Received: by 10.223.176.5 with SMTP id f5csp3185159wra; Thu, 1 Feb 2018 12:08:50 -0800 (PST) X-Google-Smtp-Source: AH8x227g1k37hGaTWGhKTph79GXZeDLQu6DQZDSirh0DAb5jobaBGnztNlLlsjnvzjbdtJWu0bqP X-Received: by 10.101.77.8 with SMTP id i8mr30302638pgt.308.1517515730779; Thu, 01 Feb 2018 12:08:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517515730; cv=none; d=google.com; s=arc-20160816; b=UKhfuLMr2ON2BnRZsZQr75XgIRGfgJogAeGBEM6E/Md/0GMJpgQyzV55/Q/kB7/At9 zReTyWXsKqLAC5bKyaXIxZxfemIq/zYp3d5VxNX1ySyNr37RMpGuorVEhMPiL0XhoPMh i9W/LljgZj58GrqsLh7Oaqz0RszQDjc4JC5+FktSuWJjEI4JTXzXf6FCfbxdyYCWnRoH /SzlUHSZRmGPUhEvJ+MfzifEfBY83DPWgZy5C3tScwNIOgPCQsz5WzY09OSmqX3tYctY K1qKlTrUd/ml1mS7Wj3zTTkgnepR3S9vaQlT4uDRiKQtiHWaQe2Wr8lJ5WYGpsad/po/ W2MQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=y+xRlaHuIf2SfjjksTWJ1adVBv+yDsztAF4OUDSttiI=; b=zzKPpcqRo5Mqro9nreuccPm4MhnhojUnHxe77s8g8gwtdYSSQ6E40jCkKphO5wlb1H E0s8DVRD2Nq+jUSLnk9EjmF3ZS9x7yJvPK8achhf8UJNqOXLFZKkHNuHQW5lr0nR2CIh g5jNXbG+scJNpSSvAWssK5DdQjOv5HgoE6qJGwuNbTLX5Q727jQ77aHMTmuXdtHB4+hv sa14V9C2JUcrBZry1AmhmI3DVpP7n9HuIMCKhXrl9YgiIfgFdOGyqn9zKe1epewJUBTQ +/VtfilV5BvyGZQSF1RXxkoPZ5TgividMQiz+UrusvsoB5W48hiU6jzQK6/fQTJ3jN7l CZEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=MWAEmAVZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z8si224662pgc.83.2018.02.01.12.08.34; Thu, 01 Feb 2018 12:08:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=MWAEmAVZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754891AbeBAUHo (ORCPT + 99 others); Thu, 1 Feb 2018 15:07:44 -0500 Received: from mail-it0-f65.google.com ([209.85.214.65]:50517 "EHLO mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754663AbeBAUHi (ORCPT ); Thu, 1 Feb 2018 15:07:38 -0500 Received: by mail-it0-f65.google.com with SMTP id x128so5772030ite.0; Thu, 01 Feb 2018 12:07:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=y+xRlaHuIf2SfjjksTWJ1adVBv+yDsztAF4OUDSttiI=; b=MWAEmAVZptiGj5zMTgy8lHihPj8phmUkP9tP7quaWnAo3kOjQ1RnCPrG2BHMNA1aNs UZeesL0sruv735/iTPVHoDvWlmxKLG6mxdquHAvxtJDy3vpWWA/pi0afmIK9nXiG3aF3 0Xe7HaDkaKu/JEk2HwX6tY8fVq0/u6SM0LxlkCDIepiaaRxe1ktQxS6XlhnLu6L9VyPx CI0tkEJC0xOAzJqBM0G81BTen4aMUAI8AcvrHI1vTY4bnUBQxInHk9vGSREgtO+yNmPH sbogsjBbh4UGmEXDIRZx8NdIQLcF+tHViN6NF2vGx9/9GYvUh5irGAoGAKABEHykd0RS jgYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=y+xRlaHuIf2SfjjksTWJ1adVBv+yDsztAF4OUDSttiI=; b=AonJ0WDHnvguzix+FKtdCkVEBk9AMxmrVn1dJcCMHh82Dj1Q1+v0VUmcAre0gdRCnS nLMA01cPRla96VwFStTyxaw1YC1meCBi9+yhmtG94c5WmOIEnseFN0CMOWviGcWdj1Vq op1xRXqoxjcPrHM0bpEj+dPpz7Kkl305y1mgcoIVgThjwLqvaZJ3bRC3QXfLmrRGvWa2 R1r+HWoTH3jnlJQPDam+VLQrynWih7B5wlL8RoW8mCtjV7dorGbqn55Wq2PMPvepBpXq un2VOO+OJpen4LrVLzZSbYPpYn7JzxYT22eqiXd3/QNrRkjgvvRYcMMSO8nhJMnY/khg jqhg== X-Gm-Message-State: AKwxyteaL0ISVs9a6bhwm0+jI0dI7jhUNdIo++Ub26sYUiyLDwydZcaP oXAMP+q9LYsrTwtZd2oz/VQ= X-Received: by 10.36.225.9 with SMTP id n9mr20906823ith.87.1517515657508; Thu, 01 Feb 2018 12:07:37 -0800 (PST) Received: from gmail.com ([2620:15c:17:3:dc28:5c82:b905:e8a8]) by smtp.gmail.com with ESMTPSA id n16sm199081ion.1.2018.02.01.12.07.36 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 01 Feb 2018 12:07:36 -0800 (PST) Date: Thu, 1 Feb 2018 12:07:34 -0800 From: Eric Biggers To: Paolo Bonzini Cc: Radim =?utf-8?B?S3LEjW3DocWZ?