From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F9AECF6493 for ; Sat, 28 Sep 2024 18:08:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D9D3F6B0252; Sat, 28 Sep 2024 14:08:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D4D0B6B0253; Sat, 28 Sep 2024 14:08:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C14116B0254; Sat, 28 Sep 2024 14:08:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id A4B3D6B0252 for ; Sat, 28 Sep 2024 14:08:03 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 5D50B160EB1 for ; Sat, 28 Sep 2024 18:08:03 +0000 (UTC) X-FDA: 82614930846.04.5B75E47 Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) by imf17.hostedemail.com (Postfix) with ESMTP id 946354000F for ; Sat, 28 Sep 2024 18:08:01 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=OBHbdXhA; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf17.hostedemail.com: domain of ebpqwerty472123@gmail.com designates 209.85.167.41 as permitted sender) smtp.mailfrom=ebpqwerty472123@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727546745; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=CKzeRt3cZsRqbJmwfzDXtTwI6KtcqI0hnC8kaq1Fnag=; b=OPmuPCcA3zuaB8cYoJgmB+E/YqVuqPXwRQhC7fr9qbxoSeIBu/KeL+tX2JOP4XzvqjTAwm xdNlLiGwaGzwVzXufpdr4EU/EuNJvcvGHzwsCyB2swnne9n5JtFYZQFTqjEA4Ryyudc0Q0 VcNaWHSJ13n4NOAmbmiSvBfzsyUnd3U= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727546745; a=rsa-sha256; cv=none; b=bnd0VPaY3fNZzqCxWqlFhqiBHfchNIeivFc/frJiAt2n6eAYIgw3BqLrWIUgPhqPblhTAS C7y8o4S5LHwZJUtYg3ydBVo+BoLU17iS7JwWijvRgapEadTD7zgPHZbvPdrlraepsx2E/k Ys2/20N2X+CIm1gakDMgYegl1zOctBs= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=OBHbdXhA; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf17.hostedemail.com: domain of ebpqwerty472123@gmail.com designates 209.85.167.41 as permitted sender) smtp.mailfrom=ebpqwerty472123@gmail.com Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-5399041167cso172641e87.0 for ; Sat, 28 Sep 2024 11:08:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727546880; x=1728151680; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CKzeRt3cZsRqbJmwfzDXtTwI6KtcqI0hnC8kaq1Fnag=; b=OBHbdXhA1qXYheUZ5GmQUYxyGV0vCH0Hb270ZTa2SJbMtYxxzCM6Z5rO8zJ1UrLZgD C3OqEfkHXuIYPsxMyCMR41CoLDRRNOyMlWpBHTB/DEbUNN1E/zw1Q4qwRNvlIMHeSNX/ mWrU7pYZxkMkgu7GVBALWJGAu4o7piF+EcX04pov7vDup9PTbLLvZPBprCNmlAISNS1/ J2kF6Pl6esl+ixW+xD4NLBsHwETRZD4GsHwATlYoXI+tpgg5b2rcWKda6qwWOiUdQJDf Uo1yautcvqjuE14mpiDdOhIGt9iHJwPsT/ATplXwq3C4LCmOOdimsgr4gJU43HZYsq9F WeUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727546880; x=1728151680; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CKzeRt3cZsRqbJmwfzDXtTwI6KtcqI0hnC8kaq1Fnag=; b=PYdY/FhjjtkM8AgEZXKjeKOT/WCecXTn0Ej98EFhKWb7Ur50XSu+BNTM1UHwmlfnzl YIUOk8MLuXysRDuay2aLYjAbJ4cQA7SBVQa2P4FRmoSGrA1tfbl8FvGtIAhG9yIwdxRM