: with SMTP id l9mr382229ejx.537.1601428802195; Tue, 29 Sep 2020 18:20:02 -0700 (PDT) Received: from 913411032810 named unknown by gmailapi.google.com with HTTPREST; Tue, 29 Sep 2020 18:20:00 -0700 From: Jann Horn X-Mailer: git-send-email 2.28.0.709.gb0816b6eb0-goog In-Reply-To: <20200930011944.19869-1-jannh@google.com> References: <20200930011944.19869-1-jannh@google.com> MIME-Version: 1.0 Date: Tue, 29 Sep 2020 18:20:00 -0700 Message-ID: Subject: [PATCH 2/4] binfmt_elf: Take the mmap lock around find_extend_vma() To: Andrew Morton , linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, "Eric W . Biederman" , Michel Lespinasse , Mauro Carvalho Chehab , Sakari Ailus X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: create_elf_tables() runs after setup_new_exec(), so other tasks can already access our new mm and do things like process_madvise() on it. (At the time I'm writing this commit, process_madvise() is not in mainline yet, but has been in akpm's tree for some time.) While I believe that there are currently no APIs that would actually allow another process to mess up our VMA tree (process_madvise() is limited to MADV_COLD and MADV_PAGEOUT, and uring and userfaultfd cannot reach an mm under which no syscalls have been executed yet), this seems like an accident waiting to happen. Let's make sure that we always take the mmap lock around GUP paths as long as another process might be able to see the mm. (Yes, this diff looks suspicious because we drop the lock before doing anything with `vma`, but that's because we actually don't do anything with it apart from the NULL check.) Signed-off-by: Jann Horn Acked-by: Michel Lespinasse --- fs/binfmt_elf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 40ec0b9b4b4f..cd7c574a91a4 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -309,7 +309,10 @@ create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec, * Grow the stack manually; some architectures have a limit on how * far ahead a user-space access may be in order to grow the stack. */ + if (mmap_read_lock_killable(mm)) + return -EINTR; vma = find_extend_vma(mm, bprm->p); + mmap_read_unlock(mm); if (!vma) return -EFAULT; From patchwork Wed Sep 30 01:20:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn X-Patchwork-Id: 11807519 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C7D95618 for ; Wed, 30 Sep 2020 01:20:08 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 69B762145D for ; Wed, 30 Sep 2020 01:20:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="FciCqs7O" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 69B762145D Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id E70156B005D; Tue, 29 Sep 2020 21:20:04 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id BC6CB8E0001; Tue, 29 Sep 2020 21:20:04 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 982526B0071; Tue, 29 Sep 2020 21:20:04 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0039.hostedemail.com [216.40.44.39]) by kanga.kvack.org (Postfix) with ESMTP id 7054F6B0068 for ; Tue, 29 Sep 2020 21:20:04 -0400 (EDT) Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 3D01A18095F35 for ; Wed, 30 Sep 2020 01:20:04 +0000 (UTC) X-FDA: 77317971528.22.mice73_4503e732718e Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin22.hostedemail.com (Postfix) with ESMTP id 12A9D18038E67 for ; Wed, 30 Sep 2020 01:20:04 +0000 (UTC) X-Spam-Summary: 1,0,0,5d98aa5642edb475,d41d8cd98f00b204,jannh@google.com,,RULES_HIT:41:152:355:379:541:800:960:968:973:988:989:1260:1277:1313:1314:1345:1359:1437:1516:1518:1535:1543:1593:1594:1711:1730:1747:1777:1792:2393:2553:2559:2562:2901:2918:3138:3139:3140:3141:3142:3152:3354:3865:3866:3867:3868:3870:3871:3872:3874:4321:4605:5007:6261:6653:7901:7903:10004:10400:11026:11232:11473:11658:11914:12043:12296:12297:12438:12519:12555:12895:12986:13141:13230:14096:14097:14181:14394:14659:14721:21080:21444:21627:21740:30012:30054:30070:30090,0,RBL:209.85.218.67:@google.com:.lbl8.mailshell.net-66.100.201.100 62.18.0.100;04y8rnu36iusz5h7ki9widpr98qptocw8tmsqx85khewpj6n6wukmdsa8hjwzoy.w47di8u6n49oh5wjnh5xmuak7is8z8m6fymsxnoow45dzhdpb7qx3c4u6g7j6dg.a-lbl8.mailshell.net-223.238.255.