From patchwork Wed Feb 2 02:41:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Liam R. Howlett" X-Patchwork-Id: 12732524 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4D770C433F5 for ; Wed, 2 Feb 2022 02:42:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 37B7D8D00A7; Tue, 1 Feb 2022 21:42:03 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2B51A8D00A3; Tue, 1 Feb 2022 21:42:03 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 153928D00A7; Tue, 1 Feb 2022 21:42:03 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id E5BD38D00A3 for ; Tue, 1 Feb 2022 21:42:02 -0500 (EST) Received: from smtpin06.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id B04E28239AFD for ; Wed, 2 Feb 2022 02:42:02 +0000 (UTC) X-FDA: 79096290084.06.CC5505C Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by imf13.hostedemail.com (Postfix) with ESMTP id 915BF20004 for ; Wed, 2 Feb 2022 02:42:01 +0000 (UTC) Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 211Nsv8t022152; Wed, 2 Feb 2022 02:42:00 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=corp-2021-07-09; bh=xlk/9tp098Dnij0NbZuamMaSXh5ZCVZsZFEpsM+cGh8=; b=SGqSLcu4mXgf7I2gBukmSEXhz9MV5sMEhCl3zBcwiCTAOZAvz0xeh86Yo5q4j7Khvh+N RM4nNT4WrhAyrCEkaZb7ZLXHKTF2TZnwc6avOLk0bcCNfOgwS8OmzsM7DLLyO7vGxWTT lDu0QH/Vdu5wlSFNV8Lm+cYS3VgQowdKyogurzeefb2Fp6DGtSQ/lRDBWFCYtwwa/1uX 4pOp8e49dBobXo+yc8iMKWPigrYkYb2HKEhIU2lLCpI1Ciu3+e0IWISotZcsw2Y3yC6k 1Iq0eSceSFGo2v9zeLBcMHqfYB2TjgaXfXuiW/Nt2SuCZEx2UwvdQ+TViw4kzcSHqWvB Qw== Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by mx0b-00069f02.pphosted.com with ESMTP id 3dxnk2m7pa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 02 Feb 2022 02:41:57 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.1.2/8.16.1.2) with SMTP id 2122ZPE9146731; Wed, 2 Feb 2022 02:41:55 GMT Received: from nam04-dm6-obe.outbound.protection.outlook.com (mail-dm6nam08lp2046.outbound.protection.outlook.com [104.47.73.46]) by aserp3020.oracle.com with ESMTP id 3dvwd78vk5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 02 Feb 2022 02:41:55 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z3lJTpzICBsVJIBp8uXdeZqBG20d3wldi65qzBUZVGwpyIsRI1beEu1vs6Nm3FAhGWKvNLtdhsflrmSG/GeW4SP9Yb21PJcKxlBPq0sPnaLtLuXNjpLufZUfcp1P5dY1CnhUy4A9VRcNRc6FmYuXfCV9sniGkH1OdoX8OHSetxX1M/9jFEnmq540LpigriPTIHcVEkAHANBMsn9/Q6iyQR+jWynHHNvGf0gyfT/omEO5b4hcq0nOD/9MhISwhYvk/4PHHUFCA6yN5jmrGqi18Tzj2cTIbBjQ9eSd2O6imfaXS25J63GauVzjUXE5l+WxMmZVX09J+nvbtnhXr7DvHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xlk/9tp098Dnij0NbZuamMaSXh5ZCVZsZFEpsM+cGh8=; b=KBriyiv/M6KKVfiQzoecIsMQrzRPBD7Eqal9o2847QtecR1gxtyt6U1IWS4dCXzLvS0bGzt2aqWdn8xoBwa/hYTV5tYZg/dYXeExfM/xOrdPpA0FhSucleTdAbujuBFMHbQkuCOj6oz/EyRL20UuW31q7TL5Qad8OxvxEslM5HeuqqxQjcYX5Ma9U668TOuMFURHUmGM8cgKuqDfweceO93rfaHDs0xUsB/ght4S6DnT0gS1AfX1M1SlIr88bfr+BIlkVCdlbN8ewLgmDteTtIytz7poIcOcwHTOrMkm5Kd+XFVFH/HZPXkNHbBKAhtnncm44llY4RQzCEtsR207hw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xlk/9tp098Dnij0NbZuamMaSXh5ZCVZsZFEpsM+cGh8=; b=GY6K1kkj+Q6hZ3+Ny+QCKmuvIm4Xh/AdyXUy/7WiXnc7YdbBYW4Juywuj/pnIQ2jx3FMfBkSLs+6xIyWJ+JLXUP5rO0H65UwLnGuzJ1rwuJtPrJzbTkFJQiBJt12gDfzOUC4mWeWd6QZR2Bpd6sZ0trEwqzOT/HQmRHIDN1jJ54= Received: from SN6PR10MB3022.namprd10.prod.outlook.com (2603:10b6:805:d8::25) by MWHPR10MB1325.namprd10.prod.outlook.com (2603:10b6:300:1e::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.18; Wed, 2 Feb 2022 02:41:53 +0000 Received: from SN6PR10MB3022.namprd10.prod.outlook.com ([fe80::3857:3a25:3444:fdd3]) by SN6PR10MB3022.namprd10.prod.outlook.com ([fe80::3857:3a25:3444:fdd3%5]) with mapi id 15.20.4930.022; Wed, 2 Feb 2022 02:41:53 +0000 From: Liam Howlett To: "maple-tree@lists.infradead.org" , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" , Andrew Morton Subject: [PATCH v5 01/70] binfmt_elf: Take the mmap lock when walking the VMA list Thread-Topic: [PATCH v5 01/70] binfmt_elf: Take the mmap lock when walking the VMA list Thread-Index: AQHYF95v8rQXPYT4EkqXvxYFLhjgiA== Date: Wed, 2 Feb 2022 02:41:53 +0000 Message-ID: <20220202024137.2516438-2-Liam.Howlett@oracle.com> References: <20220202024137.2516438-1-Liam.Howlett@oracle.com> In-Reply-To: <20220202024137.2516438-1-Liam.Howlett@oracle.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.34.1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b9e6c10e-9b05-44eb-47da-08d9e5f59284 x-ms-traffictypediagnostic: MWHPR10MB1325:EE_ x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: M0UUCyKQ9hL7fDt8oBNqS0+fHVI4NvIW0YSLbetWTGPXdod9mWO71em3Xym97hbch208iq27r7hGfB2+pqyZCZ8kBlHS53agMQSm8LF6lkHM80svyK0pEKyN/hUGFGE9G5GWFsFa5koRNpHQpoqWHJyun5/D3spPa3AKuHYGi4IBrnyNqS856JdbU88jtlrwjmZXRQCYuPHHAu+/rr+Z6ZQUn4UDPPhdf/O2o07w22p4skxuyNsB87ahi2ogdkeci0Wjmy9PNoJ6b1i39vE8m7kt//E2D9vPLPhnNh0MR0ajVkewW5bJ4GRnVxBvDBlntzXzqm24PndnAUp+HAh2fiY3iUc2B6cGJtEJNnuZlF4upmKJLF+nst0/UvKz/f78fj1SR7VKSj0mFwk6XzA0pd7bPhPmaITKx4By0axBXk69lPpnMDuRYSNo0aOqUtPMfmXqQwGS9ubsnYDzPUpuZFF6QgbrM40np2s3hPIpT0YjFCbJTJ9cb9I/hdEzlh1YXUE79pGMEFKC8Vx2Hby/FxhIm2ZoNpkV5vgjOveQGc4EWs3IKg4nzcwcknF0h3fTrti8OI++ri+95OM5aHK9+dOWVXSU/ERBW0/IyLlsSw9LNAANz5XN2rzNSLPbEpCMiPgkTjnIgmFF7TN0NC3iX+vKwtrFeLt0nJX+aOCx0TvXsvBFb3mHYBuS9vwfWVQEh8TGWXNEiQ1DH/LOgyn6lw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR10MB3022.