From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 86A86C41604 for ; Tue, 20 Oct 2020 19:15:54 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id CB74E2225C for ; Tue, 20 Oct 2020 19:15:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=nvidia.com header.i=@nvidia.com header.b="XBVk3fkH" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CB74E2225C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=nvidia.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 177156B005C; Tue, 20 Oct 2020 15:15:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 103296B0062; Tue, 20 Oct 2020 15:15:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EE4B96B0068; Tue, 20 Oct 2020 15:15:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0043.hostedemail.com [216.40.44.43]) by kanga.kvack.org (Postfix) with ESMTP id C14426B005C for ; Tue, 20 Oct 2020 15:15:50 -0400 (EDT) Received: from smtpin16.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 5DA97181AC9C6 for ; Tue, 20 Oct 2020 19:15:50 +0000 (UTC) X-FDA: 77393258460.16.clock89_390f5ec27242 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin16.hostedemail.com (Postfix) with ESMTP id 3274E100C6652 for ; Tue, 20 Oct 2020 19:15:50 +0000 (UTC) X-HE-Tag: clock89_390f5ec27242 X-Filterd-Recvd-Size: 6589 Received: from nat-hk.nvidia.com (nat-hk.nvidia.com [203.18.50.4]) by imf30.hostedemail.com (Postfix) with ESMTP for ; Tue, 20 Oct 2020 19:15:48 +0000 (UTC) Received: from HKMAIL102.nvidia.com (Not Verified[10.18.92.100]) by nat-hk.nvidia.com (using TLS: TLSv1.2, AES256-SHA) id ; Wed, 21 Oct 2020 03:15:44 +0800 Received: from HKMAIL102.nvidia.com (10.18.16.11) by HKMAIL102.nvidia.com (10.18.16.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 20 Oct 2020 19:15:44 +0000 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.102) by HKMAIL102.nvidia.com (10.18.16.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 20 Oct 2020 19:15:44 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PLk47c7LirqXN8gWhw1M524x8fRr6Ziv7ybaTR5TXIF7U8nfQu5mc+xSauiPFHhBV85q9uxjyLeOelsNvQQ2HYmRlHIdQZVCUxB6mcNMSJzPV1xnpE73r3syJbGcpRDi3r481RBg6sgmzYJJX11S/AYWn0AjQ08eNLsEVejGCfSpafUFrQrvzZeuAAV0jZbbOB2U92AJjfuVzB/Meo0WOv8QjL51xh7zAYlFBFROsgV/G86nMIZGmOUDmJG2DyQsJWZXigrVoAo3vNMxjDRygCwavet6ROgQT+2Wf+JjumTsmk14vH7Dx8gkAC9MPoly6lpHp8sp8oWdCSlmokzDJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8XrSliCG5twkvtPWgvbBPq+Pd5LMQX7D0QJyPZ2GljE=; b=PDK7Z11bDTfBCEarqYWXeiq2dNmRw2Jh9laypRvqzAWaH/MlpGYXIe5fgfE6VP0/CmCNAjYFEIlq3T7bNdXFkBtoJP7XTInsDZTFCQ9r0p5lh6ISIZtAbKlO65UQ4PrZUOIx10oo15TmPHWMfWy0jZG12lPu7hGZ5kWLTtUWGzRcMx3empirIi2pvEXVwzZr/aLjiN6Tphd0Zi/0mQ+OCaV8odvm0ieUHzf3IWfby8yJQttPBf6GLkDvDPWdlkJKb+3fWARwtD5dVKmfMSrV1JW4TlNH2emYmAi7FIB6SKrGmPTiJw41KJcCjC4DBww8uTGHWh5vDtvBwvIgwF5QlA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none Received: from DM6PR12MB3834.namprd12.prod.outlook.com (2603:10b6:5:14a::12) by DM5PR12MB2439.namprd12.prod.outlook.com (2603:10b6:4:b4::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.20; Tue, 20 Oct 2020 19:15:42 +0000 Received: from DM6PR12MB3834.namprd12.prod.outlook.com ([fe80::cdbe:f274:ad65:9a78]) by DM6PR12MB3834.namprd12.prod.outlook.com ([fe80::cdbe:f274:ad65:9a78%7]) with mapi id 15.20.3477.028; Tue, 20 Oct 2020 19:15:42 +0000 Date: Tue, 20 Oct 2020 16:15:40 -0300 From: Jason Gunthorpe To: Jann Horn CC: Andrew Morton , , , "Eric