[PATCH] ARM: mm: only adjust sections of valid mm structures

[PATCH] ARM: mm: only adjust sections of valid mm structures

[Doug Berger]

A timing hazard exists when an early fork/exec thread begins
exiting and sets its mm pointer to NULL while a separate core
tries to update the section information.

This commit ensures that the mm pointer is not NULL before
setting its section parameters. The arguments provided by
commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
from update_sections_early()") are equally valid for not
requiring grabbing the task_lock around this check.

Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
Signed-off-by: Doug Berger <opendmb@gmail.com>
---
 arch/arm/mm/init.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
index be0b42937888..bdc70dff477b 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n)
 		if (t->flags & PF_KTHREAD)
 			continue;
 		for_each_thread(t, s)
-			set_section_perms(perms, n, true, s->mm);
+			if (s->mm)
+				set_section_perms(perms, n, true, s->mm);
 	}
 	set_section_perms(perms, n, true, current->active_mm);
 	set_section_perms(perms, n, true, &init_mm);
-- 
2.7.4

[PATCH] ARM: mm: only adjust sections of valid mm structures

[Doug Berger]

A timing hazard exists when an early fork/exec thread begins
exiting and sets its mm pointer to NULL while a separate core
tries to update the section information.

This commit ensures that the mm pointer is not NULL before
setting its section parameters. The arguments provided by
commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
from update_sections_early()") are equally valid for not
requiring grabbing the task_lock around this check.

Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
Signed-off-by: Doug Berger <opendmb@gmail.com>
---
 arch/arm/mm/init.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
index be0b42937888..bdc70dff477b 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n)
 		if (t->flags & PF_KTHREAD)
 			continue;
 		for_each_thread(t, s)
-			set_section_perms(perms, n, true, s->mm);
+			if (s->mm)
+				set_section_perms(perms, n, true, s->mm);
 	}
 	set_section_perms(perms, n, true, current->active_mm);
 	set_section_perms(perms, n, true, &init_mm);
-- 
2.7.4


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH] ARM: mm: only adjust sections of valid mm structures

[Florian Fainelli]

On 6/27/19 2:32 PM, Doug Berger wrote:
> A timing hazard exists when an early fork/exec thread begins
> exiting and sets its mm pointer to NULL while a separate core
> tries to update the section information.
> 
> This commit ensures that the mm pointer is not NULL before
> setting its section parameters. The arguments provided by
> commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
> from update_sections_early()") are equally valid for not
> requiring grabbing the task_lock around this check.

This looks like an appropriate fix to me. For what it is worth, we were
able to reproduce this problem with a 4.9 kernel with:

CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"

It is made much more reliable with a lower default loglevel (e.g.: 1)
than the default log level, but if you have e.g.: an USB thumb drive
that needs to be scanned by the SCSI layer, then this is 100% reliable.

> 
> Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
> Signed-off-by: Doug Berger <opendmb@gmail.com>
> ---
>  arch/arm/mm/init.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
> index be0b42937888..bdc70dff477b 100644
> --- a/arch/arm/mm/init.c
> +++ b/arch/arm/mm/init.c
> @@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n)
>  		if (t->flags & PF_KTHREAD)
>  			continue;
>  		for_each_thread(t, s)
> -			set_section_perms(perms, n, true, s->mm);
> +			if (s->mm)
> +				set_section_perms(perms, n, true, s->mm);
>  	}
>  	set_section_perms(perms, n, true, current->active_mm);
>  	set_section_perms(perms, n, true, &init_mm);
> 


-- 
Florian

Re: [PATCH] ARM: mm: only adjust sections of valid mm structures

[Florian Fainelli]

On 6/27/19 2:32 PM, Doug Berger wrote:
> A timing hazard exists when an early fork/exec thread begins
> exiting and sets its mm pointer to NULL while a separate core
> tries to update the section information.
> 
> This commit ensures that the mm pointer is not NULL before
> setting its section parameters. The arguments provided by
> commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
> from update_sections_early()") are equally valid for not
> requiring grabbing the task_lock around this check.

This looks like an appropriate fix to me. For what it is worth, we were
able to reproduce this problem with a 4.9 kernel with:

CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"

It is made much more reliable with a lower default loglevel (e.g.: 1)
than the default log level, but if you have e.g.: an USB thumb drive
that needs to be scanned by the SCSI layer, then this is 100% reliable.

