Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp10684530rwl;
        Mon, 2 Jan 2023 06:39:27 -0800 (PST)
X-Google-Smtp-Source: AMrXdXvgG0i5LRGSusYSyfRAbDhI0xK4CnuVjkqWRZaJvPhcgkf5bSIPFoYgtkSmYlGw7bCB/Baq
X-Received: by 2002:a17:906:6b8c:b0:841:df6e:a32e with SMTP id l12-20020a1709066b8c00b00841df6ea32emr45914983ejr.25.1672670366982;
        Mon, 02 Jan 2023 06:39:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672670366; cv=none;
        d=google.com; s=arc-20160816;
        b=ti9tPLmIvZ6oohb6s8SanX1F0FXbO2uwgjMz1N43IE9zfKDFbrrN2mmCFgoR2gQbQv
         sxXPX1QdZKUvui0MAco+EvbaSXErYRzEQcoXPUWZt46gcQigmsWPUOIdjJ15/ffHzYNa
         ScP/N6MVFw/sBh1k0dm8uCltE79PWIPoEWfZrUjEA0eau5+slsCuAeMe58V8dlcHCJw0
         tiEbHaxX20CJ0tVnVuQDd8F412kC+aNo7dvHsVtbp+dpEQl4Ve2PFGg96fDFF4DABV46
         +zCZ3Cn89a8KmL5JoAQXu6jIlzvx3HMahKYH+scZNNNx4qGCegylYZ+RoQI+DCxN7YRZ
         tnaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=EAFH1bkxulCJplaM4lVdTR5QaYOVifDwenlAFQy7El4=;
        b=r/JTj7+asNydZ2hiWj/yw5QLC4cM8io/pTbCLRwUE1SsbcPsF/Bu0dQ73e4tP4Xxjr
         tSRnCJ2RicdOtj+d0fMV1CCnWih6hJWOGJdS/HDMtCyzeWsAQBUWI5hzLv0k55XfQUQp
         w3+mLn+sn0NUchPTaciFGz0Ts1dPx+JpmRUyHcGBRLWUIYpLQ/D8ulelDGXBnFNi5P7/
         hPiwXcb3vuFEwBKtOcuRzs15J3K6+LLoR+hePLefbXxGoVcWTY22zszc0X9yKnnA4e88
         lDMogQzQGFi9MLwez657l92KwaIUlcLLZp3P1OX2ckHvmVeP+aNBk50HTv44Bsa0CeTz
         U29w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@alien8.de header.s=dkim header.b=EgdTbZG6;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id u4-20020aa7d884000000b00473204b6c93si24059155edq.372.2023.01.02.06.39.12;
        Mon, 02 Jan 2023 06:39:26 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@alien8.de header.s=dkim header.b=EgdTbZG6;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236121AbjABOFQ (ORCPT <rfc822;aaronngray.lists@gmail.com>
        + 62 others); Mon, 2 Jan 2023 09:05:16 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53002 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236117AbjABOFN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 2 Jan 2023 09:05:13 -0500
Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D862765D5
        for <linux-kernel@vger.kernel.org>; Mon,  2 Jan 2023 06:05:03 -0800 (PST)
Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 290CE1EC02FE;
        Mon,  2 Jan 2023 15:05:02 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim;
        t=1672668302;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:in-reply-to:in-reply-to:  references:references;
        bh=EAFH1bkxulCJplaM4lVdTR5QaYOVifDwenlAFQy7El4=;
        b=EgdTbZG6VEgIbwT47wZr/wnscIpGOUmgWVoJO259FO0v2P2c0xYUIlZHwQv+lU/Qm8UYcp
        G0DCiRRb8zs8ILD68ZogWrtC6K8Zemfy3djf3r7ErTSG6LS4WYpF7RAWqNZ0EDjbJUIhrS
        Pc0el0v617zfRzdPDZdIZFB1UKDAhdc=
Date:   Mon, 2 Jan 2023 15:04:58 +0100
From:   Borislav Petkov <bp@alien8.de>
To:     Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc:     kernel test robot <yujie.liu@intel.com>,
        Peter Zijlstra <peterz@infradead.org>, oe-lkp@lists.linux.dev,
        lkp@intel.com, linux-kernel@vger.kernel.org, x86@kernel.org,
        linux-mm@kvack.org
Subject: Re: [tip:sched/core] [sched] af7f588d8f:
 WARNING:at_kernel/sched/core.c:#sched_mm_cid_after_execve
Message-ID: <Y7Lkis8vjfUgYcQL@zn.tnic>
References: <202212301353.5c959d72-yujie.liu@intel.com>
 <fb7343a9-dc48-52f6-e899-d0283046a011@efficios.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <fb7343a9-dc48-52f6-e899-d0283046a011@efficios.com>
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Dec 30, 2022 at 08:46:25AM -0500, Mathieu Desnoyers wrote:
> void sched_mm_cid_after_execve(struct task_struct *t)
> {
>         struct mm_struct *mm = t->mm;
>         unsigned long flags;
> 
>         WARN_ON_ONCE((t->flags & PF_KTHREAD) || !t->mm);

