Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp3645230pxv;
        Mon, 28 Jun 2021 09:16:21 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJy+8PVRGbbR5U83mTzqEH+NAk93w0yRUYwjSMqVNK6Nr19Aife31kVmrIiYq2b4kfS+YSZX
X-Received: by 2002:a05:6402:886:: with SMTP id e6mr34238331edy.33.1624896980889;
        Mon, 28 Jun 2021 09:16:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1624896980; cv=none;
        d=google.com; s=arc-20160816;
        b=FQ+CFLGEbdY7BGXzRJ07dwjhhFQXhrzYUFqcBlwu8EeGy9eiFh9FUat7vFcKRcB/65
         wEBwePFFC3e0fqvmCQKUigONfVbs5dx+XjkQ/D9no5GJxho1RnsZ82uPzlgEdlFoiivc
         xf/5/FUvxx67GNEIrhb19LOgoFjkkBLG/QZO5HN+NNYtP5pE7aIQOlMuRRJ0jw6Uo8OG
         5EqpDmv7wjjF94rzbOSb7L0bnTJupbRpI355bTjjO4Mrmct5FUbeofRwasnGj/rcdrGA
         xJpJzKo2RivWTsbHdtt8ptKg5p6LzJ0u3rQSkdNUGgZnT3x8QhG/5KvvDbLdRnyUUPXH
         UYdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=3MPWI09cDaXVTeiQJMgfQS8bGelaaSuy44zASltbRb4=;
        b=Un3YmOKgMwHyZEiVEL2BD3FYU4RIDtp85AWYXHinsWIE+36mwyjVXK7Z0Hj4e/iFe7
         rNr6D+pnIm3aiYe9QHan8PVZNaB4JjoVuqfsJbV7UICLUDMCvFVDkpF2Z4HW5EHNf6oX
         ukDJvuwnl57OrDru43CBqTSuPvei4j3we6hJMiGWnNKVf2Xml1DIDdPTMJ6jwr9C6NwK
         jhfoCJh6NQuSHYc4JNarj+iN3LX2l26n99rYvh3oHUS0MQ0Jfzll73jA/wdbUg9DZnxn
         zfKvaSjPuArgT5PdGUjxeDSBDmk1no7ZdCJz/QWMKac9GCA2/X7G9M1LQRRqG8rywFeo
         2u4A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=rkwRM0fS;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id yh17si14117977ejb.336.2021.06.28.09.15.55;
        Mon, 28 Jun 2021 09:16:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=rkwRM0fS;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232853AbhF1QQZ (ORCPT <rfc822;mafatlaija@gmail.com> + 99 others);
        Mon, 28 Jun 2021 12:16:25 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59408 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231472AbhF1QQY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 28 Jun 2021 12:16:24 -0400
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BEE9C061574
        for <linux-kernel@vger.kernel.org>; Mon, 28 Jun 2021 09:13:58 -0700 (PDT)
Received: by mail-lf1-x12e.google.com with SMTP id a15so25724442lfr.6
        for <linux-kernel@vger.kernel.org>; Mon, 28 Jun 2021 09:13:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=3MPWI09cDaXVTeiQJMgfQS8bGelaaSuy44zASltbRb4=;
        b=rkwRM0fS1WoGWcWVRW/6QFSgqfdRye+O5sp8Bib33VhmnJhVInq+Kk+YrqtdQ2KUMN
         cVqqGtolTmVmpZ7v4hxWOv+/SoYMpEGgRVoFXJOqR/SAer2Z5CcWmFgmNxymbO0j8XG3
         gRz9U8eKvxyx6T2Ky8tF23fOM+LvGnxv+Nrk0omQbmgcF6emaCtFgAvm/i18QLdd3mKI
         SIJkCqMT7KQeMug823yLWgRWAdnyq33kWyWJKUWvbY4JQ2MfrJGJYhk9eCQ03Kn/qpCv
         EQnaLbeA0tBA1/GFwDNLsAj/SPrxMR/G70gyjwnLii+cOkiKy+qpWyISlT/L5mRSy9h2
         T/Og==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=3MPWI09cDaXVTeiQJMgfQS8bGelaaSuy44zASltbRb4=;
        b=kYInLzb656Y4544C7vdLDKqNqBPNvWVRTB1CCRQBL3jZznJuH4xYQZlI9HwuhJD9O9
         vgXO0mOwx49xsyYWSb2+UIMr+0zmbTsg2+XrZjhIfeT8dJ07oJWNTnvuNjKw0j5nyGfE
         pzQ6NFnwunalEh2TFE216+6KH35Ru7z9lcOSUsoUMIY32iBdqHOtkqe3uUVNdb0ZpLUx
         YGs1tHigSzw0SzKSPKR4XuzaeNuJk+MX1hk91q2tjFspaN0kmp5ZSpqcgjjVtFs/MrHf
         QsbFoWAni50W3HGXqFEVtVXkxBIxvf4snF/7448MUzT7L/vCye57J53U7mLjl5xRfABG
         fW/A==
X-Gm-Message-State: AOAM530Mn2b8TZ5UBhViGE9193W6XKvUuOVRWVSpD+8qPducmxiYmTqO
        xTQ78v5zs07iTcIVrvYoVlugO9RQNBRZHhA8IRXHyA==
X-Received: by 2002:a05:6512:210e:: with SMTP id q14mr18614285lfr.356.1624896835735;
 Mon, 28 Jun 2021 09:13:55 -0700 (PDT)
MIME-Version: 1.0
References: <20210414055217.543246-1-avagin@gmail.com> <20210414055217.543246-3-avagin@gmail.com>
In-Reply-To: <20210414055217.543246-3-avagin@gmail.com>
From:   Jann Horn <jannh@google.com>
Date:   Mon, 28 Jun 2021 18:13:29 +0200
Message-ID: <CAG48ez3UrzPE8rkucTgCu8ggcTEjx_h3Gj2FES1qM-uv2KD8bQ@mail.gmail.com>
Subject: Re: [PATCH 2/4] arch/x86: implement the process_vm_exec syscall
To:     Andrei Vagin <avagin@gmail.com>
Cc:     linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
        linux-um@lists.infradead.org, criu@openvz.org, avagin@google.com,
        Andrew Morton <akpm@linux-foundation.org>,
        Andy Lutomirski <luto@kernel.org>,
        Anton Ivanov <anton.ivanov@cambridgegreys.com>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Dmitry Safonov <0x7f454c46@gmail.com>,
        Ingo Molnar <mingo@redhat.com>, Jeff Dike <jdike@addtoit.com>,
        Mike Rapoport <rppt@linux.ibm.com>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Richard Weinberger <richard@nod.at>,
        Thomas Gleixner <tglx@linutronix.de>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Apr 14, 2021 at 7:59 AM Andrei Vagin <avagin@gmail.com> wrote:
> This change introduces the new system call:
> process_vm_exec(pid_t pid, struct sigcontext *uctx, unsigned long flags,
>                 siginfo_t * uinfo, sigset_t *sigmask, size_t sizemask)
>
> process_vm_exec allows to execute the current process in an address
> space of another process.
[...]

