From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=rM6x=DH=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-12.1 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EDB3DC4727E
	for <linux-mm@archiver.kernel.org>; Wed, 30 Sep 2020 12:50:58 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 7E8DC2076E
	for <linux-mm@archiver.kernel.org>; Wed, 30 Sep 2020 12:50:58 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="U+CynULl"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7E8DC2076E
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id CCEBE8E0005; Wed, 30 Sep 2020 08:50:57 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C7EB48E0001; Wed, 30 Sep 2020 08:50:57 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B94868E0005; Wed, 30 Sep 2020 08:50:57 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0078.hostedemail.com [216.40.44.78])
	by kanga.kvack.org (Postfix) with ESMTP id A49218E0001
	for <linux-mm@kvack.org>; Wed, 30 Sep 2020 08:50:57 -0400 (EDT)
Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id 635EA8249980
	for <linux-mm@kvack.org>; Wed, 30 Sep 2020 12:50:57 +0000 (UTC)
X-FDA: 77319712554.22.ice53_5903a7c27193
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin22.hostedemail.com (Postfix) with ESMTP id 3D58518038E68
	for <linux-mm@kvack.org>; Wed, 30 Sep 2020 12:50:57 +0000 (UTC)
X-HE-Tag: ice53_5903a7c27193
X-Filterd-Recvd-Size: 4491
Received: from mail-ej1-f65.google.com (mail-ej1-f65.google.com [209.85.218.65])
	by imf33.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Wed, 30 Sep 2020 12:50:56 +0000 (UTC)
Received: by mail-ej1-f65.google.com with SMTP id i26so2591695ejb.12
        for <linux-mm@kvack.org>; Wed, 30 Sep 2020 05:50:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=2oyhULf73PbSRNA3Qsr0tiDBEcqWN9KNz6Hu/4QKeuw=;
        b=U+CynULl3FdR3YB/IUVSRlkvgJEzMr2/jA76c1mc1t7baIc/ZBAJIQpEH+d/N9kwgG
         EBK/jUHXxXVq5snRZOX2WgdZo8IQ1D2oypmsdwf9iUSnNLMz/Qas4ZcQRTh1P+vv+uMO
         6dBT1nhqX2C6eSZrh6NlHP2qZGUPhK7t3axRQKZ+l4YUYlweCQNsCKvwJn92QvdY89Fa
         +GC8spCxEOdulImMXe00oUFBIFVJnPdotyyGbKUsOdn4UbnVwi4Pg0jdTM8Q6FdrzlK8
         lcR/RhauyTxrK6KOSDt07FQpgSs4missXaEdj5dhIboZQ0z9dxy9fKLmKQPN9/4uXwQK
         Mo+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=2oyhULf73PbSRNA3Qsr0tiDBEcqWN9KNz6Hu/4QKeuw=;
        b=StpPoOH6TGFoULznWi/2S2Gnx8TnJOKWqX/857bAHtXzJJpJ/L+LPFxqV52xzJmSZT
         GTNX6CfieEWzQM+OWqwMeVt0Gd6kqTJrirbV9sUTdh7A99EcRMbVGQ5l8ELqtLgOA4/e
         RPBklvEHosqMQ7C4SxHA5fLJDnzk6HgmKGA/MBFJUCEgrcLPCaGHjqDolNzdWWv2lv2V
         E6ZFJ01W6gmDXbrZXKj4eB09cR7eNloIzHgdJmu1XPrVEJAcRLMPyqrbPivN3N6I0b2v
         3q9YkZXY+dnUKjcYoWoPEE4ONlVzGZ+gM/1idpCKCCGzoT35ws76nMSt5GsnaAY/vaDb
         wK5A==
X-Gm-Message-State: AOAM5319KVIAfLzNIeIWbSU9lk9Sqae5r0hDfGBIwTrzUg9AzTHrNRmt
	W4AV2pKe65r3MxfoE4BWYJOBJ2buulyOddINDsdpUw==
X-Google-Smtp-Source: ABdhPJwQ4TGMb5KzsAnZJ0zAu9KSAa3TQc+xsd/dxqDV/OmiFTAxg0DppfxNBpruoSZcCLTXEv29YwSq8MtYfcOEGC0=
X-Received: by 2002:a17:906:f917:: with SMTP id lc23mr2594183ejb.233.1601470255231;
 Wed, 30 Sep 2020 05:50:55 -0700 (PDT)
MIME-Version: 1.0
References: <20200930011944.19869-1-jannh@google.com> <CAG48ez03YJG9JU_6tGiMcaVjuTyRE_o4LEQ7901b5ZoCnNAjcg@mail.gmail.com>
 <20200930123000.GC9916@ziepe.ca>
In-Reply-To: <20200930123000.GC9916@ziepe.ca>
From: Jann Horn <jannh@google.com>
Date: Wed, 30 Sep 2020 14:50:28 +0200
Message-ID: <CAG48ez2z1R8MLS0_pjhBSGnJC8RwaHMpiGdv8GhJUCrwtsLOPg@mail.gmail.com>
Subject: Re: [PATCH 3/4] mmap locking API: Don't check locking if the mm isn't
 live yet
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Andrew Morton <akpm@linux-foundation.org>, Linux-MM <linux-mm@kvack.org>, 
	kernel list <linux-kernel@vger.kernel.org>, "Eric W . Biederman" <ebiederm@xmission.com>, 
	Michel Lespinasse <walken@google.com>, Mauro Carvalho Chehab <mchehab@kernel.org>, 
	Sakari Ailus <sakari.ailus@linux.intel.com>
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, Sep 30, 2020 at 2:30 PM Jason Gunthorpe <jgg@ziepe.ca> wrote:
> On Tue, Sep 29, 2020 at 06:20:00PM -0700, Jann Horn wrote:
> > In preparation for adding a mmap_assert_locked() check in
> > __get_user_pages(), teach the mmap_assert_*locked() helpers that it's fine
> > to operate on an mm without locking in the middle of execve() as long as
> > it hasn't been installed on a process yet.
>
> I'm happy to see lockdep being added here, but can you elaborate on
> why add this mmap_locked_required instead of obtaining the lock in the
> execv path?

My thinking was: At that point, we're logically still in the
single-owner initialization phase of the mm_struct. Almost any object
has initialization and teardown steps that occur in a context where
the object only has a single owner, and therefore no locking is
required. It seems to me that adding locking in places like
get_arg_page() would be confusing because it would suggest the
existence of concurrency where there is no actual concurrency, and it
might be annoying in terms of lockdep if someone tries to use
something like get_arg_page() while holding the mmap_sem of the
calling process. It would also mean that we'd be doing extra locking
in normal kernel builds that isn't actually logically required.

Hmm, on the other hand, dup_mmap() already locks the child mm (with
mmap_write_lock_nested()), so I guess it wouldn't be too bad to also
do it in get_arg_page() and tomoyo_dump_page(), with comments that
note that we're doing this for lockdep consistency... I guess I can go
change this in v2.