From patchwork Wed Dec  4 12:54:34 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Hildenbrand <david@redhat.com>
X-Patchwork-Id: 13893706
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 312E0E7716E
	for <linux-mm@archiver.kernel.org>; Wed,  4 Dec 2024 12:55:07 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id B36266B008A; Wed,  4 Dec 2024 07:55:06 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id AE5386B008C; Wed,  4 Dec 2024 07:55:06 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 985E86B0092; Wed,  4 Dec 2024 07:55:06 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com
 [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id 76D1E6B008A
	for <linux-mm@kvack.org>; Wed,  4 Dec 2024 07:55:06 -0500 (EST)
Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 33F1A41A78
	for <linux-mm@kvack.org>; Wed,  4 Dec 2024 12:55:06 +0000 (UTC)
X-FDA: 82857271476.05.E352D0F
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by imf13.hostedemail.com (Postfix) with ESMTP id 60C6220021
	for <linux-mm@kvack.org>; Wed,  4 Dec 2024 12:54:48 +0000 (UTC)
Authentication-Results: imf13.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=B+oZdiwb;
	spf=pass (imf13.hostedemail.com: domain of dhildenb@redhat.com designates
 170.10.129.124 as permitted sender) smtp.mailfrom=dhildenb@redhat.com;
	dmarc=pass (policy=none) header.from=redhat.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733316890; a=rsa-sha256;
	cv=none;
	b=FpMZpPX3mYcn4vgC9qRKTvK5PVlrnx6jp00j4MsrnxfmjFyiEYqsXHxY47tVEjPu9/26yL
	Kze6mFBCbn/ogvm+T3R1nD5GWQu7UlbiCBGRaOEVKITXa32TRrGFoDPI53xXLPdga6L2Mt
	3myVY/4t33jZc16s1oHZZnN10RzxqHA=
ARC-Authentication-Results: i=1;
	imf13.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=B+oZdiwb;
	spf=pass (imf13.hostedemail.com: domain of dhildenb@redhat.com designates
 170.10.129.124 as permitted sender) smtp.mailfrom=dhildenb@redhat.com;
	dmarc=pass (policy=none) header.from=redhat.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1733316890;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=9g+9cVRXvhHLgxGSqrQTBE7Bw6RR/sxdLnnaInZE9Y8=;
	b=AL0m4U9vjDohByjgme0ilGGeVylFZkUzIfPdFkpjMtBt9LEPimhKiYMHiH0dM/hUZ4arMa
	xI+R/qvTuljVzaDVnSbKOF/X03qPHemVjX1tI926IJoI4QHbHZSZScVc4terCeTkDFR+tK
	Sn9PN7mr8Ok9vcfydQ5Ke2LGn8TIAgg=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1733316901;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=9g+9cVRXvhHLgxGSqrQTBE7Bw6RR/sxdLnnaInZE9Y8=;
	b=B+oZdiwb5JlndyQaQ9mUUlqUyKFLrgfc8DKFmCMX9ph4M4T21A0p0ie/ECoiljRwqOzGVW
	p4CO3Df+AVTiNzQ8CJRnDOzXu46eJIRsIAHGAIPGAT+D1p8EVM33YTmzCb/q2LH3LBRszj
	RYHpxwjhKbN/T37bYkQlk0gt+4T2ztw=
Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com
