From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.4 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35001C2B9F4 for ; Mon, 28 Jun 2021 17:15:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 104D161466 for ; Mon, 28 Jun 2021 17:15:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232359AbhF1RR1 (ORCPT ); Mon, 28 Jun 2021 13:17:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45420 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233136AbhF1RR0 (ORCPT ); Mon, 28 Jun 2021 13:17:26 -0400 Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 418A8C061574 for ; Mon, 28 Jun 2021 10:15:00 -0700 (PDT) Received: by mail-lj1-x22a.google.com with SMTP id u25so11141691ljj.11 for ; Mon, 28 Jun 2021 10:15:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=2XZJeJAnEeTw6EZhaeLtrIK78gkna+e52JMMHDT7CCg=; b=vXUXr4QmB8bjJVw5A5IXOs6Bo6viOvMc2F0ojinBt6aXe1DSaxMQwbtfRnJQb+8lYW zcyFZgIJtaGNLaTOhAJJ8JyG4hU3Dd4EVJs3il9GJtDKN9WZZqQPALe2FH+E+iIl863X Em5ZoXz7AkXDHv014gmOyuqVRDCUpKfJKn76opXr3IIGqQ2vTCeVV+c6OVkmR9ipZiTi wPUxWKKKF0t+qKL2L2riNFGIDdEgqH7abrYvPLwsnGxKzWtGCM82TnEj13IwbrX83Qjv BW79d4ELwMWWecaVuLUPoewSfeWAdNbdVCEW55GA4IZ/6mRwnCEwB5tXIwF7FNxQA7Kb /qew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=2XZJeJAnEeTw6EZhaeLtrIK78gkna+e52JMMHDT7CCg=; b=VUwSpLLyFQm2sqD0wr2qsy+W/IQvgIQSf3+pBat7XDRwkUhmPB3pkyBNaVGz62gV9b mjOoy0GoAt/EHQFlux4uX42Lt+mdu9h5sOLO2jq1LmeOvjYbc+zsA1eKA8O8HCU3s7pG DssM7a5YhfokgQQfJfIPbzmcCqhCcj8eQzBEpVGwO8tf6/YUWod7Q9JJlQgXe9qdaSaE qwvUmeJWDxbff5bm0zMq3KVpTha2c1Pt/EH5MiaAXb9d80a2R8kSfvm6PkgimWNtPQVg QdK8SUiJQzODZZzl1CikweWYAklX5nIknAPPvv7MskXD6A6HwxzNS/0v/1Y4RG2oQoIQ Ev1w== X-Gm-Message-State: AOAM5310GK+qVmwSkVW58+QyeFqTO9dlesI3tIIhGNZRf4BWkcJ8b+8+ yIITD5Np5wBVKwbGnYJtqYbcJdNRJoyu7vtZszwFwg== X-Google-Smtp-Source: ABdhPJwouLp0BeyvLadrY22lhcl7T2zhKeDBodDpwR+JLO60lkyrdWsQoS1kjfX3iybtOy7rkSxgTUJm5fJEEgP3AO8= X-Received: by 2002:a2e:918a:: with SMTP id f10mr362098ljg.226.1624900497482; Mon, 28 Jun 2021 10:14:57 -0700 (PDT) MIME-Version: 1.0 References: <20210414055217.543246-1-avagin@gmail.com> <20210414055217.543246-3-avagin@gmail.com> In-Reply-To: From: Jann Horn Date: Mon, 28 Jun 2021 19:14:31 +0200 Message-ID: Subject: Re: [PATCH 2/4] arch/x86: implement the process_vm_exec syscall To: Andy Lutomirski Cc: Andrei Vagin , Linux Kernel Mailing List , Linux API , linux-um@lists.infradead.org, criu@openvz.org, avagin@google.com, Andrew Morton , Anton Ivanov , Christian Brauner , Dmitry Safonov <0x7f454c46@gmail.com>, Ingo Molnar , Jeff Dike , Mike Rapoport , Michael Kerrisk , Oleg Nesterov , "Peter Zijlstra (Intel)" , Richard Weinberger , Thomas Gleixner Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 28, 2021 at 6:30 PM Andy Lutomirski wrote: > On Mon, Jun 28, 2021, at 9:13 AM, Jann