IbQLGW7h2IK8LmcLSKdwPR0Z5WpkYEcWphB07jm9M03j6zQ7bhrBjkO3yRXzlLFqwn8i 38rSSvadYnJbdivkCDRWzOvnyZJ43/VQaobDKq0Q+LInsNhlmc+QfhGn81x/m8pQEdnW OnrK5+qhaK/h0soUPjzYEheduni+sl3YFpkiWiPBwCffjV76qGE8jzdHJL88fd+TBj/6 8RjQ== X-Forwarded-Encrypted: i=1; AJvYcCXp0haF5qnsYhyHL51BZjDBHiRPv+P1mjP6zMcSKSeO7ScAtD0hOLeHtErQHskalEIbe3PkpIY22g==@kvack.org X-Gm-Message-State: AOJu0YxHj2F9JF2WUPVxrs1UIqvX8E/N9v6wJM3JhNAWKqOSA+GZBipJ vpy7JqRO2W2o0/5DORU7TApCY6hBdE1ex0UsEEf7l2tQbBS1WfQ+p2JzSsnuJDOaQIQ3a90nGkv 1LQuOJPnZCasppM7UE5t4hT2Jo0k= X-Google-Smtp-Source: AGHT+IEHtJbAYaY5EIQkY1zTXt6zA874QpVFjKS1zKSC/F3APB4uGQGUuz33Th8SwOiUeFGc8eDxsTfTsTynmonlvGA= X-Received: by 2002:a05:6512:3e05:b0:52c:cd77:fe03 with SMTP id 2adb3069b0e04-5389fc3bd31mr4795623e87.14.1727546879336; Sat, 28 Sep 2024 11:07:59 -0700 (PDT) MIME-Version: 1.0 References: <66f7b10e.050a0220.46d20.0036.GAE@google.com> In-Reply-To: <66f7b10e.050a0220.46d20.0036.GAE@google.com> From: Shu Han Date: Sun, 29 Sep 2024 02:07:47 +0800 Message-ID: Subject: Re: [syzbot] [integrity?] [lsm?] possible deadlock in process_measurement (4) To: syzbot Cc: akpm@linux-foundation.org, dmitry.kasatkin@gmail.com, eric.snowberg@oracle.com, hughd@google.com, jmorris@namei.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-security-module@vger.kernel.org, paul@paul-moore.com, roberto.sassu@huawei.com, serge@hallyn.com, stephen.smalley.work@gmail.com, syzkaller-bugs@googlegroups.com, zohar@linux.ibm.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 946354000F X-Stat-Signature: qcbsgbnzp4639waujrdr7km63wrws7z1 X-Rspam-User: X-HE-Tag: 1727546881-761166 X-HE-Meta: U2FsdGVkX18goMfOBR1xhAAlLmVwaeKxUpWHPSVcZaXiXvwUptfnGPNH4stNooEoBG7HhMb4kFfZRaV9peFYI60Xxa19pMp5pZd4inxG553w4ZjuXXdQEgJ62kpENkKAA8HklLESUKhXM3CxkasJhOamSuYLfL9a+7VbsNR24d++N1iJq0xcceaDBzBKpHPL6X50H1VXdz4m0QUgVGTyUJIUVT7TNvKgYnfUeGm6TcFrf9CnLKOq00Lr6Y7mZyIL+JcVyY1AiBTTglqELplEBYxmV65ZEM87fZcoetcxjEyQF7PMuaVQSpyGUMr7tQ/0zlkrJU/iY3RWWYlsBgoe6HqNWODQT5OQtPqPPqNwUhXNpyXYxJ03JidFxirlKkr4/OWV5FtZWFUsGmMeQxpN65jkBU+v3swNDmGzTizQAcOMlFnHKigGSiAqgVCBz53EZBMk9eLGCTvkr0Pq0G+rI0m9GvDkD9jXlmZVkWEto+CApBCRYQQch+FB3OOa/fX4JBySyhyWoklcO61eP1BJ1pRGGvaQDBHvo/O5R++djLrobmkgSHaakEHfHgweyo1pmJEooMcpahNcZOhp9wwp0pDBBMmMwa6hFJiuHzfYtdKQHaAsoM3h+iYsH+zlSVOKF0flP94P2gkq8dK7JUQ0hGkwqTFBgqy49nxLAgwfaHgkgu8I2U82XvArd5WoIwMrSq8vAzd7b+YHhA439r7Bi837mjIb5ibGpvqUs/nvV36TmdNqA2YBvFb6irue+I3bLstB8zgYqqsoqurOwVw86mv2FerBjmvvRf77Tb8QkhnrxHuy9zAcVZXbG8k3LxRj5/39ps4z9yy8v0ZECn6wP/pJL/nhseiNC/dHrJGQ4FPu1mDpPpefrp5b1NfFOB01ZB9Pee4VyzZ5u8ORII6HpGN7g6wrz8ffhs9xN4QP7kfihS1BFywp/lRETM37ceXGT+CVKIMf+KRz2sOnPFW iAklMiVv