Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp1187584rwb;
        Fri, 13 Jan 2023 09:00:04 -0800 (PST)
X-Google-Smtp-Source: AMrXdXsT3s65ezWYC5YD3giWk25N/+6thQdZzslJlZzaelN/xfPmm5tfOrehw1mQm05xEFerxhDV
X-Received: by 2002:a17:90a:ead2:b0:226:f8dc:b237 with SMTP id ev18-20020a17090aead200b00226f8dcb237mr22705030pjb.31.1673629203857;
        Fri, 13 Jan 2023 09:00:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673629203; cv=none;
        d=google.com; s=arc-20160816;
        b=zQdMyq5oVTq5DTT05qu9HR1mc0Xf6+U5OGB1fhb6vfiFo/QgHrg/eBhVqRCXPICkol
         NlxfEyP+PiYGkMa2shGHAUgg7K0ogZ1aCAcCJ7UKpA5TSXSOizgCL5bQa7RIFnkYTS49
         rE8Q8vkkMPgC1TP+ibHGxFbWK769BUSAc9WaAXvkBvarwEpGrxC0BnlOF5QwrepYNzde
         Rf8qtpyrLZ9C80vUhC1S7y7cpDMzr5+yqEsBJbW/uAWi2X8rglbsiZHHWdnEk2Ef25iA
         Vnq0WEjc1F2LLNleXewdaEglUK4LivTLevWbvrKWvXjRiWm7LEfMg+yXTNRxmbMAqGJP
         8RZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent:message-id:in-reply-to
         :date:references:subject:cc:to:from:dkim-signature;
        bh=OaB1tuR7bl+tjb/8nrjisj8jrifsB6lEaiL62y6xQOE=;
        b=amIlU4IxaQhMmktG0wM+Fb/M4Kr0fFFGm40QX3zPemQR5hmSngF0W4p7OFUuDM2o93
         VGsbrgTw6Mxl2091VbKRcN62+a/j07WzTSgqTctNeurkQtCW8WyhCO9UcKPFNiaTYYrU
         Blx54iZ95W4BngkJLSi4sYlAmVKIkYNoDdP2pJFSz7xdFQGkkZS7dcRHZN/1VcZEqxvm
         uf5gdc2ma1stvr12Nm3Niaz3e6gjO0kxDqIgcLjD5lmd0a+3XfxFWUVldNYRofmADjUC
         8qy/36nhYypPJusUVyNOFZWd8KiZSvwVdSiP5TIwKKMsWBCL1wwzWHY0wDG9p641W4IZ
         9DYw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dTlUFyAn;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id q23-20020a17090a2e1700b002265c110d9dsi18916857pjd.97.2023.01.13.08.59.57;
        Fri, 13 Jan 2023 09:00:03 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dTlUFyAn;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230363AbjAMQKz (ORCPT <rfc822;aadipersonal10@gmail.com>
        + 51 others); Fri, 13 Jan 2023 11:10:55 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56508 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230377AbjAMQKT (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 13 Jan 2023 11:10:19 -0500
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3858966990
        for <linux-kernel@vger.kernel.org>; Fri, 13 Jan 2023 08:02:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1673625761;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=OaB1tuR7bl+tjb/8nrjisj8jrifsB6lEaiL62y6xQOE=;
        b=dTlUFyAnSp2CYIYALrQullI/8q1/YxgAKNoygR9rgnDZ1aID6PUXYXwSAkZhu6VtX0lyQr
        wWAgJdri45BAWxLIdrLJVo/vy/Yj7NWWmDHaEeXE8BYR63T+nuXY0BDIIT5oAqYgRC3Ijt
        qDC8u074pa/ke90obv3tEC0tmB5Br7Q=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-178-eMkQ1jAROdmWllm4vK-TgA-1; Fri, 13 Jan 2023 11:02:35 -0500
X-MC-Unique: eMkQ1jAROdmWllm4vK-TgA-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E28D01C29D51;
        Fri, 13 Jan 2023 16:02:34 +0000 (UTC)
Received: from segfault.boston.devel.redhat.com (segfault.boston.devel.redhat.com [10.19.60.26])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 9E0442026D76;
        Fri, 13 Jan 2023 16:02:34 +0000 (UTC)
From:   Jeff Moyer <jmoyer@redhat.com>
To:     Benjamin LaHaise <bcrl@kvack.org>
Cc:     Seth Jenkins <sethjenkins@google.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        linux-fsdevel@vger.kernel.org, linux-aio@kvack.org,
        linux-kernel@vger.kernel.org, Jann Horn <jannh@google.com>,
        Pavel Emelyanov <xemul@parallels.com>, stable@vger.kernel.org,
        Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] aio: fix mremap after fork null-deref
References: <20221104212519.538108-1-sethjenkins@google.com>
        <x49tu0wlv0c.fsf@segfault.boston.devel.redhat.com>
        <CALxfFW5d05H-nFuDdUDS4xVDKMgkV1vvEBAmw10h3-jMVb-PZw@mail.gmail.com>
        <x49ilhbl9qd.fsf@segfault.boston.devel.redhat.com>
        <20230112220939.GO19133@kvack.org>
X-PGP-KeyID: 1F78E1B4
X-PGP-CertKey: F6FE 280D 8293 F72C 65FD  5A58 1FF8 A7CA 1F78 E1B4
Date:   Fri, 13 Jan 2023 11:06:31 -0500
In-Reply-To: <20230112220939.GO19133@kvack.org> (Benjamin LaHaise's message of
        "Thu, 12 Jan 2023 17:09:39 -0500")
Message-ID: <x49edryl8qg.fsf@segfault.boston.devel.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi, Ben,

Thanks for taking the time to chime in.

Benjamin LaHaise <bcrl@kvack.org> writes:

> On Thu, Jan 12, 2023 at 04:32:42PM -0500, Jeff Moyer wrote:
>> With the patch I proposed (flagging the ring buffer with VM_DONTCOPY),
>> the child process would still be unable to submit and reap I/Os via the
>> aio system calls.  What changes is that the child process would now be
>> unable to reap completions via the shared ring buffer.  In fact, because
>> the ring is no longer mapped in the child process, any attempt to access
>> that memory would result in a segmentation fault.  However, I would be
>> very surprised if the interface was being used in this way.
>> 
>> > If we're okay with this change though, I think it makes sense.
>> 
>> My preference is to make the interface consistent.  I think setting
>> VM_DONTCOPY on the mapping is the right way forward.  I'd welcome other
>> opinions on whether the potential risk is worth it.
>
> VM_DONTCOPY makes sense, but a SEGV is a pretty bad failure mode.  Any
> process reaping events in the child after fork() isn't going to be
> consistent in behaviour, and is able to see partial completion of an I/O
> and other inconsistencies, so they're going to be subtly broken at best.
>
> Unfortunately, we have no way of knowing if this behaviour is exercised
> anywhere without changing it and waiting for someone to holler.

OK, so it sounds like you would rather err on the side of caution.
That's fine with me.

Seth, I'll go back and review your patch.

Thanks!
Jeff