Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2405723ybv; Fri, 21 Feb 2020 15:11:32 -0800 (PST) X-Google-Smtp-Source: APXvYqymQciqhbqPXRDaTAf8NWJ8JX4ifxJam1s+5zzgt/ig1lrCKMm0jzG0+wdw2xIMkSlrlTjc X-Received: by 2002:a9d:7586:: with SMTP id s6mr29761127otk.342.1582326692547; Fri, 21 Feb 2020 15:11:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582326692; cv=none; d=google.com; s=arc-20160816; b=c+rZ65CoS7MdhJBOHW2xpQuV6kP1KnznNVTowpXOrE6QXl6RFpE0Qv2tA+SFAHvma8 d+BlLYJvaQxrOX4NQ9XaKd1qx7GW5QbLV76rrc8ElF4yzFj69aI7Gq7jY2/UYUu/pPPE lZpz1TvH9JWmMLho8qdUkDp35cKUvKcGRdldjLBB40xiwz8cGUL82qsvnnivSBEBFXKn MypLz2rDyNLVULTBnV8KSIK6fCX4AckAE998+X43HhVP/Eilnpw8VP3nC9hxwm0AWk8i aj6iAXEMGDcspMiVipUjJC36k/q6wKsapgjOHE7dT8KJWDHLFxbcebtspFVj7Xh9X2tt P0bQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=LVNnD4mUAdAkyJjOTsa1ZEjSZqvjcpylFGomo2SJ8Q8=; b=NaDj/5tPesHHGV1juvzzz7cPaJjioUjk54eiYPZwCDjo8LunwzBXLJNcgpcLU+8R+2 nBKWiH4TIlc+bXUgivlJgagYTOxBb7tRVgz6i5XnHBrYaRUIjTJ6d3Sc+lPPjozZIHs0 u0/+s7H8ESPGd7jSdaEojbDPBT/qIb0Amg3ia+olCOX8inFApyVPrt6TrTJ5d8U1Mdm+ iU1w6UeJVudbyuVFSsDuLV7qswGv9XNlmSTSyFTJM/gr8HABWO18I3fdJSXgo86PMANJ KrhZRv9G3bYfG7h0ZWD30FVot9gr/h6erqRGeGc/podwYNWevhG9qX/tmqhJ+Cn0/ypr UQfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=WZSM4lJw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t11si1437444oih.187.2020.02.21.15.11.20; Fri, 21 Feb 2020 15:11:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=WZSM4lJw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729490AbgBUXKv (ORCPT + 99 others); Fri, 21 Feb 2020 18:10:51 -0500 Received: from mail-pl1-f194.google.com ([209.85.214.194]:40835 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726290AbgBUXKu (ORCPT ); Fri, 21 Feb 2020 18:10:50 -0500 Received: by mail-pl1-f194.google.com with SMTP id y1so1507102plp.7 for ; Fri, 21 Feb 2020 15:10:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=LVNnD4mUAdAkyJjOTsa1ZEjSZqvjcpylFGomo2SJ8Q8=; b=WZSM4lJwA22ZFHhTTy5GBbpkJnPWbEbLldb8K5bOHKQ7C1fYm8kHen+nbR9LYq4qOp ggEkrr/6UGOS085bU3bOmZQI90Tm2j442C+tdt1bZUqhyKgERYMh/jbS44WrqGOSvo4e V2HZIS1GP04YYCdM8QZQ+2fJTyO91h6B+DQAg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=LVNnD4mUAdAkyJjOTsa1ZEjSZqvjcpylFGomo2SJ8Q8=; b=rkgY2Dww3a7c2DnKduEv87CV5eN8D7kVOB9c1YybBfkmLCy5xoiml/WeWHhj3qZQq4 kJNdlmICybgYDk9zbO20dqOf9uI3fCRMurA6RlPdvmRScupptTnLzRn3aLRILDZ4I+bp ycktSgzCygtMES3IQ3T2RZPRXOpLHTZEcpVtNWvEQCazt3LIddZfP94/YvCxvz0sfFTp tnUA+OcMPnDB1fTltO4ku45fLE2EpfP3/KVjPapVTUlWgppwU/2SGr+VvUBFFa0oGd0F JRozrFqgVmiufzknfeI7wAoFZrAJCXbJNziLujaB/3Mni/wvjvB4UpbvBwz16rjKoP6c BCbA== X-Gm-Message-State: APjAAAWdvt31s9w6Qg91ChT30yfZJUJFi5rg0S2QvUHUZ7hCfxJPWo1R 6Wh9afb/cY7roInRSEA5CO3hlw== X-Received: by 2002:a17:902:d688:: with SMTP id v8mr39723084ply.238.1582326650137; Fri, 21 Feb 2020 15:10:50 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id ci5sm3635120pjb.5.2020.02.21.15.10.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Feb 2020 15:10:49 -0800 (PST) Date: Fri, 21 Feb 2020 15:10:48 -0800 From: Kees Cook To: Andy Lutomirski Cc: Linus Torvalds , Peter Zijlstra , Andrew Morton , Linux Kernel Mailing List , Jens Axboe , Jann Horn , Will Deacon Subject: Re: [PATCH] mm/tlb: Fix use_mm() vs TLB invalidate Message-ID: <202002211506.2151CA26@keescook> References: <6A09F721-0AD9-4B86-AB3E-563A1CF5ABDE@amacapital.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <6A09F721-0AD9-4B86-AB3E-563A1CF5ABDE@amacapital.net> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 21, 2020 at 11:22:16AM -0800, Andy Lutomirski wrote: > > > > On Feb 21, 2020, at 11:19 AM, Linus Torvalds wrote: > > > > On Fri, Feb 21, 2020 at 3:11 AM Peter Zijlstra wrote: > >> > >> + BUG_ON(!(tsk->flags & PF_KTHREAD)); > >> + BUG_ON(tsk->mm != NULL); > > > > Stop this craziness. > > > > There is absolutely ZERO excuse for this kind of garbage. > > > > Making this a BUG_ON() will just cause all the possible debugging info > > to be thrown away and lost, and you often have a dead machine. > > > > For absolutely no good reason. > > > > Make it a WARN_ON_ONCE(). If it triggers, everything works the way it > > always did, but we get notified. > > > > Stop with the stupid crazy BUG_ON() crap already. It is actively _bad_ > > for debugging. > > > > > > In this particular case, if we actually flub this, we are very likely to cause data corruption — we’re about to do user access with the wrong mm. > > So I suppose we could switch to init_mm and carry on. *Something* will crash, but it probably won’t corrupt data or take down the machine. Why not just fail after the WARN -- I wrote the patch for the (very few) callers to handle the errors, clean up, and carry on. -- Kees Cook