HPjWUmg9ThnDj6hWqsQ8oKtr/yuD2n0EZhney3oCyWo8NCWzI5+/wD08IR+VDeDreEZbRtGyNr4zksJ/VZImN9SMfxB66P2Yeyq0dO1daN1WL5yDHzCuph3kVhoJomXlozUFq8bNGT5P8N7Vkaid0AnWExawHORbJLU8CKapwL3Vsx/eVQnY1xCHOWtrQKOpsW/SgwUGTjJem58l6ezTjPCTLKyRlQ7uqwRjzfSE27usgYbnoe6qlyT8Kt4YMS3UvdfQFrnsPRONqMh/SMkMKYDKrDzFswec0Hpj0vsB/nBE8gqPPHPGtq73FAWZi5IFjtjTCaJsYPkHzoaW7RGCz9czqCDI2taJpRQiUyHP70aWFtYLKl66NfmtAGUWxTKAWNF+2rPn+h8IrTpsxj62sgtI1+rQbZn9ugauyoHWBTo/ixs82tCt/JAr4aJ70cemijup/DfUZ/5zk1kBElLDqw82SzEuv/emsgtawkk6ImE0llbiDNJCaXGozlrKq2TQN2jgRLQK/4wJyrVHh3mX8hAae9CxZgQf/X/J0iZsU17kKZVI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000160, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > ====================================================== > WARNING: possible circular locking dependency detected > 6.11.0-syzkaller-10045-g97d8894b6f4c #0 Not tainted > ------------------------------------------------------ > syz-executor369/5231 is trying to acquire lock: > ffff888072852370 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:815 [inline] > ffff888072852370 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: process_measurement+0x439/0x1fb0 security/integrity/ima/ima_main.c:250 > > but task is already holding lock: > ffff88807ac9a798 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:122 [inline] > ffff88807ac9a798 (&mm->mmap_lock){++++}-{3:3}, at: __do_sys_remap_file_pages mm/mmap.c:1649 [inline] > ffff88807ac9a798 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x22d/0xa50 mm/mmap.c:1624 > > which lock already depends on the new lock. This issue (if not a false positive?) is due to the possible `prot` change caused by the processing logic for READ_IMPLIES_EXEC in do_mmap(), so the remap_file_pages() must perform LSM check before calling do_mmap(), this is what the previous commit want to do. The LSM check is required to know what the `prot` is, but `prot` must be obtained after holding the `mmap_write_lock`. If the `mmap_write_lock` is released after getting the `prot` and before the LSM call in remap_file_pages(), it may cause TOCTOU. So, possible solutions may include: 1. Remove the security check by removing the the possibility of the `prot` change: 1.1. move the the processing logic for READ_IMPLIES_EXEC out of the do_mmap(). This also ensures that such missing checks which the previous commit fixes will not occur again(suggested). See the RFC PATCH https://lore.kernel.org/all/20240928180044.50-1-ebpqwerty472123@gmail.com/ 1.2. Replace do_mmap() in remap_file_pages() to mmap_region(), which do the actually memory mapping without the respect to READ_IMPLIES_EXEC. But this requires other checks in do_mmap() is performed in remap_file_pages(), such as the `file_mmap_ok`(may complex). 2. Perform operations similar to updating a value by CAS(may slow): for (;;) { mmap_write_lock(); prot = get_prot(); mmap_write_unlock(); if (!call_lsm(prot)) return; mmap_write_lock(); if (prot != get_prot()) continue; do_mmap(); mmap_write_unlock(); }