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:24,LUA_SUMMARY:none X-HE-Tag: mice73_4503e732718e X-Filterd-Recvd-Size: 5963 Received: from mail-ej1-f67.google.com (mail-ej1-f67.google.com [209.85.218.67]) by imf05.hostedemail.com (Postfix) with ESMTP for ; Wed, 30 Sep 2020 01:20:03 +0000 (UTC) Received: by mail-ej1-f67.google.com with SMTP id i26so335359ejb.12 for ; Tue, 29 Sep 2020 18:20:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=FJ8M+pHggei1WQdL/4TrI43/85X7WQS6HxNpsqYJ8eA=; b=FciCqs7O89TYrgwgKLvIjXoyAZkwsaZpE6Nuzeap1QJBgETGE1A3XhDed3ACffrhl9 pI/uN6ZpsSHpqckKdJkUo29P7om+6IGaEzMistNwRXKqBM4TQLElVxZsPT/YPGdSnm37 ELe8Jvzmh45qfbqhnAeWgOAGD+6ZAXUr8tynXL+2fU26DTNrrzA7kC3BBysLWmV5diB4 GASCTl2Zgh380AIVbpjd3FciicoUwmHzW+dk4UZQDc/WEW9T3Ggbj4Umwe27DOEOGT6h GNbA2xZRC/wjnx70Cl0n+8QTXm+YZUkZMFTR0S2FSA3KBqyuXTbvTEV5AZt331tdi2kx RYFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=FJ8M+pHggei1WQdL/4TrI43/85X7WQS6HxNpsqYJ8eA=; b=Q1jbNMp2H3nQ7zRriVxJLaDFDOEK2NVzOw4ny3VSCfQSh2M+6HmgBCnd5u0SccJ328 wKF+yqgTuVHmEPeqW0xw57PEa+Eq/QQjoSlIWlk/HzRgBTxNB3OXmy7oNG0Z1iTsFZBF S7O4krYbUgA6ZAwpHZ/hdNa5FmxTCHlSyfDR3dBzdSOOG6xWoGs+RddoxdddRoNDCJCE Qzgne+tvHdKhjfOaZD4/8y1Ujfd8x1AeuUTmHFPYyp1ulfDhuDy64xe7iI1WTBvTMN5N 6wyGSrHdZxXvkOaDQqYZguBb3M4VA3C+waaP1bpJPZl0MqacH1QLBibwMeCLee7b7aNp yjNQ== X-Gm-Message-State: AOAM531buHDbruB2cYP8tKmI/qwcPkpoGgCHLg8PTxxYs97byym+iANW e144dD0S+tABkKcOjcdxUawSrQrpYUTs1h6IAC9DLw== X-Google-Smtp-Source: ABdhPJzeVsqTjOdTgnQ+hOnlnWn0pG7xOE1ZrHUkyx2qFe5zL92TP/PmsJUyfJx4bTRaC1pNobIQ3TeqVhuZQYimHzI= X-Received: by 2002:a17:906:c447:: with SMTP id ck7mr412804ejb.358.1601428802412; Tue, 29 Sep 2020 18:20:02 -0700 (PDT) Received: from 913411032810 named unknown by gmailapi.google.com with HTTPREST; Tue, 29 Sep 2020 18:20:00 -0700 From: Jann Horn X-Mailer: git-send-email 2.28.0.709.gb0816b6eb0-goog In-Reply-To: <20200930011944.19869-1-jannh@google.com> References: <20200930011944.19869-1-jannh@google.com> MIME-Version: 1.0 Date: Tue, 29 Sep 2020 18:20:00 -0700 Message-ID: Subject: [PATCH 3/4] mmap locking API: Don't check locking if the mm isn't live yet To: Andrew Morton , linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, "Eric W . Biederman" , Michel Lespinasse , Mauro Carvalho Chehab , Sakari Ailus X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In preparation for adding a mmap_assert_locked() check in __get_user_pages(), teach the mmap_assert_*locked() helpers that it's fine to operate on an mm without locking in the middle of execve() as long as it hasn't been installed on a process yet. Existing code paths that do this are (reverse callgraph): get_user_pages_remote get_arg_page copy_strings copy_string_kernel remove_arg_zero tomoyo_dump_page tomoyo_print_bprm tomoyo_scan_bprm tomoyo_environ Signed-off-by: Jann Horn --- fs/exec.c | 8 ++++++++ include/linux/mm_types.h | 9 +++++++++ include/linux/mmap_lock.h | 16 ++++++++++++---- 3 files changed, 29 insertions(+), 4 deletions(-) #endif /* _LINUX_MMAP_LOCK_H */ diff --git a/fs/exec.c b/fs/exec.c index a91003e28eaa..c02b0e8e1c0b 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1129,6 +1129,14 @@ static int exec_mmap(struct mm_struct *mm) } } +#if defined(CONFIG_LOCKDEP) || defined(CONFIG_DEBUG_VM) + /* + * From here on, the mm may be accessed concurrently, and proper locking + * is required for things like get_user_pages_remote(). + */ + mm->mmap_lock_required = 1; +#endif + task_lock(tsk); active_mm = tsk->active_mm; membarrier_exec_mmap(mm); diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h index ed028af3cb19..89fee0d0d652 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -552,6 +552,15 @@ struct mm_struct { atomic_long_t hugetlb_usage; #endif struct work_struct async_put_work; +#if defined(CONFIG_LOCKDEP) || defined(CONFIG_DEBUG_VM) + /* + * Notes whether this mm has been installed on a process yet. + * If not, only the task going through execve() can access this + * mm, and no locking is needed around get_user_pages_remote(). + * This flag is only used for debug checks. + */ + bool mmap_lock_required; +#endif } __randomize_layout; /* diff --git a/include/linux/mmap_lock.h b/include/linux/mmap_lock.h index 0707671851a8..c4fd874954d7 100644 --- a/include/linux/mmap_lock.h +++ b/include/linux/mmap_lock.h @@ -77,14 +77,22 @@ static inline void mmap_read_unlock_non_owner(struct mm_struct *mm) static inline void mmap_assert_locked(struct mm_struct *mm) { - lockdep_assert_held(&mm->mmap_lock); - VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm); +#if defined(CONFIG_LOCKDEP) || defined(CONFIG_DEBUG_VM) + if (mm->mmap_lock_required) { + lockdep_assert_held(&mm->mmap_lock); + VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm); + } +#endif } static inline void mmap_assert_write_locked(struct mm_struct *mm) { - lockdep_assert_held_write(&mm->mmap_lock); - VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm); +#if defined(CONFIG_LOCKDEP) || defined(CONFIG_DEBUG_VM) + if (mm->mmap_lock_required) { + lockdep_assert_held_write(&mm->mmap_lock); + VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm); + } +#endif } From patchwork Wed Sep 30 01:20:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jann Horn X-Patchwork-Id: 11807517 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BE84F112E for ; Wed, 30 Sep 2020 01:20:06 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 6EDB02158C for ; Wed, 30 Sep 2020 01:20:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Vi/xsfmt" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6EDB02158C Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id AF3CB6B006E; Tue, 29 Sep 2020 21:20:04 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id A8FC26B005D; Tue, 29 Sep 2020 21:20:04 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 78E2D6B005D; Tue, 29 Sep 2020 21:20:04 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0064.hostedemail.com [216.40.44.64]) by kanga.kvack.org (Postfix) with ESMTP id 6308C6B005D for ; Tue, 29 Sep 2020 21:20:04 -0400 (EDT) Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 277998249980 for ; Wed, 30 Sep 2020 01:20:04 +0000 (UTC) X-FDA: 77317971528.27.silk52_0a003302718e Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin27.hostedemail.com (Postfix) with ESMTP id F2C1D3D663 for ; Wed, 30 Sep 2020 01:20:03 +0000 (UTC) X-Spam-Summary: 1,0,0,4222a3e55d5f88b0,d41d8cd98f00b204,jannh@google.com,,RULES_HIT:41:152:355:379:541:800:960:967:973:988:989:1260:1277:1313:1314:1345:1359:1437:1516:1518:1534:1540:1593:1594:1711:1730:1747:1777:1792:2393:2525:2559:2563:2682:2685:2859:2903:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3152:3165:3352:3865:3867:3871:3872:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4250:4321:5007:6119:6261:6653:7903:9025:10004:10400:11026:11658:11914:12043:12296:12297:12438:12519:12555:12895:13069:13311:13357:14181:14394:14659:14721:14777:21080:21433:21444:21627:21990:30054,0,RBL:209.85.218.68:@google.com:.lbl8.mailshell.net-62.18.0.100 66.100.201.100;04ygdeggjwtfm6esr3q9so8h9ktf5opbt69g6thxrgqm8gxmyj9meojhbhm3u3u.6gk545g7tkarb3eurck4yoarhf196ejd15xysu4ix5rumak4pk1cpa8zi4dwhnd.c-lbl8.mailshell.net-223.238.255.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:23,L UA_SUMMA X-HE-Tag: silk52_0a003302718e X-Filterd-Recvd-Size: 3800 Received: from mail-ej1-f68.google.com (mail-ej1-f68.google.com [209.85.218.68]) by imf06.hostedemail.com (Postfix) with ESMTP for ; Wed, 30 Sep 2020 01:20:03 +0000 (UTC) Received: by mail-ej1-f68.google.com with SMTP id i26so335360ejb.12 for ; Tue, 29 Sep 2020 18:20:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=JGYJS9NsdZi1x8beX5PbpUGbiZl53A1tuTawkgjS2/I=; b=Vi/xsfmtZt0OubUV/0I5sNv7CqOvrLxLoXAOnwdmWcs9UNaz3IytMNDB+VDywmMkFt 4Nvn2U3hgPCbckquNLY6N2RNzVOKRAkpzuxRLOgyivJoqu5FhIwLGd3vCDsViVU1VX1U 0j01qqilWxOOR3pYtf6YX7LySWAu5+8Y2H8UWKijw/Dvm5B9BDOh0nn4ZQVMlrm2MJ// gta12xDCdtSm33nPxOO8SnPFSndLzKGKqUtoS7hqWz15pPPDHAmMItCY2JyOaV4kWM5d gE80NxPWOJp3FI3eP3wbcvL5GSfe4L1ismIZq6L4aXThyhp19RGqyNQ/r/jSPV4Stp1L vYKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=JGYJS9NsdZi1x8beX5PbpUGbiZl53A1tuTawkgjS2/I=; b=F5y/OG0MdvzXet0lb5A1MDwInd57w8KjqPwVn6gIAYVxKf9EFr9zVXY73dwJX6NLef MtUczZnnk7A+JVQZDdFnCjSJQbxjKtau17/vUxZmjaoPHK5DFkvp0/35UnZ98nwMwdAg XjrjfyuDbJ1wyGXVu3CiWWyBePh6txXQYcqoZBX4AkrVUGyStEC3hYbhsfD55BFpfSyH IaJgs1H9I1X0XzEJBdStIu+JGy/AAtTmpx02IcDT1GcKGPpAVWlWDouPgMvLueQTbT9v bBTMO9m8EsjsNQn+ADRVBY/c4rM1jzJjT6N75KP3ucqmqgCh1u2BCEr+SmT4Vl/+NLde 50XQ== X-Gm-Message-State: AOAM531WqgMZj0HY+77MayELpiQ7j0J6CjGAUGYd5NFIexJG3Wl4Dwn8 +9cVhG3rrcpsUTpTq574NlyQCdVqIt/GEZ3EVYTW5Nln56o= X-Google-Smtp-Source: ABdhPJyRWWwuTyTX/XXS9zCN7ij+NQlamQSZw7NV5QSXRYBapraXEqXZ1OWbdSP0h+eqkO/Qteau7MjPS9vhW/GAPH0= X-Received: by 2002:a17:906:980f:: with SMTP id lm15mr438339ejb.184.1601428802457; Tue, 29 Sep 2020 18:20:02 -0700 (PDT) Received: from 913411032810 named unknown by gmailapi.google.com with HTTPREST; Tue, 29 Sep 2020 18:20:01 -0700 From: Jann Horn X-Mailer: git-send-email 2.28.0.709.gb0816b6eb0-goog In-Reply-To: <20200930011944.19869-1-jannh@google.com> References: <20200930011944.19869-1-jannh@google.com> MIME-Version: 1.0 Date: Tue, 29 Sep 2020 18:20:01 -0700 Message-ID: Subject: [PATCH 4/4] mm/gup: Assert that the mmap lock is held in __get_user_pages() To: Andrew Morton , linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, "Eric W . Biederman" , Michel Lespinasse , Mauro Carvalho Chehab , Sakari Ailus X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: After having cleaned up all GUP callers (except for the atomisp staging driver, which currently gets mmap locking completely wrong [1]) to always ensure that they hold the mmap lock when calling into GUP (unless the mm is not yet globally visible), add an assertion to make sure it stays that way going forward. [1] https://lore.kernel.org/lkml/CAG48ez3tZAb9JVhw4T5e-i=h2_DUZxfNRTDsagSRCVazNXx5qA@mail.gmail.com/ Signed-off-by: Jann Horn Reviewed-by: Jason Gunthorpe Acked-by: Michel Lespinasse --- mm/gup.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/gup.c b/mm/gup.c index f11d39867cf5..3e5d843215b9 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -1020,6 +1020,8 @@ static long __get_user_pages(struct mm_struct *mm, struct vm_area_struct *vma = NULL; struct follow_page_context ctx = { NULL }; + mmap_assert_locked(mm); + if (!nr_pages) return 0;