From: Russell King - ARM Linux admin <linux@armlinux.org.uk>
To: Jann Horn <jannh@google.com>, Nicolas Pitre <nico@fluxnic.net>
Cc: Rich Felker <dalias@libc.org>,
linux-c6x-dev@linux-c6x.org,
Yoshinori Sato <ysato@users.sourceforge.jp>,
linux-sh@vger.kernel.org, linux-kernel@vger.kernel.org,
Oleg Nesterov <oleg@redhat.com>,
linux-mm@kvack.org, Alexander Viro <viro@zeniv.linux.org.uk>,
Mark Salter <msalter@redhat.com>,
linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Aurelien Jacquiot <jacquiot.aurelien@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Christoph Hellwig <hch@lst.de>,
linux-arm-kernel@lists.infradead.org,
"Eric W . Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH v2 0/5] Fix ELF / FDPIC ELF core dumping, and use mmap_sem properly in there
Date: Wed, 29 Apr 2020 21:56:20 +0000 [thread overview]
Message-ID: <20200429215620.GM1551@shell.armlinux.org.uk> (raw)
In-Reply-To: <20200429214954.44866-1-jannh@google.com>
On Wed, Apr 29, 2020 at 11:49:49PM +0200, Jann Horn wrote:
> At the moment, we have that rather ugly mmget_still_valid() helper to
> work around <https://crbug.com/project-zero/1790>: ELF core dumping
> doesn't take the mmap_sem while traversing the task's VMAs, and if
> anything (like userfaultfd) then remotely messes with the VMA tree,
> fireworks ensue. So at the moment we use mmget_still_valid() to bail
> out in any writers that might be operating on a remote mm's VMAs.
>
> With this series, I'm trying to get rid of the need for that as
> cleanly as possible.
> In particular, I want to avoid holding the mmap_sem across unbounded
> sleeps.
>
>
> Patches 1, 2 and 3 are relatively unrelated cleanups in the core
> dumping code.
>
> Patches 4 and 5 implement the main change: Instead of repeatedly
> accessing the VMA list with sleeps in between, we snapshot it at the
> start with proper locking, and then later we just use our copy of
> the VMA list. This ensures that the kernel won't crash, that VMA
> metadata in the coredump is consistent even in the presence of
> concurrent modifications, and that any virtual addresses that aren't
> being concurrently modified have their contents show up in the core
> dump properly.
>
> The disadvantage of this approach is that we need a bit more memory
> during core dumping for storing metadata about all VMAs.
>
> After this series has landed, we should be able to rip out
> mmget_still_valid().
>
>
> Testing done so far:
>
> - Creating a simple core dump on X86-64 still works.
> - The created coredump on X86-64 opens in GDB, and both the stack and the
> exectutable look vaguely plausible.
> - 32-bit ARM compiles with FDPIC support, both with MMU and !MMU config.
>
> I'm CCing some folks from the architectures that use FDPIC in case
> anyone wants to give this a spin.
I've never had any reason to use FDPIC, and I don't have any binaries
that would use it. Nicolas Pitre added ARM support, so I guess he
would be the one to talk to about it. (Added Nicolas.)
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 10.2Mbps down 587kbps up
WARNING: multiple messages have this Message-ID (diff)
From: Russell King - ARM Linux admin <linux@armlinux.org.uk>
To: Jann Horn <jannh@google.com>, Nicolas Pitre <nico@fluxnic.net>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Christoph Hellwig <hch@lst.de>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-fsdevel@vger.kernel.org,
Alexander Viro <viro@zeniv.linux.org.uk>,
"Eric W . Biederman" <ebiederm@xmission.com>,
Oleg Nesterov <oleg@redhat.com>,
linux-arm-kernel@lists.infradead.org,
Mark Salter <msalter@redhat.com>,
Aurelien Jacquiot <jacquiot.aurelien@gmail.com>,
linux-c6x-dev@linux-c6x.org,
Yoshinori Sato <ysato@users.sourceforge.jp>,
Rich Felker <dalias@libc.org>,
linux-sh@vger.kernel.org
Subject: Re: [PATCH v2 0/5] Fix ELF / FDPIC ELF core dumping, and use mmap_sem properly in there
Date: Wed, 29 Apr 2020 22:56:20 +0100 [thread overview]
Message-ID: <20200429215620.GM1551@shell.armlinux.org.uk> (raw)
In-Reply-To: <20200429214954.44866-1-jannh@google.com>
On Wed, Apr 29, 2020 at 11:49:49PM +0200, Jann Horn wrote:
> At the moment, we have that rather ugly mmget_still_valid() helper to
> work around <https://crbug.com/project-zero/1790>: ELF core dumping
> doesn't take the mmap_sem while traversing the task's VMAs, and if
> anything (like userfaultfd) then remotely messes with the VMA tree,
> fireworks ensue. So at the moment we use mmget_still_valid() to bail
> out in any writers that might be operating on a remote mm's VMAs.
>
> With this series, I'm trying to get rid of the need for that as
> cleanly as possible.