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(83380400001)(5660300002)(38100700002)(110136005)(86362001)(508600001)(6486002)(6506007)(44832011)(91956017)(66946007)(26005)(38070700005)(2906002)(122000001)(71200400001)(66556008)(186003)(66476007)(66446008)(64756008)(1076003)(8936002)(76116006)(36756003)(316002)(2616005)(8676002)(6512007);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?FCIUsQbwO+rI+VM2eQKPEQz?= =?iso-8859-1?q?Zjfh0r/IUkezxvG7xj81AImAeSC/jv8tm34+HIO94cuJ/5v3A8QyZjp+qvQj?= =?iso-8859-1?q?pmsXnmYQKhKZRQS+2JI7Lq3bBCTt8Yzcmr9ZqD22zYwWXBwv9OMnKIRdxXFm?= =?iso-8859-1?q?FqsP7fmqd+dAUr3BN58C+vsoB0We20+PM4PRx7udTggK3gMLaseF6yoX7v0S?= =?iso-8859-1?q?QUwRhiosWdkPEjCp6mqsbxV9Jaw6JTWsBGIQ2stFYV7Fh3V8HgXP3Qk5KJ2l?= =?iso-8859-1?q?g7mqogyXHIgGKfK8c0bfMHqVoSdYGc+Wc1Yf8dWPNBRwLb1Q6ecFyTdX/BrN?= =?iso-8859-1?q?d75ms2N155puALl1YWKHi+/z0wFb1dA2v9UMsloQPu5rvkoQ1NfVznnI5let?= =?iso-8859-1?q?xPAqtkNf39SOpKAR1RzurrL4Tu1DBJ2VEmLZz0Pz4WptQTpHCgGF+XC1vlCx?= =?iso-8859-1?q?jcv5Cgg8LbYECY2sZdtaG8WtMPZC26tUKUh6Hb/+c62eBtm+cDiPLoAAnIif?= =?iso-8859-1?q?R+yPvOYEksvlqF6CMFnatA14vfNuURAnITKxxyzicuX51tQOnNPKCw1MpFuP?= =?iso-8859-1?q?CDBcCz66orb7/IzBSHaUVG9r59X/kVurIm7Cpfm/YKt4qDvt3ENVYUy/jrPk?= =?iso-8859-1?q?wH04L9M6ggLnEr4+fL3JoyY14luVReQkYb/m1LYPRB8sFww3Wa9/O1TqiBDf?= =?iso-8859-1?q?rGuKOyOZ607gVnaeBuNZObLrXveEKOi32bdTyeqpxMrR11nRkg0yjoUjzrE2?= =?iso-8859-1?q?EnExovSwCnGplmDTsfgyQdtCBqe31YZ4+HLR1IMapWaz3qnORY+GgFd7pHfb?= =?iso-8859-1?q?bo76mo5WhPJgXYvk3vzE1UPAfBtvJ7ST+qVvh8yTY6IphUArggEXDT4Dbo6C?= =?iso-8859-1?q?IDIlMyzp9I77jSMjHStYnnl3QZr65tm45/sEyKqQ4zepgqp2UU7Nbxru5YFe?= =?iso-8859-1?q?PDEAyV65qGQcxqu5chY2ZqJwTs1bRbvIWuqy/0o0pQJTEhpcbDHLp9ZVZIIt?= =?iso-8859-1?q?2tmt1Vldk28ONmtfkMSMcUn74DLqjtF6uZ6TJ/fqgn2/I0Mu3BxNj4t5Orvs?= =?iso-8859-1?q?gMb0vtnHVIkTR83kP+UaKoVQu7E71YF1jtYnJALaZ6dC1EVXq+wFoeJ6kdce?= =?iso-8859-1?q?MA6S7zlmZKNaLvgD3lFnjzMdEfZnuZSt67UPaaejWitYs+rQ/VHI5ZwHGUPM?= =?iso-8859-1?q?5cRlh1z0HF0n8Q+Mpug0aaXm3GRzvEqNfmVPXkZ2hUET20oz7GiD441067ms?= =?iso-8859-1?q?HBFjuqEDHt5TdGO1QCeLiWY2ZEnKqWy1B+WsB3+y08pROd6s4OKZPqn5m2nz?= =?iso-8859-1?q?xECohi8Rv/K5btwqjF1Y3o6FfcWO8uioC+OEzU+nQfK3TzWZ6QuNMWw24k/E?= =?iso-8859-1?q?omguKXMMy7izttq+3P6c7D7Tcq5A4QaPEDnI+XYzx+n/OzQ5eJ5vhFbgUuhz?= =?iso-8859-1?q?ti0qBX4xVOdc/6dv9Dt5hE3HzHcY2JdhHrOCEQSUCPl1LTsgKi58lPaKi2wN?= =?iso-8859-1?q?MEMcpapKtRdezbc4IcBy0WJMAFN3DUyhVeymZ3udeCjs5S75p27640iXcFc/?= =?iso-8859-1?q?urcCMZNmSagCOw8e9qkpil1nDKSU/Hawx4chRe8m8yRWPvPMJ/fSvYXraeEI?= =?iso-8859-1?q?bVAklrOQgMKFcB1zL8DbQtJBDtzPP/WaU0Xt60ankQvMzrvYy6xKrqHuX3d4?= =?iso-8859-1?q?=3D?= MIME-Version: 1.0 X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR10MB3022.