I still think that this whole API is fundamentally the wrong approach
because it tries to shoehorn multiple usecases with different
requirements into a single API. But that aside:

> +static void swap_mm(struct mm_struct *prev_mm, struct mm_struct *target_mm)
> +{
> +       struct task_struct *tsk = current;
> +       struct mm_struct *active_mm;
> +
> +       task_lock(tsk);
> +       /* Hold off tlb flush IPIs while switching mm's */
> +       local_irq_disable();
> +
> +       sync_mm_rss(prev_mm);
> +
> +       vmacache_flush(tsk);
> +
> +       active_mm = tsk->active_mm;
> +       if (active_mm != target_mm) {
> +               mmgrab(target_mm);
> +               tsk->active_mm = target_mm;
> +       }
> +       tsk->mm = target_mm;

I'm pretty sure you're not currently allowed to overwrite the ->mm
pointer of a userspace thread. For example, zap_threads() assumes that
all threads running under a process have the same ->mm. (And if you're
fiddling with ->mm stuff, you should probably CC linux-mm@.)

As far as I understand, only kthreads are allowed to do this (as
implemented in kthread_use_mm()).

> +       switch_mm_irqs_off(active_mm, target_mm, tsk);
> +       local_irq_enable();
> +       task_unlock(tsk);
> +#ifdef finish_arch_post_lock_switch
> +       finish_arch_post_lock_switch();
> +#endif
> +
> +       if (active_mm != target_mm)
> +               mmdrop(active_mm);
> +}