From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B380D2FFF2 for ; Fri, 18 Oct 2024 11:05:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 974EC6B0082; Fri, 18 Oct 2024 07:05:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8FE366B0088; Fri, 18 Oct 2024 07:05:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 777CA6B00A5; Fri, 18 Oct 2024 07:05:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 554186B0082 for ; Fri, 18 Oct 2024 07:05:43 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id A3FCB81772 for ; Fri, 18 Oct 2024 11:05:32 +0000 (UTC) X-FDA: 82686442356.11.2EA993B Received: from flow-a8-smtp.messagingengine.com (flow-a8-smtp.messagingengine.com [103.168.172.143]) by imf25.hostedemail.com (Postfix) with ESMTP id 50E8DA0004 for ; Fri, 18 Oct 2024 11:05:33 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=shutemov.name header.s=fm1 header.b="d coCiM3"; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=nNFsDOP2; spf=pass (imf25.hostedemail.com: domain of kirill@shutemov.name designates 103.168.172.143 as permitted sender) smtp.mailfrom=kirill@shutemov.name; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1729249394; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DfrWUeI7jSkiKLl3DUG7tVnejbJ3jmsGwSHJKF/avYA=; b=qvqj9zQhQ72DU30pV2I1F0DKoc9k0HGoazMPcb8pLfVoirX7bJ1Gzyppq6nHn6uhM9qBZG oy90eThGfeFj2jqzXoFgVQVpz8yz4218Qw1wyd5sfLdl/eA3q/rBqpKFQL9f+SewFJrgLl YnIubKadjRi020bjsXwOdcaruB5rnvk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1729249394; a=rsa-sha256; cv=none; b=B7Ry0Ux5F9hSt9AGztV47IknVCxH3JGbU+JqDawjNc6Id9i20rKtTgH64gLrGheXCXjBFy B+2pHQ5U378hdd90mxSzr1pd3oM0ELJh/pP4Ohzb80P9YSQki0aIAh39JIEKKG+O/9wA7z 9hJslj5pmCcE4auXxt+N900M3qQxPhA= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=shutemov.name header.s=fm1 header.b="d coCiM3"; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=nNFsDOP2; spf=pass (imf25.hostedemail.com: domain of kirill@shutemov.name designates 103.168.172.143 as permitted sender) smtp.mailfrom=kirill@shutemov.name; dmarc=none Received: from phl-compute-03.internal (phl-compute-03.phl.internal [10.202.2.43]) by mailflow.phl.internal (Postfix) with ESMTP id 555442008EE; Fri, 18 Oct 2024 07:05:40 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-03.internal (MEProxy); Fri, 18 Oct 2024 07:05:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov.name; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1729249540; x= 1729256740; bh=DfrWUeI7jSkiKLl3DUG7tVnejbJ3jmsGwSHJKF/avYA=; b=d coCiM31/zabNDU6R4RnsDb/1plhuAHiEF0Q80vQuqfE+bJSr2l8hUqp4h4bOEo+0 siqhlildBZ9aRwdUXkP6bKYWCQI4CUtI4ESFeMNHjOMGCSOjwNTBGvf95/xvOHaE BuKDQivrJVwpUxoLOX3DjHJzctOno4J2XL3gcNAVfIqUpsk1VhXEX2P3qjwAuDRK qPTeHrXencJNxxnQ63tOmM+V/fOGDdREAUtvXBvyIFUEr68si/HG3iHgmm1mJIJk 7x3KvB90ssS+3AuH5PewlgYZGkWK6EgoUlnR9naCY/GULiCqc3SMIbmwlPnox9K0 JdvYhq9eCBaWWfuG33/xA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1729249540; x=1729256740; bh=DfrWUeI7jSkiKLl3DUG7tVnejbJ3 jmsGwSHJKF/avYA=; b=nNFsDOP2Xp/fxhjCB/9xkSy4rU/Js1j6E0JYnmEbjGdt oeqVqGwYRsXYWJBbm+M3/P4CnRyNzH2MJPMEBU8E2WqhAHTvkwDVGyWJK7EKWxJN NU1NYytz+PukYpVWsKe25tu5cXr+fpKUuyLZ8hA4UIbyBpmVww109MbhUGVWJpID pdCoL9e+CVTYUxZqpBdHOdYWdMOlY7YpGRRESqWkzJqQnKm+dlkqqWWF3uQitH6u xiAxU1NkRZ/XhlGXpsh/wfySGQr9uhFGC03nM/cmu2OsMZD0YE+Ua+yYZuS21dzV +0JXqpuohBLWNzXMDryuGiPGJc3iOMDKiPluxytD/A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvdehfedgfeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepfffhvfevuffkfhggtggujgesthdtsfdttddtvden ucfhrhhomhepfdfmihhrihhllhcutedrucfuhhhuthgvmhhovhdfuceokhhirhhilhhlse hshhhuthgvmhhovhdrnhgrmhgvqeenucggtffrrghtthgvrhhnpeffvdevueetudfhhfff veelhfetfeevveekleevjeduudevvdduvdelteduvefhkeenucevlhhushhtvghrufhiii gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehkihhrihhllhesshhhuhhtvghmohhv rdhnrghmvgdpnhgspghrtghpthhtohepvddupdhmohguvgepshhmthhpohhuthdprhgtph htthhopehlohhrvghniihordhsthhorghkvghssehorhgrtghlvgdrtghomhdprhgtphht thhopehrohgsvghrthhordhsrghsshhusehhuhgrfigvihgtlhhouhgurdgtohhmpdhrtg hpthhtohepphgruhhlsehprghulhdqmhhoohhrvgdrtghomhdprhgtphhtthhopegvsghp qhifvghrthihgeejvdduvdefsehgmhgrihhlrdgtohhmpdhrtghpthhtohepkhhirhhilh hlrdhshhhuthgvmhhovheslhhinhhugidrihhnthgvlhdrtghomhdprhgtphhtthhopeii ohhhrghrsehlihhnuhigrdhisghmrdgtohhmpdhrtghpthhtohepughmihhtrhihrdhkrg hsrghtkhhinhesghhmrghilhdrtghomhdprhgtphhtthhopegvrhhitgdrshhnohifsggv rhhgsehorhgrtghlvgdrtghomhdprhgtphhtthhopehjmhhorhhrihhssehnrghmvghird horhhg X-ME-Proxy: Feedback-ID: ie3994620:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 18 Oct 2024 07:05:32 -0400 (EDT) Date: Fri, 18 Oct 2024 14:05:27 +0300 From: "Kirill A. Shutemov" To: Lorenzo Stoakes Cc: Roberto Sassu , Paul Moore , ebpqwerty472123@gmail.com, kirill.shutemov@linux.intel.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, eric.snowberg@oracle.com, jmorris@namei.org, serge@hallyn.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, Roberto Sassu , linux-mm@kvack.org, akpm@linux-foundation.org, vbabka@suse.cz, linux-fsdevel@vger.kernel.org, Liam Howlett , Jann Horn Subject: Re: [PATCH 1/3] ima: Remove inode lock Message-ID: References: <20241008165732.2603647-1-roberto.sassu@huaweicloud.com> <7358f12d852964d9209492e337d33b8880234b74.camel@huaweicloud.com> <593282dbc9f48673c8f3b8e0f28e100f34141115.camel@huaweicloud.com> <15bb94a306d3432de55c0a12f29e7ed2b5fa3ba1.camel@huaweicloud.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Stat-Signature: yxdih39pid7om4c8emppkgodm851uwkt X-Rspamd-Queue-Id: 50E8DA0004 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1729249533-46541 X-HE-Meta: U2FsdGVkX18WuGgssXlcARbtrabK0gSGoCoir7FkiNg2AKlf3lCG+BP9V+zbHJnrT91Enw9yx3OUuY/Iw6eIcoyi/M7kLSFImJpi3F3pxcKS9qrrezA8zuVs7S+LBylxLtj2UT7Dzt2N63UHK3PrVROoZOQ9W7oZUmRfTfKX0KicYWVtZoHlF7XMgPUcOgwjkaAK8gIArv+LZBnBMIPYchoZakuoGgENP9fbc56gKlDQBQbucypKsR5PIzmIBS13HXb3jNgxX/qBIe+HEmpMOsbLbft3fIHOtFRSxUEtC9+r74BYIMfAMiGaNDS/Uv7adzHi1QdA6/ZndWtbe7apReQo0P54EvrHopgN9w9dL/q+DR/z/tyI1wBLwG9zdTK4W37odjyUKlVR0TRyuOcoQN58VLnf8tR9EpwcT/i3PEXUBQ0har5FCVSw7THj94xjCuOFt47Deq7wLg+NeqdagQ2mcbSLiEy6HQgzkqXX4wfVrj6XV7aeTelQ1onpx67UOs2Lx7dwXL5xl/GhTmE6aQB3QjwBuxpgHu3plWe1i3P4Rv9ocTmEhVqvIrE3PEbBzMvIe5/w36x2JYRTPRGxnVvOSpOoe9NGfnmNhXn02f5CxMCBLqya5v4u0zyV3bWIEV49lujReeFEE+RoRTAx039C07dPEOCHM4b11qgr0qpCSvkPl6ilhHfh5Y3C9oMOmMC/UJTIiPSrrT7rnhsyXWH0MOxMCoMkEQAft35a80JgA11qfZxtJVu+b8YZLCwLSAUEEiy9DkkrWG9f45xZyIZlBabDjR6vW982RXypr4WGs3yoj4PZAvZqYMrGvlJAXn57Ec7XVt8D/281mm2A6VNpBZRS9rFicLx6TfdlRxMxbjnBuk+dc1OrZ4MIK/8AWkdsf4oJ3JAh3nbFMMqf/gMq0TJqGrt3wtQQWynPWKNcbnDT63nyBm1XFx4E48RlJVPz3aiK2z+1enx17V5 /4Qka+0b EgKwLgSxtQqQrR0DcjUb6g+zeLRuoblX9hGxqRFVOvEwstyefjEcUejXkQuYgR06e9iZ1I4c95mgFuIMqBKcvj2rZdMD8+weqp0Nu6cQQ3Iah2CmRwMaJ1c37Ew7gc8iHOvQrct66Zi5BLGytIlPEdduvXDUR7u0KTBvmF2z2j2N8uTftgGFg8iElBwYy38kKvQK+zd8aekQ0uHPingQ4UXR+xur+dRid92zVYiP8b59HCbKAaOUkWaKSS/793LuQa3NeVRKIwbzpgEakne4J+YJ14Vlb9EucjcFvkQlQKlm04lvmJ5RQQlcDVi0mU2WzEA3nuyxK230lBgp0hkpXwwnQzj8G/tpTYXHkfHyivc/VpjDYoiiyW0roQL7RSg5jWwR6FIpgQPzuViKDL9nTu8FpetBMVx7yxIfNqoFp5JSvzv8K+zTLY7g4bQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Oct 18, 2024 at 12:00:22PM +0100, Lorenzo Stoakes wrote: > + Liam, Jann > > On Fri, Oct 18, 2024 at 01:49:06PM +0300, Kirill A. Shutemov wrote: > > On Fri, Oct 18, 2024 at 11:24:06AM +0200, Roberto Sassu wrote: > > > Probably it is hard, @Kirill would there be any way to safely move > > > security_mmap_file() out of the mmap_lock lock? > > > > What about something like this (untested): > > > > diff --git a/mm/mmap.c b/mm/mmap.c > > index dd4b35a25aeb..03473e77d356 100644 > > --- a/mm/mmap.c > > +++ b/mm/mmap.c > > @@ -1646,6 +1646,26 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, > > if (pgoff + (size >> PAGE_SHIFT) < pgoff) > > return ret; > > > > + if (mmap_read_lock_killable(mm)) > > + return -EINTR; > > + > > + vma = vma_lookup(mm, start); > > + > > + if (!vma || !(vma->vm_flags & VM_SHARED)) { > > + mmap_read_unlock(mm); > > + return -EINVAL; > > + } > > + > > + file = get_file(vma->vm_file); > > + > > + mmap_read_unlock(mm); > > + > > + ret = security_mmap_file(vma->vm_file, prot, flags); > > Accessing VMA fields without any kind of lock is... very much not advised. > > I'm guessing you meant to say: > > ret = security_mmap_file(file, prot, flags); > > Here? :) Sure. My bad. Patch with all fixups: diff --git a/mm/mmap.c b/mm/mmap.c index dd4b35a25aeb..541787d526b6 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1646,14 +1646,41 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, if (pgoff + (size >> PAGE_SHIFT) < pgoff) return ret; - if (mmap_write_lock_killable(mm)) + if (mmap_read_lock_killable(mm)) return -EINTR; vma = vma_lookup(mm, start); + if (!vma || !(vma->vm_flags & VM_SHARED)) { + mmap_read_unlock(mm); + return -EINVAL; + } + + file = get_file(vma->vm_file); + + mmap_read_unlock(mm); + + ret = security_mmap_file(file, prot, flags); + if (ret) { + fput(file); + return ret; + } + + ret = -EINVAL; + + if (mmap_write_lock_killable(mm)) { + fput(file); + return -EINTR; + } + + vma = vma_lookup(mm, start); + if (!vma || !(vma->vm_flags & VM_SHARED)) goto out; + if (vma->vm_file != file) + goto out; + if (start + size > vma->vm_end) { VMA_ITERATOR(vmi, mm, vma->vm_end); struct vm_area_struct *next, *prev = vma; @@ -1688,16 +1715,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, if (vma->vm_flags & VM_LOCKED) flags |= MAP_LOCKED; - file = get_file(vma->vm_file); - ret = security_mmap_file(vma->vm_file, prot, flags); - if (ret) - goto out_fput; ret = do_mmap(vma->vm_file, start, size, prot, flags, 0, pgoff, &populate, NULL); -out_fput: - fput(file); out: mmap_write_unlock(mm); + fput(file); if (populate) mm_populate(ret, populate); if (!IS_ERR_VALUE(ret)) -- Kiryl Shutsemau / Kirill A. Shutemov