Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp2771323ybh; Mon, 9 Mar 2020 12:39:37 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuy8OLYdCoFw7IGK15LT/E2n3kMd9Xlsm4bYrGKb9Utz+1lr74mWw6EP4O89YlFoxtkVeni X-Received: by 2002:a9d:10d:: with SMTP id 13mr14740446otu.334.1583782777189; Mon, 09 Mar 2020 12:39:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1583782777; cv=none; d=google.com; s=arc-20160816; b=Z2L4qlRcMOO8dN6M65YShZkETvE+CA3up/+0OmNmnadLHjPxR0F1g7FZIhQI6ikgTT 8oHoPRhupsC1CrxWJZqf0lyK9tVwW80PP+2DnF1wX5yr1TYUFgBm3WKuW8OBgNVp5iSL T9orQ7PHm4Jm+vTcMjAD9sBfIwq8EDkQT5yQOnVtLOJ23uVkbSYoVxYcb1Ktjr2dstbC YDpRLAz+bjjJp4OFvWZQRxI1T1yEVpNoquBUce27GHml8cnPCv1S4F0KGIMR9Dw1f/fS LTYkC0rcK86/aRNsqkIKOhflIxK9TWgT9JcnSIT10fmQ0Xk2dYMG/6MTKGR/1g5qrNMb jj1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from; bh=j8MjC27Y4maO2olHp5aeaJsqqJjSjN0iikRCNfZ+U8k=; b=LndQ5PQaZOSlW49yQhymQegTv9WoARaAgwO9KIVFYI63AjTaoxT1UhClD7tKLBH8av tnHK/MqPtaj4J5Mz7A3grGZluCI4fN2CHb76T/m+m/XgCxj19q9vatrUJImC7bR6jO8G fi1X7GEO6DmIDmg7kjcAc0VI829SAA9AwQBHHTpDn6EaT5Kne6l/64xmYrenJgr2Yp6T rY8dJzm5KZbSd3MAQ9ql0cI9fNiQD8gpt//U4EolYgWHfoveWmS3NT8HyOETEzkX0tsu j6fK2X5JYtWij3pUGBh5+Mp9UnjZl17tkdQCR/JRajjvL0AzoVrWBkxDsRKiHlkine1k ZTUQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t144si1594800oie.129.2020.03.09.12.39.24; Mon, 09 Mar 2020 12:39:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726385AbgCIThw (ORCPT + 99 others); Mon, 9 Mar 2020 15:37:52 -0400 Received: from out03.mta.xmission.com ([166.70.13.233]:57330 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726156AbgCIThv (ORCPT ); Mon, 9 Mar 2020 15:37:51 -0400 Received: from in01.mta.xmission.com ([166.70.13.51]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jBODe-00015d-OU; Mon, 09 Mar 2020 13:37:42 -0600 Received: from ip68-227-160-95.om.om.cox.net ([68.227.160.95] helo=x220.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from ) id 1jBODd-0004Wy-QQ; Mon, 09 Mar 2020 13:37:42 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Bernd Edlinger Cc: Christian Brauner , Kees Cook , Jann Horn , Jonathan Corbet , Alexander Viro , Andrew Morton , Alexey Dobriyan , Thomas Gleixner , Oleg Nesterov , Frederic Weisbecker , Andrei Vagin , Ingo Molnar , "Peter Zijlstra \(Intel\)" , Yuyang Du , David Hildenbrand , Sebastian Andrzej Siewior , Anshuman Khandual , David Howells , James Morris , Greg Kroah-Hartman , Shakeel Butt , Jason Gunthorpe , Christian Kellner , Andrea Arcangeli , Aleksa Sarai , "Dmitry V. Levin" , "linux-doc\@vger.kernel.org" , "linux-kernel\@vger.kernel.org" , "linux-fsdevel\@vger.kernel.org" , "linux-mm\@kvack.org" , "stable\@vger.kernel.org" , "linux-api\@vger.kernel.org" References: <87a74xi4kz.fsf@x220.int.ebiederm.org> <87r1y8dqqz.fsf@x220.int.ebiederm.org> <87tv32cxmf.fsf_-_@x220.int.ebiederm.org> <87v9ne5y4y.fsf_-_@x220.int.ebiederm.org> <87zhcq4jdj.fsf_-_@x220.int.ebiederm.org> <878sk94eay.fsf@x220.int.ebiederm.org> <87r1y12yc7.fsf@x220.int.ebiederm.org> <87k13t2xpd.fsf@x220.int.ebiederm.org> <87d09l2x5n.fsf@x220.int.ebiederm.org> <871rq12vxu.fsf@x220.int.ebiederm.org> Date: Mon, 09 Mar 2020 14:35:24 -0500 In-Reply-To: (Bernd Edlinger's message of "Mon, 9 Mar 2020 19:24:58 +0000") Message-ID: <87fteh1fur.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1jBODd-0004Wy-QQ;;;mid=<87fteh1fur.fsf@x220.int.ebiederm.org>;;;hst=in01.mta.xmission.com;;;ip=68.227.160.95;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1+DDWQI5cjwElTn1n4Tvz89F0vLYf/zGAA= X-SA-Exim-Connect-IP: 68.227.160.95 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa07.xmission.com X-Spam-Level: X-Spam-Status: No, score=0.5 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,T_TM2_M_HEADER_IN_MSG,T_TooManySym_01,XMSubLong autolearn=disabled version=3.4.2 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * 0.7 XMSubLong Long Subject * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa07 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Bernd Edlinger X-Spam-Relay-Country: X-Spam-Timing: total 460 ms - load_scoreonly_sql: 0.03 (0.0%), signal_user_changed: 2.9 (0.6%), b_tie_ro: 2.1 (0.5%), parse: 1.07 (0.2%), extract_message_metadata: 16 (3.4%), get_uri_detail_list: 3.1 (0.7%), tests_pri_-1000: 26 (5.7%), tests_pri_-950: 1.17 (0.3%), tests_pri_-900: 1.04 (0.2%), tests_pri_-90: 40 (8.6%), check_bayes: 38 (8.2%), b_tokenize: 16 (3.5%), b_tok_get_all: 11 (2.4%), b_comp_prob: 3.4 (0.7%), b_tok_touch_all: 4.2 (0.9%), b_finish: 0.67 (0.1%), tests_pri_0: 358 (77.9%), check_dkim_signature: 0.62 (0.1%), check_dkim_adsp: 2.7 (0.6%), poll_dns_idle: 0.73 (0.2%), tests_pri_10: 3.1 (0.7%), tests_pri_500: 8 (1.7%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH v2 5/5] exec: Add a exec_update_mutex to replace cred_guard_mutex X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Bernd Edlinger writes: > On 3/9/20 8:02 PM, Eric W. Biederman wrote: >> Bernd Edlinger writes: >> >>> On 3/9/20 7:36 PM, Eric W. Biederman wrote: >>>> >>>> >>>> Does that sound better? >>>> >>> >>> almost done. >> >> I think this text is finally clean. >> >> exec: Add exec_update_mutex to replace cred_guard_mutex >> >> The cred_guard_mutex is problematic as it is held over possibly >> indefinite waits for userspace. The possilbe indefinite waits for >> userspace that I have identified are: The cred_guard_mutex is held in >> PTRACE_EVENT_EXIT waiting for the tracer. The cred_guard_mutex is >> held over "put_user(0, tsk->clear_child_tid)" in exit_mm(). The >> cred_guard_mutex is held over "get_user(futex_offset, ...") in >> exit_robust_list. The cred_guard_mutex held over copy_strings. >> >> The functions get_user and put_user can trigger a page fault which can >> potentially wait indefinitely in the case of userfaultfd or if >> userspace implements part of the page fault path. >> >> In any of those cases the userspace process that the kernel is waiting >> for might make a different system call that winds up taking the >> cred_guard_mutex and result in deadlock. >> >> Holding a mutex over any of those possibly indefinite waits for >> userspace does not appear necessary. Add exec_update_mutex that will >> just cover updating the process during exec where the permissions and >> the objects pointed to by the task struct may be out of sync. >> >> The plan is to switch the users of cred_guard_mutex to >> exec_update_mutex one by one. This lets us move forward while still >> being careful and not introducing any regressions. >> >> Link: https://lore.kernel.org/lkml/20160921152946.GA24210@dhcp22.suse.cz/ >> Link: https://lore.kernel.org/lkml/AM6PR03MB5170B06F3A2B75EFB98D071AE4E60@AM6PR03MB5170.eurprd03.prod.outlook.com/ >> Link: https://lore.kernel.org/linux-fsdevel/20161102181806.GB1112@redhat.com/ >> Link: https://lore.kernel.org/lkml/20160923095031.GA14923@redhat.com/ >> Link: https://lore.kernel.org/lkml/20170213141452.GA30203@redhat.com/ >> Ref: 45c1a159b85b ("Add PTRACE_O_TRACEVFORKDONE and PTRACE_O_TRACEEXIT facilities.") >> Ref: 456f17cd1a28 ("[PATCH] user-vm-unlock-2.5.31-A2") > > I checked the urls they all work. > Just one last question, are these git references? > I can't find them in my linux git tree (cloned from linus' git)? > > Sorry for being pedantically. You have to track down tglx's historicaly git tree from when everything was in bitkeeper. But yes they are git references and yes they work. Just that part of the history is not in linux.git. >> Signed-off-by: "Eric W. Biederman" >> >> >> Bernd do you want to give me your Reviewed-by for this part of the >> series? >> > > Sure also the other parts of course. > > Reviewed-by: Bernd Edlinger > >> After that do you think you can write the obvious patch for mm_access? >> > > Yes, I can do that. > I also have some typos in comments, will make them extra patches as well. > > I wonder if the test case is okay to include the ptrace_attach altough > that is not yet passing? It is an existing kernel but that it doesn't pass. My sense is that if you include it as a separate patch if it is a problem for someone we can identify it easily via bisect and we do whatever is appropriate. Eric