From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 11563ECAAD8
	for <linux-mm@archiver.kernel.org>; Sat, 17 Sep 2022 02:20:39 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 289198D0002; Fri, 16 Sep 2022 22:20:39 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 211ED8D0001; Fri, 16 Sep 2022 22:20:39 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 08C568D0002; Fri, 16 Sep 2022 22:20:39 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id EE2858D0001
	for <linux-mm@kvack.org>; Fri, 16 Sep 2022 22:20:38 -0400 (EDT)
Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id CE5AE1204DA
	for <linux-mm@kvack.org>; Sat, 17 Sep 2022 02:20:38 +0000 (UTC)
X-FDA: 79919973756.28.F7C3FA1
Received: from mail-vs1-f52.google.com (mail-vs1-f52.google.com [209.85.217.52])
	by imf13.hostedemail.com (Postfix) with ESMTP id 551C5200AC
	for <linux-mm@kvack.org>; Sat, 17 Sep 2022 02:20:38 +0000 (UTC)
Received: by mail-vs1-f52.google.com with SMTP id c3so24492084vsc.6
        for <linux-mm@kvack.org>; Fri, 16 Sep 2022 19:20:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date;
        bh=oGVwvUbROocDCKmIi63dwILH5RW1QiYjDieu+3HIGsc=;
        b=p4xe7FkTwPfgqVWHMfckvfXbZ74PEfbA+zGhE3mwURum3Wtwo6VikqJgSAObdpAFke
         MHgaf3cMGbcsp7NKYQST+kgVWi7QA/7EfeeoGpttq5en4rUxgqRWjbhB3n/S//vgR2uv
         S6WlzAYbgM9x6YRypeUAifzcU+4agyXG2WIF5YjQTmbFQQQ9PuFPqhCcTxCqC21V8Oma
         fehUSROGSD31s8uKBl1as5duo/aDD+hrtnyxHZxLITS42/VP+0byTiZn/qi2IZK9QjXQ
         G0LgZLpYHmcT0na0Uoui2L7qNB6jaNUt1Ej0X2zNAazPs/ALCYW+dn5M3uVKopRR+64h
         qv+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date;
        bh=oGVwvUbROocDCKmIi63dwILH5RW1QiYjDieu+3HIGsc=;
        b=GBcR8OqQ68KVX958jntkdPjliOfVCsLfnqz9MG6Mdpb8vQypC3RdDfrYvD4pbBOXU5
         5p6hWNniyrHPDOT++rhcwD1JmG2oB2uwiFMVDrGPVJOJP4odqGb8fp6vTZTRThTQ8Smq
         3nQwyQF9nHnaCGS0S84t0OxyI7HNef1P718PV7ZBrmBf894eHjqx7Y0OEU56P5176iQz
         e+dQS2PkF1DE13iNktmMuX+Bu4wYq1kiPfro8oAtMVuZ7Hku/n0zD40lqjjRCR1EAy2o
         gY8Uczp+bNQ5K0tM8arLKJUtbHB+6DHrdDjrQv1xZds6Tz+9Q6bA8tX3ex/VUWCQuxlm
         RX9w==
X-Gm-Message-State: ACrzQf21wrmytVM+gGY7aT0yvQAAGmtZAUXTlS2J2YvpkwEV4rRkyo3r
	M3GCwO3Ax6/0N5/92cLvlSXhU9ZMZh46xhVBkD/kJw==
X-Google-Smtp-Source: AMsMyM5q6QRJAwXaZJ4XFbVgFggwa1+pamVcYJuzMq6iNMYJMIVWBOPdicQlAri+7OMdOIMIErnmt4nZD65EK0hktVA=
X-Received: by 2002:a67:ed55:0:b0:39a:7942:f574 with SMTP id
 m21-20020a67ed55000000b0039a7942f574mr3217830vsp.65.1663381237345; Fri, 16
 Sep 2022 19:20:37 -0700 (PDT)
MIME-Version: 1.0
References: <20220916135953.1320601-1-keescook@chromium.org>
In-Reply-To: <20220916135953.1320601-1-keescook@chromium.org>
From: Yu Zhao <yuzhao@google.com>
Date: Fri, 16 Sep 2022 20:20:00 -0600
Message-ID: <CAOUHufbUUf1--=qiseAYzjN2DdyCkf_x=CQboWYDduH7VgpXmQ@mail.gmail.com>
Subject: Re: [PATCH 0/3] x86/dumpstack: Inline copy_from_user_nmi()
To: Kees Cook <keescook@chromium.org>
Cc: Matthew Wilcox <willy@infradead.org>, Uladzislau Rezki <urezki@gmail.com>, 
	Andrew Morton <akpm@linux-foundation.org>, dev@der-flo.net, 
	Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@redhat.com>, 
	linux-kernel <linux-kernel@vger.kernel.org>, "the arch/x86 maintainers" <x86@kernel.org>, 
	linux-perf-users@vger.kernel.org, Linux-MM <linux-mm@kvack.org>, 
