Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp105846ybl; Tue, 27 Aug 2019 16:42:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqzJ90CfzWlgX6Mdf8ES+A7I0U1bbGa81egEfBbasIs+OQ8fFB62cdYwG0GoNrLf9Qioj2Th X-Received: by 2002:a63:6c7:: with SMTP id 190mr897987pgg.7.1566949332328; Tue, 27 Aug 2019 16:42:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566949332; cv=none; d=google.com; s=arc-20160816; b=bGfcA+bH2KlxYmJFPuQpyGA6+vj6px2Ln2EAXreN9W54d2Vl+4SCCLLMXd4Rz3wZf+ 4R6hUaN6kg62NmA8uzAdRpFVv6hcMn66u1YOKpwuBqUNrfGelLKhKPoRffTueUoyqh9u zWq4iZdahIN0L3Uxig/EwO5SznaGSUUNi6LrNM9RbzLxh6s52D6SJIHbQc2ubSjgAOb5 3vjoMXm8fsseBrNmc26kvm6MOC/45F/syEZG9O5rjoUI9tV155xHI8h5eLvNJIT6OB0h koW3w3M4WPYDdgpFs0xF7Joy+xgpnL7flm8TD7GcoXH9HrPOKbeiOwBpTiLMbL1EBNxR MDyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:references:cc:to:from:subject:dkim-signature; bh=EQMjs4Y5qTEVK4IGg+RylApeAwJCoBnf1dT1QRnPLHI=; b=zxI6rZPzInEtw9WIOcC+Yam/Q7K00nw35gv9heRhyN56cM/EgBYHFRL/UliasYe1Ew ktvMu2vSnsqTuVIzpY2TF4T4qYriSaCQVoiTvQcloO4yzzDRczhFN5ZRnrvKn7F1G5+Q kryS/vYh5nEW2TCTborKeBtXEzlf85R8EBp9QJ0xU0RgkjOFb//4Ms6fXFGYnp+xhlcD CdQ7vMLP0656jRbEFCBPr6rJTL1t3IXO3zB+kylaYxNbJSJ/76QqUYJLuycW/N/Okbwz aGr1zV3aDvsPlM98iI+fTVzOTs3JI4+KhJ8NycDCoT20QRpxju/Zk6rfW0kCJoHKO1bJ Vncw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=jmmzMZUW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h14si423876pjt.78.2019.08.27.16.41.55; Tue, 27 Aug 2019 16:42:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=jmmzMZUW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726096AbfH0Xk4 (ORCPT + 99 others); Tue, 27 Aug 2019 19:40:56 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:39607 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726025AbfH0Xk4 (ORCPT ); Tue, 27 Aug 2019 19:40:56 -0400 Received: by mail-wr1-f65.google.com with SMTP id t16so517490wra.6 for ; Tue, 27 Aug 2019 16:40:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=EQMjs4Y5qTEVK4IGg+RylApeAwJCoBnf1dT1QRnPLHI=; b=jmmzMZUW/Qs5x+jjDFYYDE7+7UxKDtt/5X9KgMgzP5bP+hn8JnYF/IaOGfge8cqbF3 XB3sgBBomfiyqKzfy0AEF8vASbKM7oc6eCsbjqZZhX37ThpvNYoVd49FP6U19nTqXzbG wvp6oQ5XFGMMV9Q+GZoAt3E2XHtMpxww4tbrGcT6VXsmvm+LTiPsDAG3nVCd4rQZ49FJ jH/DB+6VZ81f3UngWxaUhxiICHhsv2WpBzwBGfVC5WPpwEAmaCsBn70OozdA90Z77vch PfBBszSv7qi0iDUKI2GS8dxuTiGKzdmh+CkcJvuZdBiNt/tRTsa9N/Y1HayfZUmTAdUf Ny7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=EQMjs4Y5qTEVK4IGg+RylApeAwJCoBnf1dT1QRnPLHI=; b=BHUY6r1V2KgrK0pOAhvp7/GZDGpG1c1Mt7NyTskw5l/JqGd5IYMJsTkDpMyvpbn79n 4w1J651qNENZvHU/O3h8EA96sQ2kzPmGDYwHClDaoKopPXOb/w0fROActduenebPqbRQ LAcrGHGapuwzcYTEjag26vIcXuL7Bq39QUkX98957Oecnf65xIICc9RhvA82+UoKzzuE EMH6yUJR6HpzXRohTknkWQA5K5JbJMsryvnXQr2VcyqRqFEz1QjxS8npMyLbtw1ncfBc 4Yk0QbHYznPs+Pl5tKkzG0R8Z6PXJ8rq+UZ/FZAF8Qi3/tikwOH+8/yUU256zk1KQBuZ FmnA== X-Gm-Message-State: APjAAAUuuFcG7fKya3Smg5s6+ahv145id137QBQt9u4MC42dzTO5q8d0 f4bW0nhFqZPSXC2/ePDqlc8= X-Received: by 2002:a5d:51c7:: with SMTP id n7mr552825wrv.73.1566949254065; Tue, 27 Aug 2019 16:40:54 -0700 (PDT) Received: from [10.83.36.153] ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id x10sm434380wrn.39.2019.08.27.16.40.