Horn wrote: > > On Wed, Apr 14, 2021 at 7:59 AM Andrei Vagin wrote: > > > This change introduces the new system call: > > > process_vm_exec(pid_t pid, struct sigcontext *uctx, unsigned long fla= gs, > > > siginfo_t * uinfo, sigset_t *sigmask, size_t sizemask= ) > > > > > > process_vm_exec allows to execute the current process in an address > > > space of another process. > > [...] > > > > I still think that this whole API is fundamentally the wrong approach > > because it tries to shoehorn multiple usecases with different > > requirements into a single API. But that aside: > > > > > +static void swap_mm(struct mm_struct *prev_mm, struct mm_struct *tar= get_mm) > > > +{ > > > + struct task_struct *tsk =3D current; > > > + struct mm_struct *active_mm; > > > + > > > + task_lock(tsk); > > > + /* Hold off tlb flush IPIs while switching mm's */ > > > + local_irq_disable(); > > > + > > > + sync_mm_rss(prev_mm); > > > + > > > + vmacache_flush(tsk); > > > + > > > + active_mm =3D tsk->active_mm; > > > + if (active_mm !=3D target_mm) { > > > + mmgrab(target_mm); > > > + tsk->active_mm =3D target_mm; > > > + } > > > + tsk->mm =3D target_mm; > > > > I'm pretty sure you're not currently allowed to overwrite the ->mm > > pointer of a userspace thread. For example, zap_threads() assumes that > > all threads running under a process have the same ->mm. (And if you're > > fiddling with ->mm stuff, you should probably CC linux-mm@.) > > exec_mmap() does it, so it can=E2=80=99t be entirely impossible. Yeah, true, execve can do it - I guess the thing that makes that special is that it's running after de_thread(), so it's guaranteed to be single-threaded? From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lj1-x233.google.com ([2a00:1450:4864:20::233]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1lxuqb-008muE-Dv for linux-um@lists.infradead.org; Mon, 28 Jun 2021 17:15:02 +0000 Received: by mail-lj1-x233.google.com with SMTP id k8so26754341lja.4 for ; Mon, 28 Jun 2021 10:14:59 -0700 (PDT) MIME-Version: 1.0 References: <20210414055217.543246-1-avagin@gmail.com> <20210414055217.543246-3-avagin@gmail.com> In-Reply-To: From: Jann Horn Date: Mon, 28 Jun 2021 19:14:31 +0200 Message-ID: Subject: Re: [PATCH 2/4] arch/x86: implement the process_vm_exec syscall List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-um" Errors-To: linux-um-bounces+geert=linux-m68k.org@lists.infradead.org To: Andy Lutomirski Cc: Andrei Vagin , Linux Kernel Mailing List , Linux API , linux-um@lists.infradead.org, criu@openvz.org, avagin@google.com, Andrew Morton , Anton Ivanov , Christian Brauner , Dmitry Safonov <0x7f454c46@gmail.com>, Ingo Molnar , Jeff Dike , Mike Rapoport , Michael Kerrisk , Oleg Nesterov , "Peter Zijlstra (Intel)" , Richard