From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=G0TP=B4=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 376F0C433DF
	for <linux-mm@archiver.kernel.org>; Tue, 18 Aug 2020 08:18:24 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id D85B7207DF
	for <linux-mm@archiver.kernel.org>; Tue, 18 Aug 2020 08:18:23 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="eqS+9xjC"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D85B7207DF
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 180406B0028; Tue, 18 Aug 2020 04:18:23 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 10A2C6B0029; Tue, 18 Aug 2020 04:18:23 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id F13FA8D0006; Tue, 18 Aug 2020 04:18:22 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0248.hostedemail.com [216.40.44.248])
	by kanga.kvack.org (Postfix) with ESMTP id D88536B0028
	for <linux-mm@kvack.org>; Tue, 18 Aug 2020 04:18:22 -0400 (EDT)
Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 9A2EA1F1B
	for <linux-mm@kvack.org>; Tue, 18 Aug 2020 08:18:22 +0000 (UTC)
X-FDA: 77162987244.27.toes48_34064612701d
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin27.hostedemail.com (Postfix) with ESMTP id 729573D663
	for <linux-mm@kvack.org>; Tue, 18 Aug 2020 08:18:22 +0000 (UTC)
X-HE-Tag: toes48_34064612701d
X-Filterd-Recvd-Size: 5352
Received: from mail-lj1-f193.google.com (mail-lj1-f193.google.com [209.85.208.193])
	by imf02.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Tue, 18 Aug 2020 08:18:21 +0000 (UTC)
Received: by mail-lj1-f193.google.com with SMTP id g6so20414816ljn.11
        for <linux-mm@kvack.org>; Tue, 18 Aug 2020 01:18:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=7ldPLk00zDl2npSmv8Uf+w008g6jg8ITcXg6uW8fPbI=;
        b=eqS+9xjC9jrTPy363gkpZ79QjRN6vwbFjXLWnrbmOtoQbECfwf8F3MmNNWLOcGXLsj
         lD8wFsXw7H0WFpfmvhD3Y/1WbazKHmesFqPISyLz0ng3WqcJkAoAFslskN26G18JkPL9
         MBhIc9KTitsEhfzTiiEcYUBJYgyu4pB9nemZ4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=7ldPLk00zDl2npSmv8Uf+w008g6jg8ITcXg6uW8fPbI=;
        b=FRXVgr79rB59j6Xj1HAMDiWzhIw5TBcJAkFSg0SZ3pqnbgloXJix87qCMaHBaTPDzw
         Cr+ybvsKOsipxMJyHezqhrU0dw6G7r+18YxE/V3/LOogtUd+tywnZmg30MBreDcIKodt
         hexIE25tnrG/MHJ+MvQTPIQt4Eqc4mw/RjQspYUVbTiHHQNGyMtF/A+MP7HWVvoXvA60
         tkZ12VbaspRXVvoFa+ZfRmM7GwSxcqczT8KqzPR3IiLi6bcbUm2mJ6eOp4zT0GpfSjlI
         nBBqNTDsfTGGyVaJm0q3cs2hRFKV3YYmRZKvEQ6xfDC61qh4wV9G4Y3NY65c84ZcZTka
         Gv4g==
X-Gm-Message-State: AOAM533eCaT/DT1SrVe2WCycA3fAvHzoujEcOAXD54mvhferPOq8GSh1
	QkiwCzRze+cPjKF+16ICO0QqZbfHxq4dwQ==
X-Google-Smtp-Source: ABdhPJy3QWbo077+mjp8ESLl0VZQj3lXk046iixgIje2spTQ/SLZ1w8b0+4OCZzTicOjhso69TqDgg==
X-Received: by 2002:a2e:3802:: with SMTP id f2mr8470598lja.212.1597738699762;
        Tue, 18 Aug 2020 01:18:19 -0700 (PDT)
Received: from mail-lj1-f170.google.com (mail-lj1-f170.google.com. [209.85.208.170])
        by smtp.gmail.com with ESMTPSA id i20sm5809022ljb.90.2020.08.18.01.18.18
        for <linux-mm@kvack.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 18 Aug 2020 01:18:18 -0700 (PDT)
Received: by mail-lj1-f170.google.com with SMTP id w25so20418228ljo.12
        for <linux-mm@kvack.org>; Tue, 18 Aug 2020 01:18:18 -0700 (PDT)
X-Received: by 2002:a2e:545:: with SMTP id 66mr9791504ljf.285.1597738698039;
 Tue, 18 Aug 2020 01:18:18 -0700 (PDT)
MIME-Version: 1.0
References: <20200818061239.29091-1-jannh@google.com> <20200818061239.29091-5-jannh@google.com>
In-Reply-To: <20200818061239.29091-5-jannh@google.com>
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue, 18 Aug 2020 01:18:01 -0700
X-Gmail-Original-Message-ID: <CAHk-=wiOqR-4jXpPe-5PBKSCwQQFDaiJwkJr6ULwhcN8DJoG0A@mail.gmail.com>
Message-ID: <CAHk-=wiOqR-4jXpPe-5PBKSCwQQFDaiJwkJr6ULwhcN8DJoG0A@mail.gmail.com>
Subject: Re: [PATCH v3 4/5] binfmt_elf, binfmt_elf_fdpic: Use a VMA list snapshot
To: Jann Horn <jannh@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>, Christoph Hellwig <hch@lst.de>, 
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, Linux-MM <linux-mm@kvack.org>, 
	linux-fsdevel <linux-fsdevel@vger.kernel.org>, Alexander Viro <viro@zeniv.linux.org.uk>, 
	"Eric W . Biederman" <ebiederm@xmission.com>, Oleg Nesterov <oleg@redhat.com>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 729573D663
X-Spamd-Result: default: False [0.00 / 100.00]
X-Rspamd-Server: rspam04
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, Aug 17, 2020 at 11:13 PM Jann Horn <jannh@google.com> wrote:
>
>         /*
>          * If this looks like the beginning of a DSO or executable mapping,
> +        * we'll check for an ELF header. If we find one, we'll dump the first
> +        * page to aid in determining what was mapped here.
> +        * However, we shouldn't sleep on userspace reads while holding the
> +        * mmap_lock, so we just return a placeholder for now that will be fixed
> +        * up later in vma_dump_size_fixup().

I still don't like this.

And I still don't think it's necessary.

The whole - and only - point of "check if it's an ELF header" is that
we don't want to dump data that could just be found by looking at the
original binary.

But by the time we get to this point, we already know that

 (a) it's a private mapping with file backing, and it's the first page
of the file

 (b) it has never been written to and it's mapped for reading

and the choice at this point is "don't dump at all", or "dump just the
first page".

And honestly, that whole "check if it has the ELF header" signature
was always just a heuristic. Nothing should depend on it anyway.

We already skip dumping file data under a lot of other circumstances
(and perhaps equally importantly, we already decided to dump it all
under other circumstances).

I think this DUMP_SIZE_MAYBE_ELFHDR_PLACEHOLDER hackery is worse than
just changing the heuristic.

So instead, just say "ok, if the file was executable, let's dump the
first page".

The test might be as simple as jjust checking

       if (file_inode(vma->vm_file)->i_mode & 0111)

and you'd be done. That's likely a _better_ heuristic than the "let's
go look at the random first word in memory".

Your patches look otherwise fine, but I really really despise that
DUMP_SIZE_MAYBE_ELFHDR_PLACEHOLDER, and I don't think it's even
necessary.

             Linus