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 27 Aug 2019 16:40:53 -0700 (PDT) Subject: Re: get_unmapped_area && in_ia32_syscall (Was: [PATCH] uprobes/x86: fix detection of 32-bit user mode) From: Dmitry Safonov <0x7f454c46@gmail.com> To: Oleg Nesterov Cc: Thomas Gleixner , Sebastian Mayr , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , x86@kernel.org, LKML , Masami Hiramatsu , Andy Lutomirski , Peter Zijlstra , Srikar Dronamraju References: <20190728152617.7308-1-me@sam.st> <20190827140055.GA6291@redhat.com> <15c5d9f6-6429-4775-05af-8a956d44a9ef@gmail.com> Message-ID: <459fdf33-1290-2651-6344-0ff9e466ddfc@gmail.com> Date: Wed, 28 Aug 2019 00:40:52 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: <15c5d9f6-6429-4775-05af-8a956d44a9ef@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org -Cc my old @virtuozzo email. Previously it just ignored emails and now sends those ugly html replies. Sorry about that - I've updated .mailmap now. On 8/27/19 6:03 PM, Dmitry Safonov wrote: > Hi Oleg, > > On 8/27/19 3:00 PM, Oleg Nesterov wrote: > [..] >> But to remind, there is another problem with in_ia32_syscall() && uprobes. >> >> get_unmapped_area() paths use in_ia32_syscall() and this is wrong in case >> when the caller is xol_add_vma(), in this case TS_COMPAT won't be set.> >> Usually the addr = TASK_SIZE - PAGE_SIZE passed to get_unmapped_area() should >> work, mm->get_unmapped_area() won't be even called. But if this addr is already >> occupied get_area() can return addr > TASK_SIZE. > > Technically, it's not bigger than TASK_SIZE that's supplied > get_unmapped_area() as an argument.. > > [..] >> if (!area->vaddr) { >> + if(!is_64bit_mm(mm)) >> + current_thread_info()->status |= TS_COMPAT; >> /* Try to map as high as possible, this is only a hint. */ >> area->vaddr = get_unmapped_area(NULL, TASK_SIZE - PAGE_SIZE, >> PAGE_SIZE, 0, 0); >> + if(!is_64bit_mm(mm)) >> + current_thread_info()->status &= ~TS_COMPAT;; >> if (area->vaddr & ~PAGE_MASK) { >> ret = area->vaddr; >> goto fail; > > It could have been TASK_SIZE_OF(), but that would be not much better in > my POV. I see that arch_uprobe_analyze_insn() uses is_64bit_mm() which > is correct the majority of time, but not for processes those jump > switching CS.. Except criu afair there are at least wine, dosemu. > I had it in my TODO to fix this :) > > Do I read the code properly and xol is always one page? > Could that page be reserved on the top of mmap_base/mmap_compat_base at > the binfmt loading time? (I would need than to add .mremap() for > restoring sake). Probably, not reserving it if personality doesn't allow > randomization or providing a way to disable it.. If no one has concerns over such approach, I'll cook a fix just after Plumbers week. Thanks, Dmitry