From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=eAi4=M2=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 86630C4338F
	for <linux-mm@archiver.kernel.org>; Tue,  3 Aug 2021 16:08:08 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id D425361078
	for <linux-mm@archiver.kernel.org>; Tue,  3 Aug 2021 16:08:07 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D425361078
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=ziepe.ca
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 1A7788D0001; Tue,  3 Aug 2021 12:08:07 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 130686B005D; Tue,  3 Aug 2021 12:08:07 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id F14278D0001; Tue,  3 Aug 2021 12:08:06 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0089.hostedemail.com [216.40.44.89])
	by kanga.kvack.org (Postfix) with ESMTP id D73B26B0036
	for <linux-mm@kvack.org>; Tue,  3 Aug 2021 12:08:06 -0400 (EDT)
Received: from smtpin39.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 7D051184A7
	for <linux-mm@kvack.org>; Tue,  3 Aug 2021 16:08:06 +0000 (UTC)
X-FDA: 78434250972.39.51F29CB
Received: from mail-qk1-f172.google.com (mail-qk1-f172.google.com [209.85.222.172])
	by imf21.hostedemail.com (Postfix) with ESMTP id 2F5DED014D0E
	for <linux-mm@kvack.org>; Tue,  3 Aug 2021 16:08:06 +0000 (UTC)
Received: by mail-qk1-f172.google.com with SMTP id e14so2787509qkg.3
        for <linux-mm@kvack.org>; Tue, 03 Aug 2021 09:08:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ziepe.ca; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=iyCXAcMeIygPfeNpqIKsbcgJBDobLnmtPrfQp9eNkL0=;
        b=hxg9+iUASxlzqzBVXrSOlNky+hxKLLQ7M7j1RMjkX9B3r6kCJZU6P6RNb8GPMepoQv
         PTQU0UTyMBuqBnUIt+3q5/jcmRFjGTJbeISJmV9hnZXI3HBRoOAlc64Cy7wFoj1EkiwA
         OJP/pELqR7hYC/3zwnziPfJu9/MFmxS8yrR2mxhZGBlegYuyE61f1/U5nD1pWs4qZc9Z
         TfJexvLl1wGqeZ/WJA6NZ+CVG6cU06ED7Gx7xyjaeNQSNEjlNmiY4jHyCSMIv2XouBd3
         gg54MCzrHYa5C5x8ifsuuIqCCnCqypiwudb6YschEJ9fw3s+6mpv4rE9kKF/Lcj6AsA2
         qFsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=iyCXAcMeIygPfeNpqIKsbcgJBDobLnmtPrfQp9eNkL0=;
        b=ldaRXhJ52Pt6KEcMBNttF9aRHPeU6t9Q3+vWzNO7T2laefKcG1qcm1ihTtTT0yskKD
         iYry5LQT0pO2goeG/akBO4fRFNV+yxovkEEHPMP0OJaTdcVLHfZGNO0bXRJqHojMG6Ll
         LfACxBu8aPFzTdAexl5nXLy5KOmoGOnAjJkoMDJm636yzper+PkXmDVZbKEktmJk0rIf
         ev37HpiA48/ojmx5afSF63ZGUQguq2wMssdjhZvnAu7GPQCkx6O+5jrtNgcesdBEqrOY
         3zC16y+SjPYdtdipPAPYVXY1/jfuJwtKr+YmUq6rzlsJ0T32IqSJMYt7zve8ZReSjSD1
         6UIg==
X-Gm-Message-State: AOAM533dIbTxX2760sDOV2YFRKhxljnK4+k1bn8ap8Q4bcwUPyeKMiWv
	tNQ8qTZW+tcKGwo3PhwUWmbfrA==
X-Google-Smtp-Source: ABdhPJyemqrq0Ku/2lZ2TcmypbvrUHRvhVq/sYGHrrFwdl5cXfq31Pp+xQ2l+fzkmE1Ai2uuRdkbgg==
X-Received: by 2002:a05:620a:159a:: with SMTP id d26mr21706626qkk.495.1628006885572;
        Tue, 03 Aug 2021 09:08:05 -0700 (PDT)
Received: from ziepe.ca (hlfxns017vw-142-162-113-129.dhcp-dynamic.fibreop.ns.bellaliant.net. [142.162.113.129])
        by smtp.gmail.com with ESMTPSA id v5sm7961090qkh.39.2021.08.03.09.08.04
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 03 Aug 2021 09:08:04 -0700 (PDT)
Received: from jgg by mlx with local (Exim 4.94)
	(envelope-from <jgg@ziepe.ca>)
	id 1mAwxX-00C7pH-T1; Tue, 03 Aug 2021 13:08:03 -0300
Date: Tue, 3 Aug 2021 13:08:03 -0300
From: Jason Gunthorpe <jgg@ziepe.ca>
To: Luigi Rizzo <lrizzo@google.com>, Jann Horn <jannh@google.com>
Cc: linux-kernel@vger.kernel.org, Andrew Morton <akpm@linux-foundation.org>,
	David Rientjes <rientjes@google.com>, linux-mm@kvack.org
Subject: Re: [PATCH] Add mmap_assert_locked() annotations to find_vma*()
Message-ID: <20210803160803.GG543798@ziepe.ca>
References: <20210731175341.3458608-1-lrizzo@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210731175341.3458608-1-lrizzo@google.com>
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: 2F5DED014D0E
Authentication-Results: imf21.hostedemail.com;
	dkim=pass header.d=ziepe.ca header.s=google header.b=hxg9+iUA;
	dmarc=none;
	spf=pass (imf21.hostedemail.com: domain of jgg@ziepe.ca designates 209.85.222.172 as permitted sender) smtp.mailfrom=jgg@ziepe.ca
X-Stat-Signature: q9ab3edm6778egfqx91fs8hso1wxmkhc
X-HE-Tag: 1628006886-917680
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Sat, Jul 31, 2021 at 10:53:41AM -0700, Luigi Rizzo wrote:
> find_vma() and variants need protection when used.
> This patch adds mmap_assert_lock() calls in the functions.
> 
> To make sure the invariant is satisfied, we also need to add a
> mmap_read_loc() around the get_user_pages_remote() call in
> get_arg_page(). The lock is not strictly necessary because the mm
> has been newly created, but the extra cost is limited because
> the same mutex was also acquired shortly before in __bprm_mm_init(),
> so it is hot and uncontended.
> 
> Signed-off-by: Luigi Rizzo <lrizzo@google.com>
>  fs/exec.c | 2 ++
>  mm/mmap.c | 2 ++
>  2 files changed, 4 insertions(+)
> 
> diff --git a/fs/exec.c b/fs/exec.c
> index 38f63451b928..ac7603e985b4 100644
> +++ b/fs/exec.c
> @@ -217,8 +217,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
>  	 * We are doing an exec().  'current' is the process
>  	 * doing the exec and bprm->mm is the new process's mm.
>  	 */
> +	mmap_read_lock(bprm->mm);
>  	ret = get_user_pages_remote(bprm->mm, pos, 1, gup_flags,
>  			&page, NULL, NULL);
> +	mmap_read_unlock(bprm->mm);
>  	if (ret <= 0)
>  		return NULL;

Wasn't Jann Horn working on something like this too?

https://lore.kernel.org/linux-mm/20201016225713.1971256-1-jannh@google.com/

IIRC it was very tricky here, are you sure it is OK to obtain this lock
here?

I would much rather see Jann's complete solution be merged then
hacking at the exec problem on the side..

Jason