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b9e6c10e-9b05-44eb-47da-08d9e5f59284 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2022 02:41:53.3152 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nwKe9c6t6szWme/2uGx+FX5jCzPkSM2qT0ssZO6h/S+dmDfnoAm1NteArHNgDJE6A8SfQPRXvqpdat+LamBR0Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR10MB1325 X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10245 signatures=673430 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 adultscore=0 suspectscore=0 malwarescore=0 bulkscore=0 mlxscore=0 spamscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2202020010 X-Proofpoint-GUID: Sk8oIF88f0UftVOrqKl8tRmhUufHHK-s X-Proofpoint-ORIG-GUID: Sk8oIF88f0UftVOrqKl8tRmhUufHHK-s Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2021-07-09 header.b=SGqSLcu4; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=GY6K1kkj; spf=none (imf13.hostedemail.com: domain of liam.howlett@oracle.com has no SPF policy when checking 205.220.165.32) smtp.mailfrom=liam.howlett@oracle.com; dmarc=pass (policy=none) header.from=oracle.com X-Rspam-User: nil X-Rspamd-Queue-Id: 915BF20004 X-Stat-Signature: fgdjaoyqxznx3qnbu9i1sqcj86bkw56f X-Rspamd-Server: rspam12 X-HE-Tag: 1643769721-168526 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: "Matthew Wilcox (Oracle)" I'm not sure if the VMA list can change under us, but dump_vma_snapshot() is very careful to take the mmap_lock in write mode. We only need to take it in read mode here as we do not care if the size of the stack VMA changes underneath us. If it can be changed underneath us, this is a potential use-after-free for a multithreaded process which is dumping core. Fixes: 2aa362c49c31 ("coredump: extend core dump note section to contain file names of mapped files") Signed-off-by: Matthew Wilcox (Oracle) Reviewed-by: Liam R. Howlett --- fs/binfmt_elf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 605017eb9349..dc2318355762 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1651,6 +1651,7 @@ static int fill_files_note(struct memelfnote *note) name_base = name_curpos = ((char *)data) + names_ofs; remaining = size - names_ofs; count = 0; + mmap_read_lock(mm); for (vma = mm->mmap; vma != NULL; vma = vma->vm_next) { struct file *file; const char *filename; @@ -1661,6 +1662,7 @@ static int fill_files_note(struct memelfnote *note) filename = file_path(file, name_curpos, remaining); if (IS_ERR(filename)) { if (PTR_ERR(filename) == -ENAMETOOLONG) { + mmap_read_unlock(mm); kvfree(data); size = size * 5 / 4; goto alloc; @@ -1680,6 +1682,7 @@ static int fill_files_note(struct memelfnote *note) *start_end_ofs++ = vma->vm_pgoff; count++; } + mmap_read_unlock(mm); /* Now we know exact count of files, can store it */ data[0] = count;