From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Wa//=EJ=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-11.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 72383C388F2
	for <linux-mm@archiver.kernel.org>; Tue,  3 Nov 2020 03:53:58 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id C8B4C22226
	for <linux-mm@archiver.kernel.org>; Tue,  3 Nov 2020 03:53:57 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="nGryO6t7"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C8B4C22226
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 023356B005C; Mon,  2 Nov 2020 22:53:57 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id F15DF6B005D; Mon,  2 Nov 2020 22:53:56 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id DDC596B0068; Mon,  2 Nov 2020 22:53:56 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0065.hostedemail.com [216.40.44.65])
	by kanga.kvack.org (Postfix) with ESMTP id A97BA6B005C
	for <linux-mm@kvack.org>; Mon,  2 Nov 2020 22:53:56 -0500 (EST)
Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 50AD1181AEF07
	for <linux-mm@kvack.org>; Tue,  3 Nov 2020 03:53:56 +0000 (UTC)
X-FDA: 77441738472.20.brush66_0b09855272b5
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin20.hostedemail.com (Postfix) with ESMTP id 2B0E2180C07A3
	for <linux-mm@kvack.org>; Tue,  3 Nov 2020 03:53:56 +0000 (UTC)
X-HE-Tag: brush66_0b09855272b5
X-Filterd-Recvd-Size: 4794
Received: from mail-lj1-f194.google.com (mail-lj1-f194.google.com [209.85.208.194])
	by imf06.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Tue,  3 Nov 2020 03:53:55 +0000 (UTC)
Received: by mail-lj1-f194.google.com with SMTP id y16so17515899ljk.1
        for <linux-mm@kvack.org>; Mon, 02 Nov 2020 19:53:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=hOJLDVXUo2LYw/7eDqVKdvCpcOI5OkMeU4TObpOzbdA=;
        b=nGryO6t7u5LQu5kU9mZ+mS82QJqavaetK3PvEK1jSllCww9cFAOlqgl+ZXOVfolt+6
         Lbel5ZOBIcwr8mB+tOJCTbIvaA0KOFW9hkOfux8hU/Az3HFaHnYrM6wCOc9u4VzQcTnJ
         s7znfJLu3pDWLASwp5KbsfcymSdKDPRwV4/FAM+EKMKdXD2aD5sHEBfZ21UdFW+64tkH
         U6BbzwHdiSshZTRujcM5oF/zpgVjpB2s8FcnsbXCWHAtUh9FJSQozDussSKwrwmC6xpf
         fp6HpolycvO274DYNn8eIzMeftx0Y1hadLn/9eNPo3o9WvDMSAleygzKeFew3uoBgLZi
         gnHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=hOJLDVXUo2LYw/7eDqVKdvCpcOI5OkMeU4TObpOzbdA=;
        b=tstT/yTQNQ9OhFcg4FaHcUQhHQx4SaClzEVzIf2xkRIMqEroLXEqmZejXQR+IA5LCO
         S8Lh6zmoyO7obBYKT5sH3sLIVEsApEB50G0hXjbXhjnHyf1S0zLqih1b3VoIIEbgF2KC
         ptafoSNVFnldDqby/0fVS58qnvhMR3vBflQacl6UbDFdgyfzfj5EmtNwtUsaz3xboYoX
         6o7Dp68HB6aq0iRwFOKjnYVoXmb1H2h7EEpJsfu8HaKCpmNsZHp7g8QwmhyJh+3QPFqs
         DjqnlwI5hcmgZBm6vHmieC0kBCmAWaJtmnStCbF/lf84ZpFDZ8+JjVhapi3v8Y045sf5
         ySNQ==
X-Gm-Message-State: AOAM531wxb3cVIpm2aQeFCEt9DW5oDayGu12kh1olLGp/Zd7We/QdZT4
	fSitV35SqwM9vkGwMss55A0ClJx171eLaAIi8dme5w==
X-Google-Smtp-Source: ABdhPJytzGrAlZ+geOqqf0gsRtPO+IpgQeE7cjS654fjb4jYrz8aC9GaN67i2t8B+Lxs4h4awY4MB3zEJ1GdtR7omzI=
X-Received: by 2002:a05:651c:1126:: with SMTP id e6mr6168296ljo.47.1604375634057;
 Mon, 02 Nov 2020 19:53:54 -0800 (PST)
MIME-Version: 1.0
References: <20201016225713.1971256-1-jannh@google.com> <20201016225713.1971256-3-jannh@google.com>
 <20201020191540.GM6219@nvidia.com>
In-Reply-To: <20201020191540.GM6219@nvidia.com>
From: Jann Horn <jannh@google.com>
Date: Tue, 3 Nov 2020 04:53:27 +0100
Message-ID: <CAG48ez0XS+0sLLsVg_=hJo6MB1MgSCWvCL03EQ3Ja08d_us+ew@mail.gmail.com>
Subject: Re: [PATCH resend v3 2/2] exec: Broadly lock nascent mm until setup_arg_pages()
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Andrew Morton <akpm@linux-foundation.org>, Linux-MM <linux-mm@kvack.org>, 
	kernel list <linux-kernel@vger.kernel.org>, "Eric W . Biederman" <ebiederm@xmission.com>, 
	Michel Lespinasse <walken@google.com>, Mauro Carvalho Chehab <mchehab@kernel.org>, 
	Sakari Ailus <sakari.ailus@linux.intel.com>, Jeff Dike <jdike@addtoit.com>, 
	Richard Weinberger <richard@nod.at>, Anton Ivanov <anton.ivanov@cambridgegreys.com>, 
	linux-um@lists.infradead.org, John Hubbard <jhubbard@nvidia.com>, 
	Johannes Berg <johannes@sipsolutions.net>
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, Oct 20, 2020 at 9:15 PM Jason Gunthorpe <jgg@nvidia.com> wrote:
> On Sat, Oct 17, 2020 at 12:57:13AM +0200, Jann Horn wrote:
> > @@ -1545,6 +1532,18 @@ void setup_new_exec(struct linux_binprm * bprm)
> >       me->mm->task_size = TASK_SIZE;
> >       mutex_unlock(&me->signal->exec_update_mutex);
> >       mutex_unlock(&me->signal->cred_guard_mutex);
> > +
> > +     if (!IS_ENABLED(CONFIG_MMU)) {
> > +             /*
> > +              * On MMU, setup_arg_pages() wants to access bprm->vma after
> > +              * this point, so we can't drop the mmap lock yet.
> > +              * On !MMU, we have neither setup_arg_pages() nor bprm->vma,
> > +              * so we should drop the lock here.
> > +              */
> > +             mmap_write_unlock(bprm->mm);
> > +             mmput(bprm->mm);
> > +             bprm->mm = NULL;
> > +     }
>
> The only thing I dislike about this is how tricky the lock lifetime
> is, it all looks correct, but expecting the setup_arg_pages() or
> setup_new_exec() to unlock (depending!) is quite tricky.
>
> It feels like it would be clearer to have an explicit function to do
> this, like 'release_brp_mm()' indicating that current->mm is now the
> only way to get the mm and it must be locked.

That was a good suggestion; I tried to amend my patch as suggested,
and while trying to do that, noticed that under CONFIG_MMU,
binfmt_flat first does setup_new_exec(), then vm_mmap(), and then
later on setup_arg_pages()...

So your suggestion indeed helped make it clear that my patch was
wrong. Guess I'll have to go figure out how to rearrange the pieces in
binfmt_flat to make this work...