> In particular, I want to avoid holding the mmap_sem across unbounded
> sleeps.
>
>
> Patches 1, 2 and 3 are relatively unrelated cleanups in the core
> dumping code.
>
> Patches 4 and 5 implement the main change: Instead of repeatedly
> accessing the VMA list with sleeps in between, we snapshot it at the
> start with proper locking, and then later we just use our copy of
> the VMA list. This ensures that the kernel won't crash, that VMA
> metadata in the coredump is consistent even in the presence of
> concurrent modifications, and that any virtual addresses that aren't
> being concurrently modified have their contents show up in the core
> dump properly.
>
> The disadvantage of this approach is that we need a bit more memory
> during core dumping for storing metadata about all VMAs.
>
> After this series has landed, we should be able to rip out
> mmget_still_valid().
>
>
> Testing done so far:
>
> - Creating a simple core dump on X86-64 still works.
> - The created coredump on X86-64 opens in GDB, and both the stack and the
> exectutable look vaguely plausible.
> - 32-bit ARM compiles with FDPIC support, both with MMU and !MMU config.
>
> I'm CCing some folks from the architectures that use FDPIC in case
> anyone wants to give this a spin.
I've never had any reason to use FDPIC, and I don't have any binaries
that would use it. Nicolas Pitre added ARM support, so I guess he
would be the one to talk to about it. (Added Nicolas.)
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 10.2Mbps down 587kbps up
WARNING: multiple messages have this Message-ID (diff)
From: Russell King - ARM Linux admin <linux@armlinux.org.uk>
To: Jann Horn <jannh@google.com>, Nicolas Pitre <nico@fluxnic.net>
Cc: Rich Felker <dalias@libc.org>,
linux-c6x-dev@linux-c6x.org,
Yoshinori Sato <ysato@users.sourceforge.jp>,
linux-sh@vger.kernel.org, linux-kernel@vger.kernel.org,
Oleg Nesterov <oleg@redhat.com>,
linux-mm@kvack.org, Alexander Viro <viro@zeniv.linux.org.uk>,
Mark Salter <msalter@redhat.com>,
linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Aurelien Jacquiot <jacquiot.aurelien@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Christoph Hellwig <hch@lst.de>,
linux-arm-kernel@lists.infradead.org,
"Eric W . Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH v2 0/5] Fix ELF / FDPIC ELF core dumping, and use mmap_sem properly in there
Date: Wed, 29 Apr 2020 22:56:20 +0100 [thread overview]
Message-ID: <20200429215620.GM1551@shell.armlinux.org.uk> (raw)
In-Reply-To: <20200429214954.44866-1-jannh@google.com>
On Wed, Apr 29, 2020 at 11:49:49PM +0200, Jann Horn wrote:
> At the moment, we have that rather ugly mmget_still_valid() helper to
> work around <https://crbug.com/project-zero/1790>: ELF core dumping
> doesn't take the mmap_sem while traversing the task's VMAs, and if
> anything (like userfaultfd) then remotely messes with the VMA tree,
> fireworks ensue. So at the moment we use mmget_still_valid() to bail
> out in any writers that might be operating on a remote mm's VMAs.
>
> With this series, I'm trying to get rid of the need for that as
> cleanly as possible.
> In particular, I want to avoid holding the mmap_sem across unbounded
> sleeps.
>
>
> Patches 1, 2 and 3 are relatively unrelated cleanups in the core
> dumping code.
>
> Patches 4 and 5 implement the main change: Instead of repeatedly
> accessing the VMA list with sleeps in between, we snapshot it at the
> start with proper locking, and then later we just use our copy of
> the VMA list. This ensures that the kernel won't crash, that VMA
> metadata in the coredump is consistent even in the presence of
> concurrent modifications, and that any virtual addresses that aren't
> being concurrently modified have their contents show up in the core
> dump properly.
>
> The disadvantage of this approach is that we need a bit more memory
> during core dumping for storing metadata about all VMAs.
>
> After this series has landed, we should be able to rip out
> mmget_still_valid().
>
>
> Testing done so far:
>
> - Creating a simple core dump on X86-64 still works.
> - The created coredump on X86-64 opens in GDB, and both the stack and the
> exectutable look vaguely plausible.
> - 32-bit ARM compiles with FDPIC support, both with MMU and !MMU config.
>
> I'm CCing some folks from the architectures that use FDPIC in case
> anyone wants to give this a spin.
I've never had any reason to use FDPIC, and I don't have any binaries
that would use it. Nicolas Pitre added ARM support, so I guess he
would be the one to talk to about it. (Added Nicolas.)