 [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-595-MAjf6BCiN3687gIuUdj4sQ-1; Wed, 04 Dec 2024 07:55:00 -0500
X-MC-Unique: MAjf6BCiN3687gIuUdj4sQ-1
X-Mimecast-MFC-AGG-ID: MAjf6BCiN3687gIuUdj4sQ
Received: by mail-wm1-f71.google.com with SMTP id
 5b1f17b1804b1-434941aa9c2so38551295e9.3
        for <linux-mm@kvack.org>; Wed, 04 Dec 2024 04:55:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1733316899; x=1733921699;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=9g+9cVRXvhHLgxGSqrQTBE7Bw6RR/sxdLnnaInZE9Y8=;
        b=mhOT/pQgzZYsbZM9gUrDzn7QVtZ/JzVGcXPDoS6BYDoI6uPfhQmGLYAUx1iJeAguc5
         f7/VL3gePsq5ObNjiwSzacKHIcpV3dmglbhSxDk7zRAuRdWhAdVtW8CFSY+On2RFqs3t
         r9r8DWQDNqKUpaIJjp9wa6hbN0hRcjOAPV4EtY6oO+rWw9+ebQX7qrKk2LY9IVkwV3dr
         kAp2Bo8nh+aDnSbNguXLmT78HVEsFffdFhZUZ+jppEG1slLc+b10Cm254Ctft6arpHx/
         ccABDPqTNu3A9uycFooAP9ijIorRBIjiB43r8ZT8gIR3NMW5iizOVO9SA+5h3SnDWJ3m
         N3hw==
X-Gm-Message-State: AOJu0Yyh/0DCH5NaLQ3xlLLCBrqqGuFVEpg5MJngt+X2U6OwlZqxuSZ+
	2Coj7WJN3XQEufDgmq674cKOPqwD560+J7MoYvpPTdo9nTDaj1owLLKMk/OKnQoPmIXmleclaGq
	VxYq8CG622iPs9+HPS50Xps6+mDwp15LEk2uxLJBKNRiVWPB/
X-Gm-Gg: ASbGnct9hnxwoRP81rH0j6NCllPpIDF/YHTN6NdsyuYl1BVhUWdUKePd04BkJB1FIRk
	jvmHZUu1np46BCAjrbWCAtK3v595F5zEL7sW8bIveWca+8a3vqhFNsoyFZ5IgvIqtKjghhv1nfe
	PmOMvqdQkRJ3YjjDMNFzT1TS/mAowR8IsNbPDqlGJ09yEO8VkhYgY09aod3tZqGL75eIGEQUcej
	0QDP8fZ4A6QF5AaJOOof8PXrXr/v4S42GkeR64/E/XJ/UQZR8RzT3lqf2N4iJK57M/zOnt2WFKL
	tvA27Eb72yb1+nEDlhDhOurGRd7jsAVRZpA=
X-Received: by 2002:a05:600c:a46:b0:434:9e17:18e5 with SMTP id
 5b1f17b1804b1-434d3f015c9mr39711675e9.0.1733316899003;
        Wed, 04 Dec 2024 04:54:59 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IHeFWcM8kn1L8FVMwX9bQLaSRcl3tsS9Ol6XIyBOc2az2VjBMSNXd7wAhtLStmYUmhz8yBnag==
X-Received: by 2002:a05:600c:a46:b0:434:9e17:18e5 with SMTP id
 5b1f17b1804b1-434d3f015c9mr39710705e9.0.1733316897137;
        Wed, 04 Dec 2024 04:54:57 -0800 (PST)
Received: from localhost
 (p200300cbc70be10038d68aa111b0a20a.dip0.t-ipconnect.de.
 [2003:cb:c70b:e100:38d6:8aa1:11b0:a20a])
        by smtp.gmail.com with UTF8SMTPSA id
 5b1f17b1804b1-434d52c0dc8sm23581375e9.27.2024.12.04.04.54.54
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 04 Dec 2024 04:54:55 -0800 (PST)
From: David Hildenbrand <david@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org, linux-s390@vger.kernel.org,
 virtualization@lists.linux.dev, kvm@vger.kernel.org,
 linux-fsdevel@vger.kernel.org, kexec@lists.infradead.org,
 David Hildenbrand <david@redhat.com>, Heiko Carstens <hca@linux.ibm.com>,
 Vasily Gorbik <gor@linux.ibm.com>,
 Alexander Gordeev <agordeev@linux.ibm.com>,
 Christian Borntraeger <borntraeger@linux.ibm.com>,
