Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp54521pxt; Wed, 4 Aug 2021 15:36:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzBZxWvMZFwJzE/1MC3Fm+S/bkl94IGVcSoK8DjVDSCB7nMIEMQN6Jvyo9YHg9dMJ/F2lvh X-Received: by 2002:a50:9ae3:: with SMTP id p90mr2395954edb.154.1628116563269; Wed, 04 Aug 2021 15:36:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628116563; cv=none; d=google.com; s=arc-20160816; b=UPw7O60oorjMQ7YsvMdUmGMcz1yuhbMWXL2G0oKICCXcgaB417YiRZZigIqwpkApRl VaDYEQ7yLf7EXbNOIxuQ6JZVMj2fha5ah844XGwB7Dycc4QGsWNdihJjQvKyqUbK0JC8 pYa8WtnQ9svneyponfSf3mX4wY2+LbYBuEfRqENQfjP4UJRzBO7ccqw8mhC0enMeq9oR BtAIGA4JyJEbv9Azhig5mv92Ji3fPb3ieGkXlRxRLX0/21cK4cklpgpvaPVNi4bnDwrW eoiAMspMdgXoU1hugaaAub1uoUjeDym0DgvGyxI1Jh4ZR4UR9M7aZOe3J9rtQoHBIpoX AMyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=UJEIF1MBhfOV8x4z5f0qO8eGLWYyB7UB8BJTiU6/7O8=; b=FTlBnKWJpFmBR1/zAMi66/jzpDbvNY7pJoIQEjA2an1w2PTdZBtJyYLWQBRJmvFNGd 3pg//olih8Lll/Us7ksZDxUL2zgJFA9w6xWVJKr4RbsmnigjRIJsrThj1j9dDENg1cPT KWtD4dd1y3H8mQtJZkNQ2OmYal0QS5mhvXK2rYZazvvdES+qgYkNuuKl2X9+45uqwKc4 AZCwMSfJ4IUcSf/wJYnttCZjgpppYMWWpbfJ7BhDgii6InmdeDB3fEG5BVqBKjJm8JCz D9225ZLWDQaqG8YPUCKKxFayw/DrVLq2HMLCWRTYfQTcMjVSa0w+z6VTzM5GfVK7ASQT w4wg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="Q2ftN7/c"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hq14si3983126ejc.450.2021.08.04.15.35.39; Wed, 04 Aug 2021 15:36:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="Q2ftN7/c"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230468AbhHDVWn (ORCPT + 99 others); Wed, 4 Aug 2021 17:22:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230344AbhHDVWm (ORCPT ); Wed, 4 Aug 2021 17:22:42 -0400 Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6D26C0613D5 for ; Wed, 4 Aug 2021 14:22:29 -0700 (PDT) Received: by mail-lf1-x132.google.com with SMTP id n17so4139055lft.13 for ; Wed, 04 Aug 2021 14:22:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UJEIF1MBhfOV8x4z5f0qO8eGLWYyB7UB8BJTiU6/7O8=; b=Q2ftN7/c7umZq4SmFVMuZAx+rzkbimz0K+YLyZ2KSXIJIziAIdaJ1KaBVnmQ8yvqOV 5AenidY5GXZnjRTV0HTOrGg2f1kpY0+DQKSxHE/DUDWfWjyN4nQTqvWmBPfjg8JC7sB1 vh9PgKg1OAZxkr+gDgTtrHsxZQ8LH4aqtOPlCeSu/WOhOFetxTeqt52R8m7WeiDqM+w2 RoSDZZyMgl2KMFT+Sa74k5ou4I8gl4yURTdk7D6kriityAGqpizx6nch2QntcLoA6f7p 6d7xGQfm2nj12pxanrd0E59+xaOt6xQpIH7RydBRcAANUsWeaIxHCzXsTkM61EsSY9Bd K7Sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UJEIF1MBhfOV8x4z5f0qO8eGLWYyB7UB8BJTiU6/7O8=; b=TpDuvXfbpbNMhHRrvyQBWoFS0tVRWnJ5lIXE6YLuZoKr/p/gSLG0RDOEVpYeSbx5NB b8vKznidv8Nz50CcICkI/lLOFjAXVArJSEvYWSY6HwSHTIoYWoABGt0uX22wDA+/YIum Ab+lgOZ6U7MIcElFFnNFcePPiAOkRtPLWZmvuFEF5EGiSPmehaGG+mjamIG29jvg2GUb ZrVmj6zYiMD5jNsRXnlMQwPreBqg0UgNZx8Rw1KQ5Et15qwoCv5zuJOwtfKGhCegoPAG w46kYhbTtMYwRiPdYB4yFy9kgsizGgHnExIFx1OzGaMia5DrvesZv8kQVihzZh7DnLYI bdlg== X-Gm-Message-State: AOAM533ato+K7J9fvAqAQFZMTShnkzfbn98rjip4JtO0H/qMdvjCK5G4 0/g249trQWQfaWBi0VjlTiEiegsinp+tdEWSCn34Jg== X-Received: by 2002:a05:6512:3f16:: with SMTP id y22mr853067lfa.356.1628112147822; Wed, 04 Aug 2021 14:22:27 -0700 (PDT) MIME-Version: 1.0 References: <20210731175341.3458608-1-lrizzo@google.com> <20210803160803.GG543798@ziepe.ca> <20210803230725.ao3i2emejyyor36n@revolver> <20210804152148.GI543798@ziepe.ca> In-Reply-To: <20210804152148.GI543798@ziepe.ca> From: Jann Horn Date: Wed, 4 Aug 2021 23:22:01 +0200 Message-ID: Subject: Re: [PATCH] Add mmap_assert_locked() annotations to find_vma*() To: Jason Gunthorpe Cc: Liam Howlett , Luigi Rizzo , linux-kernel , Andrew Morton , David Rientjes , "linux-mm@kvack.org" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 4, 2021 at 5:21 PM Jason Gunthorpe wrote: > On Wed, Aug 04, 2021 at 04:42:23PM +0200, Jann Horn wrote: > > Since I haven't sent a new version of my old series for almost a year, > > I think it'd be fine to take Luigi's patch for now, and undo it at a > > later point when/if we want to actually use proper locking here > > because we're worried about concurrent access to the MM. > > IIRC one of the major points of that work was not "proper locking" but > to have enough locking to be complatible with lockdep so we could add > assertions like in get_user_pages and find_vma. That's part of it; but it's also for making the code more clearly correct and future-proofing it. Looking at it now, I think process_madvise() might actually already be able to race with execve() to some degree; and if you made a change like this to the current kernel: diff --git a/mm/madvise.c b/mm/madvise.c index 6d3d348b17f4..3648c198673c 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -1043,12 +1043,14 @@ madvise_behavior_valid(int behavior) static bool process_madvise_behavior_valid(int behavior) { switch (behavior) { case MADV_COLD: case MADV_PAGEOUT: + case MADV_DOFORK: + case MADV_DONTFORK: return true; default: return false; } } it would probably introduce a memory corruption bug, because then someone might be able to destroy the stack VMA between setup_new_exec() and setup_arg_pages() by using process_madvise() to trigger VMA splitting/merging in the right pattern.