= , kvm@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, Eric Biggers Subject: Re: [PATCH] KVM/x86: remove WARN_ON() for when vm_munmap() fails Message-ID: <20180201200734.hst7s56y6e5lztpi@gmail.com> References: <001a1141c71c13f559055d1b28eb@google.com> <20180201013021.151884-1-ebiggers3@gmail.com> <20180201153310.GD31080@flask> <584ef475-21cc-9ef5-8ac9-d6b00e93134e@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <584ef475-21cc-9ef5-8ac9-d6b00e93134e@redhat.com> User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 01, 2018 at 12:12:00PM -0500, Paolo Bonzini wrote: > On 01/02/2018 10:33, Radim Krčmář wrote: > > 2018-01-31 17:30-0800, Eric Biggers: > >> From: Eric Biggers > >> > >> On x86, special KVM memslots such as the TSS region have anonymous > >> memory mappings created on behalf of userspace, and these mappings are > >> removed when the VM is destroyed. > >> > >> It is however possible for removing these mappings via vm_munmap() to > >> fail. This can most easily happen if the thread receives SIGKILL while > >> it's waiting to acquire ->mmap_sem. This triggers the 'WARN_ON(r < 0)' > >> in __x86_set_memory_region(). syzkaller was able to hit this, using > >> 'exit()' to send the SIGKILL. Note that while the vm_munmap() failure > >> results in the mapping not being removed immediately, it is not leaked > >> forever but rather will be freed when the process exits. > >> > >> It's not really possible to handle this failure properly, so almost > > > > We could check "r < 0 && r != -EINTR" to get rid of the easily > > triggerable warning. > > Considering that vm_munmap uses down_write_killable, that would be > preferrable I think. > Don't be so sure that vm_munmap() can't fail for other reasons as well :-) Remember, userspace can mess around with its address space. And indeed, looking closer, I see there was a previous report of this same WARN on an older kernel which in vm_munmap() still had down_write() instead of down_write_killable(). The reproducer in that case concurrently called personality(ADDR_LIMIT_3GB) to reduce its address limit after the mapping was already created above 3 GiB. Then the vm_munmap() returned EINVAL since 'start > TASK_SIZE'. So I don't think we should check for specific error codes. We could make it a pr_warn_ratelimited() though, if we still want some notification that there was a problem without implying it is a kernel bug as WARN_ON() does. - Eric