Yeah, it is that check and it reproduces here trivially in my guest so much so
so that I can't even boot current tip/master in it due to the constant flood
from it.

Also, there's a null ptr deref there:

[    1.694051] Initialise system trusted keyrings
[    1.694915] ------------[ cut here ]------------
[    1.695689] BUG: kernel NULL pointer dereference, address: 000000000000005c
[    1.695714] #PF: supervisor write access in kernel mode
[    1.695721] #PF: error_code(0x0002) - not-present page
[    1.695728] PGD 0 P4D 0 
[    1.695739] Oops: 0002 [#1] PREEMPT SMP
[    1.695747] CPU: 0 PID: 126 Comm: kworker/u32:1 Not tainted 6.2.0-rc2+ #2
[    1.695754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[    1.695760] RIP: 0010:_raw_spin_lock+0x17/0x30
[    1.702127] WARNING: CPU: 13 PID: 115 at kernel/sched/core.c:11346 sched_mm_cid_after_execve+0xd5/0xf0
[    1.699309] Code: 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 65 ff 05 c8 ea 64 7e 31 c0 ba 01 00 00 00 <f0> 0f b1 17 75 05 c3 cc cc cc cc 89 c6 e9 97 00 00 00 0f 1f 80 00
[    1.702857] Modules linked in:
[    1.699309] RSP: 0018:ffffc900004afe78 EFLAGS: 00010046
[    1.703670] 
[    1.699309] 
[    1.704665] CPU: 13 PID: 115 Comm: kworker/u32:0 Not tainted 6.2.0-rc2+ #2
[    1.699309] RAX: 0000000000000000 RBX: ffff88800d323d00 RCX: 0000000000000000
[    1.699309] RDX: 0000000000000001 RSI: ffff88800d323d00 RDI: 000000000000005c
[    1.699309] RBP: 000000000000005c R08: 0000000000000064 R09: ffffc900004afb30
[    1.699309] R10: 0000000000000000 R11: fffffffffffffffe R12: 0000000000000246
[    1.699309] R13: 0000000000000000 R14: 00000000fffffffe R15: ffff88800d323d00
[    1.699309] FS:  0000000000000000(0000) GS:ffff88807da00000(0000) knlGS:0000000000000000
[    1.699309] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.699309] CR2: 000000000000005c CR3: 000000000220a000 CR4: 00000000003506f0
[    1.699309] Call Trace:
[    1.699309]  <TASK>
[    1.699309]  sched_mm_cid_after_execve+0x52/0xf0
[    1.706650] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[    1.699309]  bprm_execve+0x323/0x600
[    1.707390] RIP: 0010:sched_mm_cid_after_execve+0xd5/0xf0
[    1.699309]  kernel_execve+0x15f/0x1c0
[    1.707967] Code: 00 00 74 04 f0 80 0b 02 48 8b 1c 24 48 8b 6c 24 08 4c 8b 64 24 10 4c 8b 6c 24 18 4c 8b 74 24 20 48 83 c4 28 c3 cc cc cc cc 90 <0f> 0b 90 e9 65 ff ff ff 41 be ff ff ff ff eb 9d 66 66 2e 0f 1f 84
[    1.699309]  call_usermodehelper_exec_async+0xd1/0x190
[    1.708882] RSP: 0018:ffffc90000457e80 EFLAGS: 00010246
[    1.699309]  ? __pfx_call_usermodehelper_exec_async+0x10/0x10
[    1.709839] 
[    1.699309]  ret_from_fork+0x2c/0x50
[    1.710739] RAX: fffffffffffffffe RBX: ffff88800cad8f40 RCX: 0000000000000000
[    1.699309]  </TASK>
[    1.714247] RDX: ffffc90000457dc8 RSI: ffff88800cad8f40 RDI: ffff88800cad8f40
[    1.699309] Modules linked in:
[    1.715270] RBP: ffff88800dd35400 R08: 0000000000000064 R09: ffffc90000457b30
[    1.699309] CR2: 000000000000005c
[    1.699309] ---[ end trace 0000000000000000 ]---

... flood of the above...

