Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp225331pxb; Mon, 2 Nov 2020 19:55:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJw8/J34o34vv6rhPN04dNH5q+/SB9MBUQ+eawaEx6eMQVkHmW+tmaTiovm+HGG+nN9QuHVh X-Received: by 2002:a50:e149:: with SMTP id i9mr20323791edl.56.1604375752854; Mon, 02 Nov 2020 19:55:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604375752; cv=none; d=google.com; s=arc-20160816; b=NUCg5Q+ey65O4UzynvIG/mzm5GK8P8qYyrC7FwscXtIscRLH1SXdylhmJ+kCmGPGy9 YKVQKcsKTx4m8WQSbXJJ+D6FIYJpkwxziYcWb8W2LU47RWkbI12HeUiPYtqLZ2L/oSfN g1va4E86xLzrfJWj+F0akk4wbGXt/cGyp5vo9C9OUYTfWexDDmiANEn/SRBq9QW6TxQq 2ULbo0++l9T0RIzrDrZLLAHFTcITTCxN1IbVn5oWlr1EnL8rGqYW1yTwXazEchIgAjeR K/wEGD2PoEYos9v3QYLZZN41YwYMBh5ykHbdXwgR9LZ1BZxctRe4SCK3ttcA/EuDFh9v XLNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=hOJLDVXUo2LYw/7eDqVKdvCpcOI5OkMeU4TObpOzbdA=; b=qNwo1SOuAI6RosC8bKhwRHnUScQcgCj19ygGUU1mYAQUni5WQAGDt6/Z7lusjMn0fN K2V36ZZMHK1Htre6/bCA/JcXkLbfVqh/1u3Lj3YSybJZ4csKuLliYXs//Eahuz7O9UfL aRRmv1gcsVZVR/OGi77ezE8OjTWRY0pb5tBBnFLW8Fno1/6kQcwykSSvjZDF3T9mEj6N SFYja6ZBkQRwGl8TvJKoRIMd5jkWayiFJunndeb4n+6IFwz+SIfiS6UdUwd8OUP3CeHc hgcprUIDbn5Sz4rsk1nPdkX/YJwHL1rvjbGj1RnUUXzqPVPsTe9S9r/yY+nNZmLRxqhX ueBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=nGryO6t7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q19si3253231ejr.425.2020.11.02.19.55.29; Mon, 02 Nov 2020 19:55:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=nGryO6t7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725980AbgKCDx5 (ORCPT + 99 others); Mon, 2 Nov 2020 22:53:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33158 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725921AbgKCDx5 (ORCPT ); Mon, 2 Nov 2020 22:53:57 -0500 Received: from mail-lj1-x244.google.com (mail-lj1-x244.google.com [IPv6:2a00:1450:4864:20::244]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA553C0617A6 for ; Mon, 2 Nov 2020 19:53:55 -0800 (PST) Received: by mail-lj1-x244.google.com with SMTP id m8so11430923ljj.0 for ; Mon, 02 Nov 2020 19:53:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hOJLDVXUo2LYw/7eDqVKdvCpcOI5OkMeU4TObpOzbdA=; b=nGryO6t7u5LQu5kU9mZ+mS82QJqavaetK3PvEK1jSllCww9cFAOlqgl+ZXOVfolt+6 Lbel5ZOBIcwr8mB+tOJCTbIvaA0KOFW9hkOfux8hU/Az3HFaHnYrM6wCOc9u4VzQcTnJ s7znfJLu3pDWLASwp5KbsfcymSdKDPRwV4/FAM+EKMKdXD2aD5sHEBfZ21UdFW+64tkH U6BbzwHdiSshZTRujcM5oF/zpgVjpB2s8FcnsbXCWHAtUh9FJSQozDussSKwrwmC6xpf fp6HpolycvO274DYNn8eIzMeftx0Y1hadLn/9eNPo3o9WvDMSAleygzKeFew3uoBgLZi gnHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hOJLDVXUo2LYw/7eDqVKdvCpcOI5OkMeU4TObpOzbdA=; b=lHiprgLipKeM38p7/A/pouHlfHPUVQKQsP2C39AohAE6w8V6MObAQQJ+H20EFKDYSx 59lQvQAVQ1R5qZMbz06lSlV+gZzEXsQ9bReEBCwR9bwFAbGskXJlh80r+Li57OklnHGk /8fF2bhubnfE/5cXefM0BLlYRBlalIM7g+RNDI8j46U0b4fflaPngvVw9k/Ndus0KG0M zEx5Xya28bs3rxx87vtS2PFzIQ2kWhEQ9t2ksZpg+toX577Ym0j1bUmotbk2pnytbb0G cPEfo4GZa6R84CVC6cUyftg4XS0uyLwblI1gmQr5nCnASHEdsSY+RbXQ0yR42g23B5za NItA== X-Gm-Message-State: AOAM533lPx/yrCDyuDezIiPHmuxaFw+js0lwwN05pU7/kwkYLHhBagzn qVIvmgo5wgl8GFILxLcUt+wDjivdc6R+NLM9DfJYuVXDgRtd0Q== X-Received: by 2002:a05:651c:1126:: with SMTP id e6mr6168296ljo.47.1604375634057; Mon, 02 Nov 2020 19:53:54 -0800 (PST) MIME-Version: 1.0 References: <20201016225713.1971256-1-jannh@google.com> <20201016225713.1971256-3-jannh@google.com> <20201020191540.GM6219@nvidia.com> In-Reply-To: <20201020191540.GM6219@nvidia.com> From: Jann Horn Date: Tue, 3 Nov 2020 04:53:27 +0100 Message-ID: Subject: Re: [PATCH resend v3 2/2] exec: Broadly lock nascent mm until setup_arg_pages() To: Jason Gunthorpe Cc: Andrew Morton , Linux-MM , kernel list , "Eric W . Biederman" , Michel Lespinasse , Mauro Carvalho Chehab , Sakari Ailus , Jeff Dike , Richard Weinberger , Anton Ivanov , linux-um@lists.infradead.org, John Hubbard , Johannes Berg Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 20, 2020 at 9:15 PM Jason Gunthorpe wrote: > On Sat, Oct 17, 2020 at 12:57:13AM +0200, Jann Horn wrote: > > @@ -1545,6 +1532,18 @@ void setup_new_exec(struct linux_binprm * bprm) > > me->mm->task_size = TASK_SIZE; > > mutex_unlock(&me->signal->exec_update_mutex); > > mutex_unlock(&me->signal->cred_guard_mutex); > > + > > + if (!IS_ENABLED(CONFIG_MMU)) { > > + /* > > + * On MMU, setup_arg_pages() wants to access bprm->vma after > > + * this point, so we can't drop the mmap lock yet. > > + * On !MMU, we have neither setup_arg_pages() nor bprm->vma, > > + * so we should drop the lock here. > > + */ > > + mmap_write_unlock(bprm->mm); > > + mmput(bprm->mm); > > + bprm->mm = NULL; > > + } > > The only thing I dislike about this is how tricky the lock lifetime > is, it all looks correct, but expecting the setup_arg_pages() or > setup_new_exec() to unlock (depending!) is quite tricky. > > It feels like it would be clearer to have an explicit function to do > this, like 'release_brp_mm()' indicating that current->mm is now the > only way to get the mm and it must be locked. That was a good suggestion; I tried to amend my patch as suggested, and while trying to do that, noticed that under CONFIG_MMU, binfmt_flat first does setup_new_exec(), then vm_mmap(), and then later on setup_arg_pages()... So your suggestion indeed helped make it clear that my patch was wrong. Guess I'll have to go figure out how to rearrange the pieces in binfmt_flat to make this work...