From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.4 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4A39C4320A for ; Wed, 4 Aug 2021 10:02:07 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 3564961004 for ; Wed, 4 Aug 2021 10:02:07 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 3564961004 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=i-love.sakura.ne.jp Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id AD2F68D0057; Wed, 4 Aug 2021 06:02:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A82548D002D; Wed, 4 Aug 2021 06:02:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9A0F48D0057; Wed, 4 Aug 2021 06:02:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0079.hostedemail.com [216.40.44.79]) by kanga.kvack.org (Postfix) with ESMTP id 7A8818D002D for ; Wed, 4 Aug 2021 06:02:06 -0400 (EDT) Received: from smtpin12.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 2175A8249980 for ; Wed, 4 Aug 2021 10:02:06 +0000 (UTC) X-FDA: 78436957452.12.5C818A1 Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) by imf29.hostedemail.com (Postfix) with ESMTP id C30069004382 for ; Wed, 4 Aug 2021 10:01:04 +0000 (UTC) Received: from fsav313.sakura.ne.jp (fsav313.sakura.ne.jp [153.120.85.144]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 174A0eWe063169; Wed, 4 Aug 2021 19:00:40 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav313.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav313.sakura.ne.jp); Wed, 04 Aug 2021 19:00:40 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav313.sakura.ne.jp) Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 174A0d05063165 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Wed, 4 Aug 2021 19:00:40 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: [syzbot] linux-next boot error: WARNING in find_vma To: Andrew Morton , Luigi Rizzo Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-next@vger.kernel.org, sfr@canb.auug.org.au, syzkaller-bugs@googlegroups.com, Kentaro Takeda , James Morris , "Serge E. Hallyn" , syzbot References: <0000000000005b873305c8aa6da2@google.com> <20210803132426.2f24a3512264e4603a08de57@linux-foundation.org> From: Tetsuo Handa Message-ID: <58bb6bf7-a57e-8a40-e74b-39584b415152@i-love.sakura.ne.jp> Date: Wed, 4 Aug 2021 19:00:37 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 In-Reply-To: <20210803132426.2f24a3512264e4603a08de57@linux-foundation.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Authentication-Results: imf29.hostedemail.com; dkim=none; dmarc=none; spf=none (imf29.hostedemail.com: domain of penguin-kernel@i-love.sakura.ne.jp has no SPF policy when checking 202.181.97.72) smtp.mailfrom=penguin-kernel@i-love.sakura.ne.jp X-Stat-Signature: zpttocggmz8xfhbrsawz5sso71y7g8eq X-Rspamd-Queue-Id: C30069004382 X-Rspamd-Server: rspam01 X-HE-Tag: 1628071264-236689 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2021/08/04 5:24, Andrew Morton wrote: > Thanks. I'm suspecting "Add mmap_assert_locked() annotations to > find_vma*()" found an error in Tomoyo - tomoyo_dump_page() should be > holding mmap_lock? Yes, TOMOYO needs the same protection which get_arg_page() needs. Please fold below diff into "mm/pagemap: add mmap_assert_locked() annotations to find_vma*()". diff --git a/fs/exec.c b/fs/exec.c index 816c7e347c9c..c982de69fab9 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -214,8 +214,7 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, gup_flags |= FOLL_WRITE; /* - * We are doing an exec(). 'current' is the process - * doing the exec and bprm->mm is the new process's mm. + * We are doing an exec(). bprm->mm is the new process's mm. */ mmap_read_lock(bprm->mm); ret = get_user_pages_remote(bprm->mm, pos, 1, gup_flags, diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 98d985895ec8..31af29f669d2 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -897,6 +897,9 @@ bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos, struct tomoyo_page_dump *dump) { struct page *page; +#ifdef CONFIG_MMU + int ret; +#endif /* dump->data is released by tomoyo_find_next_domain(). */ if (!dump->data) { @@ -909,11 +912,13 @@ bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos, /* * This is called at execve() time in order to dig around * in the argv/environment of the new proceess - * (represented by bprm). 'current' is the process doing - * the execve(). + * (represented by bprm). */ - if (get_user_pages_remote(bprm->mm, pos, 1, - FOLL_FORCE, &page, NULL, NULL) <= 0) + mmap_read_lock(bprm->mm); + ret = get_user_pages_remote(bprm->mm, pos, 1, + FOLL_FORCE, &page, NULL, NULL); + mmap_read_unlock(bprm->mm); + if (ret <= 0) return false; #else page = bprm->page[pos / PAGE_SIZE];