> is too strict. AFAIU the usermodehelper thread is a kernel thread, which
> happens to have a non-NULL mm after execve. We want to allow usermodehelper
> threads to use rseq, so I think the appropriate approach here would be to
> just warn if !t->mm:
> 
>         WARN_ON_ONCE(!t->mm);

You need at least this to avoid the null ptr deref too:

diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 048ec2417990..5c920c94a6b2 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -11340,10 +11340,13 @@ void sched_mm_cid_before_execve(struct task_struct *t)
 
 void sched_mm_cid_after_execve(struct task_struct *t)
 {
-	struct mm_struct *mm = t->mm;
+	struct mm_struct *mm;
 	unsigned long flags;
 
-	WARN_ON_ONCE((t->flags & PF_KTHREAD) || !t->mm);
+	if (WARN_ON_ONCE(!t->mm))
+		return;
+
+	mm = t->mm;
 
 	local_irq_save(flags);
 	t->mm_cid = mm_cid_get(mm);
---

which gives the below.

I'm not sure though how the rules are about those kworker threads and them
having a ->mm...

[    1.734104] ------------[ cut here ]------------
[    1.734144] Initialise system trusted keyrings
[    1.734553] WARNING: CPU: 9 PID: 109 at kernel/sched/core.c:11346 sched_mm_cid_after_execve+0xcb/0xe0
[    1.752756] workingset: timestamp_bits=61 max_order=19 bucket_order=0
[    1.754187] Modules linked in:
[    1.768160] 9p: Installing v9fs 9p2000 file system support
[    1.768640] 
[    1.768876] Key type asymmetric registered
[    1.769048] CPU: 9 PID: 109 Comm: kworker/u32:1 Not tainted 6.2.0-rc2+ #9
[    1.769207] Asymmetric key parser 'x509' registered
[    1.769397] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[    1.769651] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 249)
[    1.769833] RIP: 0010:sched_mm_cid_after_execve+0xcb/0xe0
[    1.770162] io scheduler mq-deadline registered
[    1.770462] Code: 00 00 74 04 f0 80 0b 02 48 8b 1c 24 48 8b 6c 24 08 4c 8b 64 24 10 4c 8b 6c 24 18 4c 8b 74 24 20 48 83 c4 28 c3 cc cc cc cc 90 <0f> 0b 90 eb d9 41 be ff ff ff ff eb a0 0f 1f 84 00 00 00 00 00 90
[    1.810713] RSP: 0018:ffffc90000427e80 EFLAGS: 00010246
[    1.823527] RAX: fffffffffffffffe RBX: ffff88800cb88000 RCX: 0000000000000000
[    1.824425] RDX: ffffc90000427dc8 RSI: ffff88800cb88000 RDI: ffff88800cb88000
[    1.825266] acpiphp_ibm: ibm_acpiphp_init: acpi_walk_namespace failed
[    1.825564] RBP: ffff88800d2d8200 R08: 0000000000000064 R09: ffffc90000427b30
[    1.825914] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[    1.826068] R10: 0000000000000000 R11: fffffffffffffffe R12: fffffffffffffffe
[    1.839784] ACPI: button: Power Button [PWRF]
[    1.840327] R13: 0000000000000000 R14: 00000000fffffffe R15: ffff88800cb88000
[    1.855532] FS:  0000000000000000(0000) GS:ffff88807dc40000(0000) knlGS:0000000000000000
[    1.856681] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.857403] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000003506e0
[    1.858264] Call Trace:
[    1.858643]  <TASK>
[    1.871528]  bprm_execve+0x323/0x600
[    1.872027]  kernel_execve+0x15f/0x1c0
[    1.872505]  call_usermodehelper_exec_async+0xd1/0x190
[    1.873120]  ? __pfx_call_usermodehelper_exec_async+0x10/0x10
[    1.873800]  ret_from_fork+0x2c/0x50
[    1.874259]  </TASK>
[    1.874582] ---[ end trace 0000000000000000 ]---



-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette