From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0C6CC6FD18 for ; Wed, 19 Apr 2023 16:00:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3688F900002; Wed, 19 Apr 2023 12:00:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 33F306B0072; Wed, 19 Apr 2023 12:00:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 22F49900002; Wed, 19 Apr 2023 12:00:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 12AB26B0071 for ; Wed, 19 Apr 2023 12:00:38 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id A1BA9160348 for ; Wed, 19 Apr 2023 16:00:37 +0000 (UTC) X-FDA: 80698603314.28.6CC7004 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf04.hostedemail.com (Postfix) with ESMTP id 4BD3F4004B for ; Wed, 19 Apr 2023 16:00:32 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Py8piR7i; spf=pass (imf04.hostedemail.com: domain of jmario@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=jmario@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681920032; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+sZluiJicHRPmewxL0TuLmGz2UnSlgfjskB8rwD+xpo=; b=OjFOEKuoqg/7sVrD2oVKrpo3R6Z9w5JHGjPNB5dHIca/y0U1F0AlwnwsNO4HS9M8lBh90d SqWrI7wveHM+hW5YDbVCp4bcEHdba3pKSJlYYCVame6SWvSjMFCv6xRZgntKY9tta9EXYp rXlr1PJl0p0l0EUL5XcML4iVikHHfCM= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Py8piR7i; spf=pass (imf04.hostedemail.com: domain of jmario@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=jmario@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681920032; a=rsa-sha256; cv=none; b=byCqXwByrAYXuPvYM3n+LTsUW+1p7zPuFbqLWzM9kpyeHTje1xMSbnKixBxzYhUudpyNUy I9ucaJVcg6w6pBKtYgZpd7JO1noe+gUsJbbe2S1lPgaik+8HG89qux7SO1u4ig3UXKGRd+ nvc8pOl5RJ2BXSB8Ie5UcYmsdOEUh/E= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1681920031; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+sZluiJicHRPmewxL0TuLmGz2UnSlgfjskB8rwD+xpo=; b=Py8piR7ikcFXgUmxz8GNLXEMGMMPJmvWFWkdrp+NuXH0771ODYNvmB85PgZ8I0vo0ALM/G d1ao4h8vbkmoZMj4EqIgOrhYKzjMtQOUJgLf0WFS9d8bEc/6/ZqSsNynI90Qn9FkOmPxE7 p2Iwzi8pHax5ne2RLJiknWDnGbYH0d8= Received: from mail-qt1-f197.google.com (mail-qt1-f197.google.com [209.85.160.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-550-IspSUgdVOn-gybaXeDZv5A-1; Wed, 19 Apr 2023 12:00:30 -0400 X-MC-Unique: IspSUgdVOn-gybaXeDZv5A-1 Received: by mail-qt1-f197.google.com with SMTP id v24-20020a05622a189800b003e0e27bbc2eso22849476qtc.8 for ; Wed, 19 Apr 2023 09:00:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681920029; x=1684512029; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+sZluiJicHRPmewxL0TuLmGz2UnSlgfjskB8rwD+xpo=; b=CjdtpVG3TMLCqArpjWLNZh0M3fvxVMGTkFOri/pGgbye6mUdu7eMZeGAEj6vR4OWg/ 176+nWbP8hsZmOXy1hKHVIhS1CxM3B3dGZ4XaHYVBnnXPOzgQMTEPUk4KE2+mogxFtU+ SCeJmeeUWrxhhDTW8ZSg4is+Djc7e51KjJhmqskAnTRKrNRtNpVPJa4trV5MhEOAhVUk