Weinberger , Thomas Gleixner T24gTW9uLCBKdW4gMjgsIDIwMjEgYXQgNjozMCBQTSBBbmR5IEx1dG9taXJza2kgPGx1dG9Aa2Vy bmVsLm9yZz4gd3JvdGU6Cj4gT24gTW9uLCBKdW4gMjgsIDIwMjEsIGF0IDk6MTMgQU0sIEphbm4g SG9ybiB3cm90ZToKPiA+IE9uIFdlZCwgQXByIDE0LCAyMDIxIGF0IDc6NTkgQU0gQW5kcmVpIFZh Z2luIDxhdmFnaW5AZ21haWwuY29tPiB3cm90ZToKPiA+ID4gVGhpcyBjaGFuZ2UgaW50cm9kdWNl cyB0aGUgbmV3IHN5c3RlbSBjYWxsOgo+ID4gPiBwcm9jZXNzX3ZtX2V4ZWMocGlkX3QgcGlkLCBz dHJ1Y3Qgc2lnY29udGV4dCAqdWN0eCwgdW5zaWduZWQgbG9uZyBmbGFncywKPiA+ID4gICAgICAg ICAgICAgICAgIHNpZ2luZm9fdCAqIHVpbmZvLCBzaWdzZXRfdCAqc2lnbWFzaywgc2l6ZV90IHNp emVtYXNrKQo+ID4gPgo+ID4gPiBwcm9jZXNzX3ZtX2V4ZWMgYWxsb3dzIHRvIGV4ZWN1dGUgdGhl IGN1cnJlbnQgcHJvY2VzcyBpbiBhbiBhZGRyZXNzCj4gPiA+IHNwYWNlIG9mIGFub3RoZXIgcHJv Y2Vzcy4KPiA+IFsuLi5dCj4gPgo+ID4gSSBzdGlsbCB0aGluayB0aGF0IHRoaXMgd2hvbGUgQVBJ IGlzIGZ1bmRhbWVudGFsbHkgdGhlIHdyb25nIGFwcHJvYWNoCj4gPiBiZWNhdXNlIGl0IHRyaWVz IHRvIHNob2Vob3JuIG11bHRpcGxlIHVzZWNhc2VzIHdpdGggZGlmZmVyZW50Cj4gPiByZXF1aXJl bWVudHMgaW50byBhIHNpbmdsZSBBUEkuIEJ1dCB0aGF0IGFzaWRlOgo+ID4KPiA+ID4gK3N0YXRp YyB2b2lkIHN3YXBfbW0oc3RydWN0IG1tX3N0cnVjdCAqcHJldl9tbSwgc3RydWN0IG1tX3N0cnVj dCAqdGFyZ2V0X21tKQo+ID4gPiArewo+ID4gPiArICAgICAgIHN0cnVjdCB0YXNrX3N0cnVjdCAq dHNrID0gY3VycmVudDsKPiA+ID4gKyAgICAgICBzdHJ1Y3QgbW1fc3RydWN0ICphY3RpdmVfbW07 Cj4gPiA+ICsKPiA+ID4gKyAgICAgICB0YXNrX2xvY2sodHNrKTsKPiA+ID4gKyAgICAgICAvKiBI b2xkIG9mZiB0bGIgZmx1c2ggSVBJcyB3aGlsZSBzd2l0Y2hpbmcgbW0ncyAqLwo+ID4gPiArICAg ICAgIGxvY2FsX2lycV9kaXNhYmxlKCk7Cj4gPiA+ICsKPiA+ID4gKyAgICAgICBzeW5jX21tX3Jz cyhwcmV2X21tKTsKPiA+ID4gKwo+ID4gPiArICAgICAgIHZtYWNhY2hlX2ZsdXNoKHRzayk7Cj4g PiA+ICsKPiA+ID4gKyAgICAgICBhY3RpdmVfbW0gPSB0c2stPmFjdGl2ZV9tbTsKPiA+ID4gKyAg ICAgICBpZiAoYWN0aXZlX21tICE9IHRhcmdldF9tbSkgewo+ID4gPiArICAgICAgICAgICAgICAg bW1ncmFiKHRhcmdldF9tbSk7Cj4gPiA+ICsgICAgICAgICAgICAgICB0c2stPmFjdGl2ZV9tbSA9 IHRhcmdldF9tbTsKPiA+ID4gKyAgICAgICB9Cj4gPiA+ICsgICAgICAgdHNrLT5tbSA9IHRhcmdl dF9tbTsKPiA+Cj4gPiBJJ20gcHJldHR5IHN1cmUgeW91J3JlIG5vdCBjdXJyZW50bHkgYWxsb3dl ZCB0byBvdmVyd3JpdGUgdGhlIC0+bW0KPiA+IHBvaW50ZXIgb2YgYSB1c2Vyc3BhY2UgdGhyZWFk LiBGb3IgZXhhbXBsZSwgemFwX3RocmVhZHMoKSBhc3N1bWVzIHRoYXQKPiA+IGFsbCB0aHJlYWRz IHJ1bm5pbmcgdW5kZXIgYSBwcm9jZXNzIGhhdmUgdGhlIHNhbWUgLT5tbS4gKEFuZCBpZiB5b3Un cmUKPiA+IGZpZGRsaW5nIHdpdGggLT5tbSBzdHVmZiwgeW91IHNob3VsZCBwcm9iYWJseSBDQyBs aW51eC1tbUAuKQo+Cj4gZXhlY19tbWFwKCkgZG9lcyBpdCwgc28gaXQgY2Fu4oCZdCBiZSBlbnRp cmVseSBpbXBvc3NpYmxlLgoKWWVhaCwgdHJ1ZSwgZXhlY3ZlIGNhbiBkbyBpdCAtIEkgZ3Vlc3Mg dGhlIHRoaW5nIHRoYXQgbWFrZXMgdGhhdApzcGVjaWFsIGlzIHRoYXQgaXQncyBydW5uaW5nIGFm dGVyIGRlX3RocmVhZCgpLCBzbyBpdCdzIGd1YXJhbnRlZWQgdG8KYmUgc2luZ2xlLXRocmVhZGVk PwoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGludXgt dW0gbWFpbGluZyBsaXN0CmxpbnV4LXVtQGxpc3RzLmluZnJhZGVhZC5vcmcKaHR0cDovL2xpc3Rz LmluZnJhZGVhZC5vcmcvbWFpbG1hbi9saXN0aW5mby9saW51eC11bQo=