W . Biederman" , Michel Lespinasse , Mauro Carvalho Chehab , Sakari Ailus , Jeff Dike , Richard Weinberger , Anton Ivanov , , "John Hubbard" , Johannes Berg Subject: Re: [PATCH resend v3 2/2] exec: Broadly lock nascent mm until setup_arg_pages() Message-ID: <20201020191540.GM6219@nvidia.com> References: <20201016225713.1971256-1-jannh@google.com> <20201016225713.1971256-3-jannh@google.com> Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20201016225713.1971256-3-jannh@google.com> X-ClientProxiedBy: MN2PR18CA0013.namprd18.prod.outlook.com (2603:10b6:208:23c::18) To DM6PR12MB3834.namprd12.prod.outlook.com (2603:10b6:5:14a::12) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from mlx.ziepe.ca (156.34.48.30) by MN2PR18CA0013.namprd18.prod.outlook.com (2603:10b6:208:23c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3499.18 via Frontend Transport; Tue, 20 Oct 2020 19:15:42 +0000 Received: from jgg by mlx with local (Exim 4.94) (envelope-from ) id 1kUx6i-0033Qn-R6; Tue, 20 Oct 2020 16:15:40 -0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1603221344; bh=8XrSliCG5twkvtPWgvbBPq+Pd5LMQX7D0QJyPZ2GljE=; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Date: From:To:CC:Subject:Message-ID:References:Content-Type: Content-Disposition:In-Reply-To:X-ClientProxiedBy:MIME-Version: X-MS-Exchange-MessageSentRepresentingType; b=XBVk3fkHDF1qXwO9U3nvWhPHvhlyo7HxsYCMBm7iCQjSAo3YpSip0QXRDpHvXTOn2 guY2dmsTSXhjndQCyp1Cheh0jW11fp0wK4N+fjoLNXpbxzcaP4clplknhn3vV56nRZ hsg1CaMBSMuElovaTrUFZ+aPvry+fIxz6WILD6OX+HrrbKWITAFUbIRZ8JDPhBLqHH 1vitkc9XFvzlvGplhSH5CRXvRpoYTWO4Kv9vpq2YhswWg4Vi3X6MgH5XdQmE79xtq7 RJwRXkcnr2ncCfFkpLoez9+YwlLHxiJv+IFpKy1/27+ZosYFhfujM4LqdmD/oeG8ft 8sMq8VJaPepOg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sat, Oct 17, 2020 at 12:57:13AM +0200, Jann Horn wrote: > @@ -374,17 +366,12 @@ static int bprm_mm_init(struct linux_binprm *bprm) > task_unlock(current->group_leader); > > err = __bprm_mm_init(bprm); > - if (err) > - goto err; > - > - return 0; > - > -err: > - if (mm) { > - bprm->mm = NULL; > - mmdrop(mm); > - } > + if (!err) > + return 0; > > + bprm->mm = NULL; > + mmap_write_unlock(mm); > + mmdrop(mm); > return err; nit, but prefer 'success-oriented-flow' eg invert the 'if (!err)' and put the error unwind in the {} > @@ -1545,6 +1532,18 @@ void setup_new_exec(struct linux_binprm * bprm) > me->mm->task_size = TASK_SIZE; > mutex_unlock(&me->signal->exec_update_mutex); > mutex_unlock(&me->signal->cred_guard_mutex); > + > + if (!IS_ENABLED(CONFIG_MMU)) { > + /* > + * On MMU, setup_arg_pages() wants to access bprm->vma after > + * this point, so we can't drop the mmap lock yet. > + * On !MMU, we have neither setup_arg_pages() nor bprm->vma, > + * so we should drop the lock here. > + */ > + mmap_write_unlock(bprm->mm); > + mmput(bprm->mm); > + bprm->mm = NULL; > + } The only thing I dislike about this is how tricky the lock lifetime is, it all looks correct, but expecting the setup_arg_pages() or setup_new_exec() to unlock (depending!) is quite tricky. It feels like it would be clearer to have an explicit function to do this, like 'release_brp_mm()' indicating that current->mm is now the only way to get the mm and it must be locked. Or, more practically, the load_binary functionc can now call vm_mmap(). Anyhow, it took a bit to study all the parts but I think it looks right as is. Jason