	linux-hardening@vger.kernel.org, Linux-Arch <linux-arch@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
ARC-Authentication-Results: i=1;
	imf13.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=p4xe7FkT;
	spf=pass (imf13.hostedemail.com: domain of yuzhao@google.com designates 209.85.217.52 as permitted sender) smtp.mailfrom=yuzhao@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1663381238; a=rsa-sha256;
	cv=none;
	b=Un1g28fD8W7PADP5qt5EVz+OiAW4+dr3CGJw4n9RMnFmB92dyq2W554RYZfPDW0OGRq1Ku
	rjbHBLx30801hG/C7S6bHDmCuUJGnXkAWf8XtUzsxK2pFP0QFlqH0TAhllcMvSsnR2WJ95
	Z3kjqrEkmPvm0uUdbl/KjXLMrYeL198=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1663381238;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=oGVwvUbROocDCKmIi63dwILH5RW1QiYjDieu+3HIGsc=;
	b=dJEhWHVok9NyU4GhZ1m0nQ8vaqmnBAaFov4UYIUGYhc02j4r1Qls27v0WJJ6IsJ7/B3isN
	bFXTh2SsaYnZrNdMVbBr7av0XlppesGYk/H2GNMmRwWx4R07WciNrKAt69+qG2VomdG5Lk
	M0ArKWu+kXigqie6FOQvtAS+YO+nmlY=
Authentication-Results: imf13.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=p4xe7FkT;
	spf=pass (imf13.hostedemail.com: domain of yuzhao@google.com designates 209.85.217.52 as permitted sender) smtp.mailfrom=yuzhao@google.com;
	dmarc=pass (policy=reject) header.from=google.com
X-Stat-Signature: roxheq9i4f5b4yx3nke18befucxckhe5
X-Rspamd-Queue-Id: 551C5200AC
X-Rspam-User: 
X-Rspamd-Server: rspam05
X-HE-Tag: 1663381238-16707
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Sep 16, 2022 at 8:01 AM Kees Cook <keescook@chromium.org> wrote:
>
> Hi,
>
> This fixes a find_vmap_area() deadlock. The main fix is patch 2, repeated here:
>
>     The check_object_size() helper under CONFIG_HARDENED_USERCOPY is
>     designed to skip any checks where the length is known at compile time as
>     a reasonable heuristic to avoid "likely known-good" cases. However, it can
>     only do this when the copy_*_user() helpers are, themselves, inline too.
>
>     Using find_vmap_area() requires taking a spinlock. The check_object_size()
>     helper can call find_vmap_area() when the destination is in vmap memory.
>     If show_regs() is called in interrupt context, it will attempt a call to
>     copy_from_user_nmi(), which may call check_object_size() and then
>     find_vmap_area(). If something in normal context happens to be in the
>     middle of calling find_vmap_area() (with the spinlock held), the interrupt
>     handler will hang forever.
>
>     The copy_from_user_nmi() call is actually being called with a fixed-size
>     length, so check_object_size() should never have been called in the
>     first place. In order for check_object_size() to see that the length is
>     a fixed size, inline copy_from_user_nmi(), as already done with all the
>     other uaccess helpers.
>
>     Reported-by: Yu Zhao <yuzhao@google.com>
>     Link: https://lore.kernel.org/all/CAOUHufaPshtKrTWOz7T7QFYUNVGFm0JBjvM700Nhf9qEL9b3EQ@mail.gmail.com
>     Reported-by: dev@der-flo.net
>
> Patch 1 is a refactor for patch 2, and patch 3 should make sure we avoid
> future deadlocks.

Thanks!

Tested-by: Yu Zhao <yuzhao@google.com>

The same test has been holding up well for a few hours now. It used to
throw that warning in less than half an hour.