> 
> Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
> Signed-off-by: Doug Berger <opendmb@gmail.com>
> ---
>  arch/arm/mm/init.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
> index be0b42937888..bdc70dff477b 100644
> --- a/arch/arm/mm/init.c
> +++ b/arch/arm/mm/init.c
> @@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n)
>  		if (t->flags & PF_KTHREAD)
>  			continue;
>  		for_each_thread(t, s)
> -			set_section_perms(perms, n, true, s->mm);
> +			if (s->mm)
> +				set_section_perms(perms, n, true, s->mm);
>  	}
>  	set_section_perms(perms, n, true, current->active_mm);
>  	set_section_perms(perms, n, true, &init_mm);
> 


-- 
Florian

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH] ARM: mm: only adjust sections of valid mm structures

[Laura Abbott]

On 6/27/19 5:32 PM, Doug Berger wrote:
> A timing hazard exists when an early fork/exec thread begins
> exiting and sets its mm pointer to NULL while a separate core
> tries to update the section information.
> 
> This commit ensures that the mm pointer is not NULL before
> setting its section parameters. The arguments provided by
> commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
> from update_sections_early()") are equally valid for not
> requiring grabbing the task_lock around this check.
> 
> Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
> Signed-off-by: Doug Berger <opendmb@gmail.com>
> ---
>   arch/arm/mm/init.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
> index be0b42937888..bdc70dff477b 100644
> --- a/arch/arm/mm/init.c
> +++ b/arch/arm/mm/init.c
> @@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n)
>   		if (t->flags & PF_KTHREAD)
>   			continue;
>   		for_each_thread(t, s)
> -			set_section_perms(perms, n, true, s->mm);
> +			if (s->mm)
> +				set_section_perms(perms, n, true, s->mm);
>   	}
>   	set_section_perms(perms, n, true, current->active_mm);
>   	set_section_perms(perms, n, true, &init_mm);
> 

Acked-by: Laura Abbott <labbott@redhat.com>

Re: [PATCH] ARM: mm: only adjust sections of valid mm structures

[Laura Abbott]

On 6/27/19 5:32 PM, Doug Berger wrote:
> A timing hazard exists when an early fork/exec thread begins
> exiting and sets its mm pointer to NULL while a separate core
> tries to update the section information.
> 
> This commit ensures that the mm pointer is not NULL before
> setting its section parameters. The arguments provided by
> commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
> from update_sections_early()") are equally valid for not
> requiring grabbing the task_lock around this check.
> 
> Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
> Signed-off-by: Doug Berger <opendmb@gmail.com>
> ---
>   arch/arm/mm/init.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
> index be0b42937888..bdc70dff477b 100644
> --- a/arch/arm/mm/init.c
> +++ b/arch/arm/mm/init.c
> @@ -616,7 +616,8 @@ static void update_sections_early(struct section_perm perms[], int n)
>   		if (t->flags & PF_KTHREAD)
>   			continue;
>   		for_each_thread(t, s)
> -			set_section_perms(perms, n, true, s->mm);
> +			if (s->mm)
> +				set_section_perms(perms, n, true, s->mm);
>   	}
>   	set_section_perms(perms, n, true, current->active_mm);
>   	set_section_perms(perms, n, true, &init_mm);
> 

Acked-by: Laura Abbott <labbott@redhat.com>

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Re: [PATCH] ARM: mm: only adjust sections of valid mm structures

[Linus Walleij]

On Thu, Jun 27, 2019 at 11:33 PM Doug Berger <opendmb@gmail.com> wrote:

> A timing hazard exists when an early fork/exec thread begins
> exiting and sets its mm pointer to NULL while a separate core
> tries to update the section information.
>
> This commit ensures that the mm pointer is not NULL before
> setting its section parameters. The arguments provided by
> commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
> from update_sections_early()") are equally valid for not
> requiring grabbing the task_lock around this check.
>
> Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
> Signed-off-by: Doug Berger <opendmb@gmail.com>

Cc: stable@vger.kernel.org ?

I'm not smart enough to say whether it is the right solution, but
I also want to test this on some boards I have. I suspect this
may be part of the problem I have with mounting root on a USB
stick on some early mpcore machines, so I might come back with
a Tested-by.

Yours,
Linus Walleij

Re: [PATCH] ARM: mm: only adjust sections of valid mm structures

[Linus Walleij]

On Thu, Jun 27, 2019 at 11:33 PM Doug Berger <opendmb@gmail.com> wrote:

> A timing hazard exists when an early fork/exec thread begins
> exiting and sets its mm pointer to NULL while a separate core
> tries to update the section information.
>
> This commit ensures that the mm pointer is not NULL before
> setting its section parameters. The arguments provided by
> commit 11ce4b33aedc ("ARM: 8672/1: mm: remove tasklist locking
> from update_sections_early()") are equally valid for not
> requiring grabbing the task_lock around this check.
>
> Fixes: 08925c2f124f ("ARM: 8464/1: Update all mm structures with section adjustments")
> Signed-off-by: Doug Berger <opendmb@gmail.com>

Cc: stable@vger.kernel.org ?

I'm not smart enough to say whether it is the right solution, but
I also want to test this on some boards I have. I suspect this
may be part of the problem I have with mounting root on a USB
stick on some early mpcore machines, so I might come back with
a Tested-by.

Yours,
Linus Walleij

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel