From: Jason Gunthorpe <jgg@nvidia.com>
To: Jann Horn <jannh@google.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>,
Richard Weinberger <richard@nod.at>,
Jeff Dike <jdike@addtoit.com>,
linux-um@lists.infradead.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, "Eric W . Biederman" <ebiederm@xmission.com>,
Sakari Ailus <sakari.ailus@linux.intel.com>,
John Hubbard <jhubbard@nvidia.com>,
Andrew Morton <akpm@linux-foundation.org>,
Michel Lespinasse <walken@google.com>,
Johannes Berg <johannes@sipsolutions.net>,
Anton Ivanov <anton.ivanov@cambridgegreys.com>
Subject: Re: [PATCH resend v3 2/2] exec: Broadly lock nascent mm until setup_arg_pages()
Date: Tue, 20 Oct 2020 16:15:40 -0300 [thread overview]
Message-ID: <20201020191540.GM6219@nvidia.com> (raw)
In-Reply-To: <20201016225713.1971256-3-jannh@google.com>
On Sat, Oct 17, 2020 at 12:57:13AM +0200, Jann Horn wrote:
> @@ -374,17 +366,12 @@ static int bprm_mm_init(struct linux_binprm *bprm)
> task_unlock(current->group_leader);
>
> err = __bprm_mm_init(bprm);
> - if (err)
> - goto err;
> -
> - return 0;
> -
> -err:
> - if (mm) {
> - bprm->mm = NULL;
> - mmdrop(mm);
> - }
> + if (!err)
> + return 0;
>
> + bprm->mm = NULL;
> + mmap_write_unlock(mm);
> + mmdrop(mm);
> return err;
nit, but prefer 'success-oriented-flow' eg invert the 'if (!err)' and
put the error unwind in the {}
> @@ -1545,6 +1532,18 @@ void setup_new_exec(struct linux_binprm * bprm)
> me->mm->task_size = TASK_SIZE;
> mutex_unlock(&me->signal->exec_update_mutex);
> mutex_unlock(&me->signal->cred_guard_mutex);
> +
> + if (!IS_ENABLED(CONFIG_MMU)) {
> + /*
> + * On MMU, setup_arg_pages() wants to access bprm->vma after
> + * this point, so we can't drop the mmap lock yet.
> + * On !MMU, we have neither setup_arg_pages() nor bprm->vma,
> + * so we should drop the lock here.
> + */
> + mmap_write_unlock(bprm->mm);
> + mmput(bprm->mm);
> + bprm->mm = NULL;
> + }
The only thing I dislike about this is how tricky the lock lifetime
is, it all looks correct, but expecting the setup_arg_pages() or
setup_new_exec() to unlock (depending!) is quite tricky.
It feels like it would be clearer to have an explicit function to do
this, like 'release_brp_mm()' indicating that current->mm is now the
only way to get the mm and it must be locked.
Or, more practically, the load_binary functionc can now call
vm_mmap().
Anyhow, it took a bit to study all the parts but I think it looks
right as is.
Jason
_______________________________________________
linux-um mailing list
linux-um@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-um
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgg@nvidia.com>
To: Jann Horn <jannh@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>, <linux-mm@kvack.org>,
<linux-kernel@vger.kernel.org>,
"Eric W . Biederman" <ebiederm@xmission.com>,
Michel Lespinasse <walken@google.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Sakari Ailus <sakari.ailus@linux.intel.com>,
Jeff Dike <jdike@addtoit.com>,
Richard Weinberger <richard@nod.at>,
Anton Ivanov <anton.ivanov@cambridgegreys.com>,
<linux-um@lists.infradead.org>,
"John Hubbard" <jhubbard@nvidia.com>,
Johannes Berg <johannes@sipsolutions.net>
Subject: Re: [PATCH resend v3 2/2] exec: Broadly lock nascent mm until setup_arg_pages()
Date: Tue, 20 Oct 2020 16:15:40 -0300 [thread overview]
Message-ID: <20201020191540.GM6219@nvidia.com> (raw)
In-Reply-To: <20201016225713.1971256-3-jannh@google.com>
On Sat, Oct 17, 2020 at 12:57:13AM +0200, Jann Horn wrote:
> @@ -374,17 +366,12 @@ static int bprm_mm_init(struct linux_binprm *bprm)
> task_unlock(current->group_leader);
>
> err = __bprm_mm_init(bprm);
> - if (err)
> - goto err;
> -
> - return 0;
> -
> -err:
> - if (mm) {
> - bprm->mm = NULL;
> - mmdrop(mm);
> - }
> + if (!err)
> + return 0;
>
> + bprm->mm = NULL;
> + mmap_write_unlock(mm);
> + mmdrop(mm);
> return err;
nit, but prefer 'success-oriented-flow' eg invert the 'if (!err)' and
put the error unwind in the {}
> @@ -1545,6 +1532,18 @@ void setup_new_exec(struct linux_binprm * bprm)
> me->mm->task_size = TASK_SIZE;
> mutex_unlock(&me->signal->exec_update_mutex);
> mutex_unlock(&me->signal->cred_guard_mutex);
> +
> + if (!IS_ENABLED(CONFIG_MMU)) {
> + /*
> + * On MMU, setup_arg_pages() wants to access bprm->vma after
> + * this point, so we can't drop the mmap lock yet.
> + * On !MMU, we have neither setup_arg_pages() nor bprm->vma,
> + * so we should drop the lock here.
> + */
> + mmap_write_unlock(bprm->mm);
> + mmput(bprm->mm);
> + bprm->mm = NULL;
> + }
The only thing I dislike about this is how tricky the lock lifetime
is, it all looks correct, but expecting the setup_arg_pages() or
setup_new_exec() to unlock (depending!) is quite tricky.
It feels like it would be clearer to have an explicit function to do
this, like 'release_brp_mm()' indicating that current->mm is now the
only way to get the mm and it must be locked.
Or, more practically, the load_binary functionc can now call
vm_mmap().
Anyhow, it took a bit to study all the parts but I think it looks
right as is.
Jason
next prev parent reply other threads:[~2020-10-20 19:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-16 22:57 [PATCH resend v3 0/2] Broad write-locking of nascent mm in execve Jann Horn
2020-10-16 22:57 ` Jann Horn
2020-10-16 22:57 ` [PATCH resend v3 1/2] mmap locking API: Order lock of nascent mm outside lock of live mm Jann Horn
2020-10-16 22:57 ` Jann Horn
2020-10-16 22:57 ` [PATCH resend v3 2/2] exec: Broadly lock nascent mm until setup_arg_pages() Jann Horn
2020-10-16 22:57 ` Jann Horn
2020-10-20 19:15 ` Jason Gunthorpe [this message]
2020-10-20 19:15 ` Jason Gunthorpe
2020-11-03 3:53 ` Jann Horn
2020-11-03 3:53 ` Jann Horn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201020191540.GM6219@nvidia.com \
--to=jgg@nvidia.com \
--cc=akpm@linux-foundation.org \
--cc=anton.ivanov@cambridgegreys.com \
--cc=ebiederm@xmission.com \
--cc=jannh@google.com \
--cc=jdike@addtoit.com \
--cc=jhubbard@nvidia.com \
--cc=johannes@sipsolutions.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-um@lists.infradead.org \
--cc=mchehab@kernel.org \
--cc=richard@nod.at \
--cc=sakari.ailus@linux.intel.com \
--cc=walken@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.