NcDOLactXsHFuIhPAal34h1gcrUGzOsxbcc6a1M2t6orE5XCzPa548q9cdVnTjjVbERj zoQwBwxjp1vy7hsZbo8LqorxQVsDYbZsjFP8oJue7JqmXOhEy9RDoz9+RJIdV7WYvsHQ QwdQ== X-Gm-Message-State: AAQBX9emHAh//xBpM0ilIpvcQQy0ojBHPVUGrltx5/iyp8AE+rZHiTyy E7nGiQVXpViLuJwHyQQNPG7jN4l9C5bFhDcZtZfWRmFFu1decj7S+DzIL1MKU0sN9rLOaHv7UpL aHbNfKXkvuO0xhktfexw= X-Received: by 2002:a05:622a:1787:b0:3ef:3b04:b8d8 with SMTP id s7-20020a05622a178700b003ef3b04b8d8mr6864772qtk.0.1681920029410; Wed, 19 Apr 2023 09:00:29 -0700 (PDT) X-Google-Smtp-Source: AKy350ZYUF3kcHxcm6ckUgKE4jJPmLKrZgKfEBTezTAcSg78TFUYNH1zoGoLr0UVt3eFwnqd/vm0zw== X-Received: by 2002:a05:622a:1787:b0:3ef:3b04:b8d8 with SMTP id s7-20020a05622a178700b003ef3b04b8d8mr6864705qtk.0.1681920028817; Wed, 19 Apr 2023 09:00:28 -0700 (PDT) Received: from [192.168.1.86] (pool-173-76-171-62.bstnma.fios.verizon.net. [173.76.171.62]) by smtp.gmail.com with ESMTPSA id d9-20020ac81189000000b003eb136bec50sm4108983qtj.66.2023.04.19.09.00.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 19 Apr 2023 09:00:27 -0700 (PDT) Message-ID: <10e453df-6911-e40d-8758-66caf9c59dbe@redhat.com> Date: Wed, 19 Apr 2023 12:00:26 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1 Subject: Re: [PATCH] mm/mmap: Map MAP_STACK to VM_STACK To: Matthew Wilcox , Waiman Long Cc: Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Barry Marson , Rafael Aquini References: <20230418210230.3495922-1-longman@redhat.com> <20230418141852.75e551e57e97f4b522957c5c@linux-foundation.org> <6c3c68b1-c4d4-dd82-58e8-f7013fb6c8e5@redhat.com> <9f92d530-1cfc-6e50-a717-321ac64ed1c2@redhat.com> From: Joe Mario In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 4BD3F4004B X-Stat-Signature: y6fyko63tcgzuuoaqam1zq9ccojh7rq6 X-Rspam-User: X-HE-Tag: 1681920032-216479 X-HE-Meta: U2FsdGVkX1+kfsJHqMk96p3uRCJBoq6vr6Ie8zwrAsgvH8kTMqbjBzLJ/66W4SrKyGf0k/gI/7ngaggXFO3LCpsTPEd+E9PueQji4TAAmVUb9yAstcY14qRsrO7suuMWlAkfMDZ5ZSZgxx5rYPko6V1/VSK4/9R958kJj4SUhDXIw36oe5SrPyxdFrleJxtx2znAclxAcR4DkOTbSFBqgd8b7m5q1ZvnOBVR3C8eJXVRX1+hHOhngrLBapt/qbNzGJPMJVxXAA5iJfcV+Q6UHPcwXA+fu4pj3Y0FFuBtg4SFmgEruILyyY/DwyQrse5cuhim451dUJPc/lEASmSnvIQjPXvatpKGS8uLO4RiELLDqpzGVrf+8mYNd18jOqQ2qwDIAj9tPRGSQWXYIiZ+nYVKlUTCoyt6GweNifsb5YZEdOWO6F3YkS3wuK794/Fi3FTrr2g1jh4yAo6PpP11RBQ/NyVFSCvUpZWcWi1z2ZNT2oQWAjSIGbpIrp5wBOPtgOxqfDp+Jc11KcstPRwFvG0JYlHfSQj5U5ZiiG13xpX7XiaM+pYE5juptz/wgNFAvV40vNZ/2ZTQtF7WfAAJQCVs/yJsi7/6g7IKvudFWTjUC0BLBjOO68M55zPfQQNq1sI2Wh7QoqsiJmuIOMS3AeOcfcD2YX7MlPO0Bbjn5lESa9YqudLKxceOGogLblg975+bgAx9UtVsx4obeeGhCVcm1J2W7RlpA6yo84OGINw0gLKk1FZb7guScBlLv+KKDPIgxwSSNxJpCByOodx1yWzwddYb9f4b44XanjPzf9DMkT6fniu3JWLb34pMTCYJYHuKC8qY+oiLvH1nSAqz2jHhPo2K4NnMhusjjsNZQPMHVmTLtpYEG7yt1rdLeCXc+abc7r13xsI/a3+6wniXOwtoog8kIfvP3xSB8IDFf2GPJEexjrFhNh9kVEdR1QiBekLW1XJswsd8HF8Sg0H L13ZTRMp UAEvkFlYSrtHkOF0WjKvzT8ywg70w9MXwrtWEHmcajJoioiBSNTQetUv2nYn6zXyzasiibd0IEQs7j2oAUr9SczvXat6S2BLCUZJrh8BMO2EylbpzXHBg5iuYApsRP3Fc2uNQz2UxgnNbcEfSFpOeB/XTD+/H/t1wQTTYx4lIUOeyRJDI43X97iQgzP40RtlUuoN2IHvzgdRl+1Y0hWUf4TVlCS4jI22IPM59YctLjEm2m3A1XkXL/j1QRxQJwOjgPtNj3c3ZOqNTsYWKyv3BPbzN6X+S7lCwW0bOTfmqPKy/atl5UYU4LqN3sgJAbO9aTfSyFLzH6O6jUOGEp+NdMdnLwlzACcz3YebMXBpasgWxyi81rxFCcby8zGMQgubnUetCiUTurevv+moROyT22b6rUxUwep3Bca2X3UhcZNkXzEWOqCnzRtmTkA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 4/19/23 11:09 AM, Matthew Wilcox wrote: > On Wed, Apr 19, 2023 at 11:07:04AM -0400, Waiman Long wrote: >> On 4/18/23 23:46, Matthew Wilcox wrote: >>> On Tue, Apr 18, 2023 at 09:16:37PM -0400, Waiman Long wrote: >>>>  1) App runs creating lots of threads. >>>>  2) It mmap's 256K pages of anonymous memory. >>>>  3) It writes executable code to that memory. >>>>  4) It calls mprotect() with PROT_EXEC on that memory so >>>>     it can subsequently execute the code. >>>> >>>> The above mprotect() will fail if the mmap'd region's VMA gets merged with >>>> the VMA for one of the thread stacks.  That's because the default RHEL >>>> SELinux policy is to not allow executable stacks. >>> By the way, this is a daft policy. The policy you really want is >>> EXEC|WRITE is not allowed. A non-writable stack is useless, so it's >>> actually a superset of your current policy. Forbidding _simultaneous_ >>> write and executable is just good programming. This way, you don't need >>> to care about the underlying VMA's current permissions, you just need >>> to do: >>> >>> if ((prot & (PROT_EXEC|PROT_WRITE)) == (PROT_EXEC|PROT_WRITE)) >>> return -EACCESS; >> >> I am not totally sure if the application changes the VMA to read-only first. >> Even if it does that, it highlights another possible issue when an anonymous >> VMA is merged with a stack VMA. Either the mprotect() to write-protect the >> VMA will fail or the application will segfault if it writes stuff to the >> stack. This particular issue is not related to SELinux. It provides another >> good idea why we should avoid merging stack VMA to anonymous VMA. > > mprotect will split the VMA into two VMAs, one that is > PROT_READ|PROT_WRITE and one the is PROT_READ|PROT_EXEC. > But in this case, the latter still has PROT_WRITE. This was reported by a large data analytics customer. They started getting infrequent random crashes in code they haven't touched in 10 years. One of the threads in their program mmaps a large region using PROT_READ|PROT_WRITE, and that region just happens to be merged with the thread's stack. Then they copy a small snipit of code to a location somewhere within that mapped region. For the one page that contains that code, they mprotect it to PROT_READ|PROT_WRITE|PROT_EXEC. I recall they're still reading and writing data elsewhere on that page. Joe