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 10.2Mbps down 587kbps up
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-04-29 21:56 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-29 21:49 [PATCH v2 0/5] Fix ELF / FDPIC ELF core dumping, and use mmap_sem properly in there Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` [PATCH v2 1/5] binfmt_elf_fdpic: Stop using dump_emit() on user pointers on !MMU Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-05-05 10:48 ` Christoph Hellwig
2020-05-05 10:48 ` Christoph Hellwig
2020-05-05 10:48 ` Christoph Hellwig
2020-05-05 11:42 ` Jann Horn
2020-05-05 11:42 ` Jann Horn
2020-05-05 11:42 ` Jann Horn
2020-05-05 11:42 ` Jann Horn
2020-05-05 12:15 ` Christoph Hellwig
2020-05-05 12:15 ` Christoph Hellwig
2020-05-05 12:15 ` Christoph Hellwig
2020-08-11 3:05 ` Jann Horn
2020-08-11 3:05 ` Jann Horn
2020-08-11 3:05 ` Jann Horn
2020-08-11 3:05 ` Jann Horn
2020-04-29 21:49 ` [PATCH v2 2/5] coredump: Let dump_emit() bail out on short writes Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` [PATCH v2 3/5] coredump: Refactor page range dumping into common helper Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-05-05 10:50 ` Christoph Hellwig
2020-05-05 10:50 ` Christoph Hellwig
2020-05-05 10:50 ` Christoph Hellwig
2020-05-05 11:44 ` Jann Horn
2020-05-05 11:44 ` Jann Horn
2020-05-05 11:44 ` Jann Horn
2020-05-05 11:44 ` Jann Horn
2020-04-29 21:49 ` [PATCH v2 4/5] binfmt_elf, binfmt_elf_fdpic: Use a VMA list snapshot Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-05-05 11:03 ` Christoph Hellwig
2020-05-05 11:03 ` Christoph Hellwig
2020-05-05 11:03 ` Christoph Hellwig
2020-05-05 12:11 ` Jann Horn
2020-05-05 12:11 ` Jann Horn
2020-05-05 12:11 ` Jann Horn
2020-05-05 12:11 ` Jann Horn
2020-04-29 21:49 ` [PATCH v2 5/5] mm/gup: Take mmap_sem in get_dump_page() Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:49 ` Jann Horn
2020-04-29 21:56 ` Russell King - ARM Linux admin [this message]
2020-04-29 21:56 ` [PATCH v2 0/5] Fix ELF / FDPIC ELF core dumping, and use mmap_sem properly in there Russell King - ARM Linux admin
2020-04-29 21:56 ` Russell King - ARM Linux admin
2020-04-29 23:03 ` Linus Torvalds
2020-04-29 23:03 ` Linus Torvalds
2020-04-29 23:03 ` Linus Torvalds
2020-04-29 23:03 ` Linus Torvalds
2020-04-30 1:27 ` Nicolas Pitre
2020-04-30 1:27 ` Nicolas Pitre
2020-04-30 1:27 ` Nicolas Pitre
2020-04-30 1:27 ` Nicolas Pitre
2020-04-30 14:10 ` Greg Ungerer
2020-04-30 14:10 ` Greg Ungerer
2020-04-30 14:10 ` Greg Ungerer
2020-04-30 14:51 ` Rich Felker
2020-04-30 14:51 ` Rich Felker
2020-04-30 14:51 ` Rich Felker
2020-04-30 21:13 ` Rob Landley
2020-04-30 21:13 ` Rob Landley
2020-04-30 21:13 ` Rob Landley
2020-05-01 6:00 ` Greg Ungerer
2020-05-01 6:00 ` Greg Ungerer
2020-05-01 6:00 ` Greg Ungerer
2020-05-01 19:09 ` Rob Landley
2020-05-01 19:09 ` Rob Landley
2020-05-01 19:09 ` Rob Landley
2020-04-30 16:54 ` Linus Torvalds
2020-04-30 16:54 ` Linus Torvalds
2020-04-30 16:54 ` Linus Torvalds
2020-04-30 16:54 ` Linus Torvalds
2020-04-30 19:07 ` Eric W. Biederman
2020-04-30 19:07 ` Eric W. Biederman
2020-04-30 19:07 ` Eric W. Biederman
2020-04-30 19:07 ` Eric W. Biederman
2020-05-01 5:44 ` Greg Ungerer
2020-05-01 5:44 ` Greg Ungerer
2020-05-01 5:44 ` Greg Ungerer
2020-05-01 11:13 ` Eric W. Biederman
2020-05-01 11:13 ` Eric W. Biederman
2020-05-01 11:13 ` Eric W. Biederman
2020-05-01 11:13 ` Eric W. Biederman
2020-05-01 7:14 ` Greg Ungerer
2020-05-01 7:14 ` Greg Ungerer
2020-05-01 7:14 ` Greg Ungerer
2020-04-30 1:59 ` Nicolas Pitre
2020-04-30 1:59 ` Nicolas Pitre
2020-04-30 1:59 ` Nicolas Pitre
2020-04-30 1:59 ` Nicolas Pitre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200429215620.GM1551@shell.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=dalias@libc.org \
--cc=ebiederm@xmission.com \
--cc=hch@lst.de \
--cc=jacquiot.aurelien@gmail.com \
--cc=jannh@google.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-c6x-dev@linux-c6x.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-sh@vger.kernel.org \
--cc=msalter@redhat.com \
--cc=nico@fluxnic.net \
--cc=oleg@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.