 Sven Schnelle <svens@linux.ibm.com>, "Michael S. Tsirkin" <mst@redhat.com>,
 Jason Wang <jasowang@redhat.com>, Xuan Zhuo <xuanzhuo@linux.alibaba.com>,
	=?utf-8?q?Eugenio_P=C3=A9rez?= <eperezma@redhat.com>,
 Baoquan He <bhe@redhat.com>, Vivek Goyal <vgoyal@redhat.com>,
 Dave Young <dyoung@redhat.com>, Thomas Huth <thuth@redhat.com>,
 Cornelia Huck <cohuck@redhat.com>, Janosch Frank <frankja@linux.ibm.com>,
 Claudio Imbrenda <imbrenda@linux.ibm.com>,
 Eric Farman <farman@linux.ibm.com>, Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH v2 03/12] fs/proc/vmcore: disallow vmcore modifications while
 the vmcore is open
Date: Wed,  4 Dec 2024 13:54:34 +0100
Message-ID: <20241204125444.1734652-4-david@redhat.com>
X-Mailer: git-send-email 2.47.1
In-Reply-To: <20241204125444.1734652-1-david@redhat.com>
References: <20241204125444.1734652-1-david@redhat.com>
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: IUn4c9r97zpcd22sC5mDIvaAybLaAZo7uDp-6GsRjqc_1733316899
X-Mimecast-Originator: redhat.com
content-type: text/plain; charset="US-ASCII"; x-default=true
X-Rspamd-Queue-Id: 60C6220021
X-Stat-Signature: 8f4pies6qobguwes96cfxswmfnpzgwcs
X-Rspam-User: 
X-Rspamd-Server: rspam09
X-HE-Tag: 1733316888-500733
X-HE-Meta: 
 U2FsdGVkX19ktNk5BxyCpf7mpHp4YYjKl0LDJDUv3iMjVmGw765UUXry4nXRnXzcdickH5YbQV5n0xbGAkzWFdG80e2WdVJOKODfrAqL9bTLic/ffBz76QXW77avJJJkdtHIZX0nvWEX/uAkWZt56oOdHdkVhiYSs8nBRgaM5XqpFz8a7PTgwOHGgE3QCZdBXvvwtGmr4A/o7SHvg90dYcFS2fcbnEnVpZIoB9M3ZI//+yQPfI+2K9O2wlQgigzT6EHWafMJtQCSxlVOMBmMPrxH2nytpZyNda7Xzgw1VtWKRtNTi04bNbsxJfp9XT0vh9ikagckhLmGQwH0l/bJxLf9h1N1MJ9OzsHSaj1k5dkyCiGhXSOgWyZVLuM2lRFr8Wcdcu2BnJOyBZwqf1UC4mADLOD01/XWX/StYvJR+VxtPm5N1fyTTyJws0yuhXkVcKr/J1hz/mK4DmI3tvRPl8KzBLB/rqCKzKXtBvxGC5JM4rGNpbxPlRDGKnIq4zXUXq7o7n/hJkP0uZhbssxvUF2xIjjwU9ihEVTl63hzEXxuCPID+RAKBiytYEKH70OlZjoPIjhsCvqBrBwtLvDUzEvyd242MlZTUJkU6Dnq1IsTxv1J24bvh7KGqaytkDEBTWOvyk7iRQbVZj8l+qgJEvPKsUB/msj/b/2iH668W/UBw3/n9T/yTaY5eKgT9RBw1oYwcqNhnPySa7CG7/e7IhtyQS7w5pjIQ4pQbYx2dzDYbBiakWam4mlGXTQoiKTZ02W14vrSl1s4hfpoS0bMSy9S3ybVlllgERarakR01OiBdxWwDdZOLcaHQNKOsgCIJEdJ0xmBFrq7TfalzCdkLOPoVi7zFeoR3UqG9iNpfb46FHBzevJnVqOUmP069ZwRR3LpMUajgTFv+JhcdON719z6CIKMXqcw4wxNXgyjim1b4DvD108sPW1f9p1y4byhQXY/OsDZTRSxdGaXs4p
 X7rCZ4KJ
 GWH3ODFC8eWsJQ8TihW5A7c3PYul7LTGEydqpnmuAjKwCo+7rl1oirJIC8TRmTWIF9nxjKJ0zEAODiL3Ss1TiGgw3cfYZ10ULppIJzGgbD1s5ZKj/cH95Fn+/8xoQcc7Nn2sKWVI1e9K4lTez3Em67GeOFp7hCLAGqM3PNAZpH0OkzUlEFR/9jzqV+ok72SlD6X5pEP3PgilWwJPUl8qb6N0rJxFrsd114uaxybjJAEb85QVVQ4hJig5I0HJUYpHCz8BdBw9Ej0uKx/CkmcOU+plTzAvxshtJYlvEVotfKp4LH0KL387QAmDnrIkbZZ4CXXqnlM2Lk+yUOtpe2Fr3GPlyc8tgLnPOa1CNOh6j1z0vhAlUBo1873r2Ce75bQIGh9bCoivFZnansvHqbWqAqdCcnRfQzaTWc60GYBWuO7zZvrdlUVFvWnSxSw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

