From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A65CC4338F for ; Wed, 4 Aug 2021 21:22:31 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id D850360EFD for ; Wed, 4 Aug 2021 21:22:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D850360EFD Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 760538D0002; Wed, 4 Aug 2021 17:22:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6EAA28D0001; Wed, 4 Aug 2021 17:22:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5B17F8D0002; Wed, 4 Aug 2021 17:22:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0142.hostedemail.com [216.40.44.142]) by kanga.kvack.org (Postfix) with ESMTP id 3CC078D0001 for ; Wed, 4 Aug 2021 17:22:30 -0400 (EDT) Received: from smtpin15.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id E87AD8249980 for ; Wed, 4 Aug 2021 21:22:29 +0000 (UTC) X-FDA: 78438672018.15.28B660D Received: from mail-lf1-f42.google.com (mail-lf1-f42.google.com [209.85.167.42]) by imf28.hostedemail.com (Postfix) with ESMTP id 9FAEB900DFE0 for ; Wed, 4 Aug 2021 21:22:29 +0000 (UTC) Received: by mail-lf1-f42.google.com with SMTP id b6so6787807lff.10 for ; Wed, 04 Aug 2021 14:22:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UJEIF1MBhfOV8x4z5f0qO8eGLWYyB7UB8BJTiU6/7O8=; b=Q2ftN7/c7umZq4SmFVMuZAx+rzkbimz0K+YLyZ2KSXIJIziAIdaJ1KaBVnmQ8yvqOV 5AenidY5GXZnjRTV0HTOrGg2f1kpY0+DQKSxHE/DUDWfWjyN4nQTqvWmBPfjg8JC7sB1 vh9PgKg1OAZxkr+gDgTtrHsxZQ8LH4aqtOPlCeSu/WOhOFetxTeqt52R8m7WeiDqM+w2 RoSDZZyMgl2KMFT+Sa74k5ou4I8gl4yURTdk7D6kriityAGqpizx6nch2QntcLoA6f7p 6d7xGQfm2nj12pxanrd0E59+xaOt6xQpIH7RydBRcAANUsWeaIxHCzXsTkM61EsSY9Bd K7Sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UJEIF1MBhfOV8x4z5f0qO8eGLWYyB7UB8BJTiU6/7O8=; b=F+sgzfdz2EzBiYJSDkLcLQPcuQAmpdRYK4ZDgbP+NRD3nasEkdjeUkKvc/zXn8MzD2 lp1xHAzTZbojhCCat7OfW35YQdwecTFLX8mFTacVGwTuDMPcgIhvXR68GvbgAMkcbAvt yrW2YufkhLshO+8qOq1aO5p0fivNdLnW/UypqE2AQCwbt0nX6RwjjD69A0cbMKB7lyVo iMBcFe/Bb+gS72aVYM+zCg15XB8ao5K1/O+KDb5GB3VEzkI5+vst6qn9Ic1xV/My3izs RcRMsSxMLd7CuXoIAjq3KoVInSagyPjuVvu8KBtdV/tx3S1YKrfFNVfzJtQP+bmHf9nh j6RA== X-Gm-Message-State: AOAM530V+7ojGO24i4tjoyAfSm8fWOfiJA2pZqVKzVEtAc1HpIsOZfIl NEtl04Fmg9FqueTbjlehl/zqULrC77JHX2lewQv6Uw== X-Google-Smtp-Source: ABdhPJy/WQsmj7Ah+zKiTmlR/rxywqx0xCrCM7jCG3pMSJQFZyirN6Z3oXQmXjHNFmQzT8kSDupixHzxvVtqXXAP+M8= X-Received: by 2002:a05:6512:3f16:: with SMTP id y22mr853067lfa.356.1628112147822; Wed, 04 Aug 2021 14:22:27 -0700 (PDT) MIME-Version: 1.0 References: <20210731175341.3458608-1-lrizzo@google.com> <20210803160803.GG543798@ziepe.ca> <20210803230725.ao3i2emejyyor36n@revolver> <20210804152148.GI543798@ziepe.ca> In-Reply-To: <20210804152148.GI543798@ziepe.ca> From: Jann Horn Date: Wed, 4 Aug 2021 23:22:01 +0200 Message-ID: Subject: Re: [PATCH] Add mmap_assert_locked() annotations to find_vma*() To: Jason Gunthorpe Cc: Liam Howlett , Luigi Rizzo , linux-kernel , Andrew Morton , David Rientjes , "linux-mm@kvack.org" Content-Type: text/plain; charset="UTF-8" Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20161025 header.b="Q2ftN7/c"; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf28.hostedemail.com: domain of jannh@google.com designates 209.85.167.42 as permitted sender) smtp.mailfrom=jannh@google.com X-Stat-Signature: djqif5hpk9cehfbx51fr4audk738h46e X-Rspamd-Queue-Id: 9FAEB900DFE0 X-Rspamd-Server: rspam01 X-HE-Tag: 1628112149-376866 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Aug 4, 2021 at 5:21 PM Jason Gunthorpe wrote: > On Wed, Aug 04, 2021 at 04:42:23PM +0200, Jann Horn wrote: > > Since I haven't sent a new version of my old series for almost a year, > > I think it'd be fine to take Luigi's patch for now, and undo it at a > > later point when/if we want to actually use proper locking here > > because we're worried about concurrent access to the MM. > > IIRC one of the major points of that work was not "proper locking" but > to have enough locking to be complatible with lockdep so we could add > assertions like in get_user_pages and find_vma. That's part of it; but it's also for making the code more clearly correct and future-proofing it. Looking at it now, I think process_madvise() might actually already be able to race with execve() to some degree; and if you made a change like this to the current kernel: diff --git a/mm/madvise.c b/mm/madvise.c index 6d3d348b17f4..3648c198673c 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -1043,12 +1043,14 @@ madvise_behavior_valid(int behavior) static bool process_madvise_behavior_valid(int behavior) { switch (behavior) { case MADV_COLD: case MADV_PAGEOUT: + case MADV_DOFORK: + case MADV_DONTFORK: return true; default: return false; } } it would probably introduce a memory corruption bug, because then someone might be able to destroy the stack VMA between setup_new_exec() and setup_arg_pages() by using process_madvise() to trigger VMA splitting/merging in the right pattern.