The vmcoredd_update_size() call and its effects (size/offset changes) are
currently completely unsynchronized, and will cause trouble when
performed concurrently, or when done while someone is already reading the
vmcore.

Let's protect all vmcore modifications by the vmcore_mutex, disallow vmcore
modifications while the vmcore is open, and warn on vmcore
modifications after the vmcore was already opened once: modifications
while the vmcore is open are unsafe, and modifications after the vmcore
was opened indicates trouble. Properly synchronize against concurrent
opening of the vmcore.

No need to grab the mutex during mmap()/read(): after we opened the
vmcore, modifications are impossible.

It's worth noting that modifications after the vmcore was opened are
completely unexpected, so failing if open, and warning if already opened
(+closed again) is good enough.

This change not only handles concurrent adding of device dumps +
concurrent reading of the vmcore properly, it also prepares for other
mechanisms that will modify the vmcore.

Signed-off-by: David Hildenbrand <david@redhat.com>
---
 fs/proc/vmcore.c | 57 +++++++++++++++++++++++++++++-------------------
 1 file changed, 34 insertions(+), 23 deletions(-)

diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
index e5a7e302f91f..16faabe5ea30 100644
--- a/fs/proc/vmcore.c
+++ b/fs/proc/vmcore.c
@@ -68,6 +68,8 @@ DEFINE_STATIC_SRCU(vmcore_cb_srcu);
 static LIST_HEAD(vmcore_cb_list);
 /* Whether the vmcore has been opened once. */
 static bool vmcore_opened;
+/* Whether the vmcore is currently open. */
+static unsigned int vmcore_open;
 
 void register_vmcore_cb(struct vmcore_cb *cb)
 {
@@ -122,6 +124,20 @@ static int open_vmcore(struct inode *inode, struct file *file)
 {
 	mutex_lock(&vmcore_mutex);
 	vmcore_opened = true;
+	if (vmcore_open + 1 == 0) {
+		mutex_unlock(&vmcore_mutex);
+		return -EBUSY;
+	}
+	vmcore_open++;
+	mutex_unlock(&vmcore_mutex);
+
+	return 0;
+}
+
+static int release_vmcore(struct inode *inode, struct file *file)
+{
+	mutex_lock(&vmcore_mutex);
+	vmcore_open--;
 	mutex_unlock(&vmcore_mutex);
 
 	return 0;
@@ -243,33 +259,27 @@ static int vmcoredd_copy_dumps(struct iov_iter *iter, u64 start, size_t size)
 {
 	struct vmcoredd_node *dump;
 	u64 offset = 0;
-	int ret = 0;
 	size_t tsz;
 	char *buf;
 
-	mutex_lock(&vmcore_mutex);
 	list_for_each_entry(dump, &vmcoredd_list, list) {
 		if (start < offset + dump->size) {
 			tsz = min(offset + (u64)dump->size - start, (u64)size);
 			buf = dump->buf + start - offset;
-			if (copy_to_iter(buf, tsz, iter) < tsz) {
-				ret = -EFAULT;
-				goto out_unlock;
-			}
+			if (copy_to_iter(buf, tsz, iter) < tsz)
+				return -EFAULT;
 
 			size -= tsz;
 			start += tsz;
 
 			/* Leave now if buffer filled already */
 			if (!size)
-				goto out_unlock;
+				return 0;
 		}
 		offset += dump->size;
 	}
 
-out_unlock:
-	mutex_unlock(&vmcore_mutex);
-	return ret;
+	return 0;
 }
 
 #ifdef CONFIG_MMU
@@ -278,20 +288,16 @@ static int vmcoredd_mmap_dumps(struct vm_area_struct *vma, unsigned long dst,
 {
 	struct vmcoredd_node *dump;
 	u64 offset = 0;
-	int ret = 0;
 	size_t tsz;
 	char *buf;
 
-	mutex_lock(&vmcore_mutex);
 	list_for_each_entry(dump, &vmcoredd_list, list) {
 		if (start < offset + dump->size) {
 			tsz = min(offset + (u64)dump->size - start, (u64)size);
 			buf = dump->buf + start - offset;
 			if (remap_vmalloc_range_partial(vma, dst, buf, 0,
-							tsz)) {
-				ret = -EFAULT;
-				goto out_unlock;
-			}
+							tsz))
+				return -EFAULT;
 
 			size -= tsz;
 			start += tsz;
@@ -299,14 +305,12 @@ static int vmcoredd_mmap_dumps(struct vm_area_struct *vma, unsigned long dst,
 
 			/* Leave now if buffer filled already */
 			if (!size)
-				goto out_unlock;
+				return 0;
 		}
 		offset += dump->size;
 	}
 
-out_unlock:
-	mutex_unlock(&vmcore_mutex);
-	return ret;
+	return 0;
 }
 #endif /* CONFIG_MMU */
 #endif /* CONFIG_PROC_VMCORE_DEVICE_DUMP */
@@ -691,6 +695,7 @@ static int mmap_vmcore(struct file *file, struct vm_area_struct *vma)
 
 static const struct proc_ops vmcore_proc_ops = {
 	.proc_open	= open_vmcore,
+	.proc_release	= release_vmcore,
 	.proc_read_iter	= read_vmcore,
 	.proc_lseek	= default_llseek,
 	.proc_mmap	= mmap_vmcore,
@@ -1516,12 +1521,18 @@ int vmcore_add_device_dump(struct vmcoredd_data *data)
 	dump->buf = buf;
 	dump->size = data_size;
 
-	/* Add the dump to driver sysfs list */
+	/* Add the dump to driver sysfs list and update the elfcore hdr */
 	mutex_lock(&vmcore_mutex);
-	list_add_tail(&dump->list, &vmcoredd_list);
-	mutex_unlock(&vmcore_mutex);
+	if (vmcore_opened)
+		pr_warn_once("Unexpected adding of device dump\n");
+	if (vmcore_open) {
+		ret = -EBUSY;
+		goto out_err;
+	}
 
+	list_add_tail(&dump->list, &vmcoredd_list);
 	vmcoredd_update_size(data_size);
+	mutex_unlock(&vmcore_mutex);
 	return 0;
 
 out_err: