Re: [PATCH v3 06/11] rlimits: do security check under task_lock

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrew Morton <akpm@linux-foundation.org>
To: Jiri Slaby <jslaby@suse.cz>
Cc: adobriyan@gmail.com, nhorman@tuxdriver.com, oleg@redhat.com,
	linux-kernel@vger.kernel.org, jirislaby@gmail.com,
	Heiko Carstens <heiko.carstens@de.ibm.com>,
	Ingo Molnar <mingo@elte.hu>
Subject: Re: [PATCH v3 06/11] rlimits: do security check under task_lock
Date: Thu, 13 May 2010 15:56:26 -0700	[thread overview]
Message-ID: <20100513155626.8d1fe293.akpm@linux-foundation.org> (raw)
In-Reply-To: <1273514451-28894-6-git-send-email-jslaby@suse.cz>

On Mon, 10 May 2010 20:00:46 +0200
Jiri Slaby <jslaby@suse.cz> wrote:

> Do security_task_setrlimit under task_lock. Other tasks may
> change limits under our hands while we are checking limits
> inside the function. From now on, they can't.
>
> ...
>
> --- a/kernel/sys.c
> +++ b/kernel/sys.c
> @@ -1277,7 +1277,7 @@ int do_setrlimit(struct task_struct *tsk, unsigned int resource,
>  		struct rlimit *new_rlim)
>  {
>  	struct rlimit *old_rlim;
> -	int retval;
> +	int retval = 0;
>  
>  	if (resource >= RLIM_NLIMITS)
>  		return -EINVAL;
> @@ -1293,10 +1293,6 @@ int do_setrlimit(struct task_struct *tsk, unsigned int resource,
>  		goto out;
>  	}
>  
> -	retval = security_task_setrlimit(tsk, resource, new_rlim);
> -	if (retval)
> -		goto out;
> -
>  	if (resource == RLIMIT_CPU && new_rlim->rlim_cur == 0) {
>  		/*
>  		 * The caller is asking for an immediate RLIMIT_CPU
> @@ -1309,11 +1305,13 @@ int do_setrlimit(struct task_struct *tsk, unsigned int resource,
>  
>  	old_rlim = tsk->signal->rlim + resource;
>  	task_lock(tsk->group_leader);
> -	if ((new_rlim->rlim_max <= old_rlim->rlim_max) ||
> -				capable(CAP_SYS_RESOURCE))
> -		*old_rlim = *new_rlim;
> -	else
> +	if ((new_rlim->rlim_max > old_rlim->rlim_max) &&
> +				!capable(CAP_SYS_RESOURCE))
>  		retval = -EPERM;
> +	if (!retval)
> +		retval = security_task_setrlimit(tsk, resource, new_rlim);
> +	if (!retval)
> +		*old_rlim = *new_rlim;
>  	task_unlock(tsk->group_leader);
>  
>  	if (retval || resource != RLIMIT_CPU)

Yikes, so the locking around all that selinux code becomes even more
brutal.  How much rope are you tying around the selinux developers'
hands here?

next prev parent reply	other threads:[~2010-05-13 22:57 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-05-10 18:00 [PATCH v3 01/11] rlimits: security, add task_struct to setrlimit Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 02/11] rlimits: add task_struct to update_rlimit_cpu Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 03/11] rlimits: make sure ->rlim_max never grows in sys_setrlimit Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 04/11] rlimits: split sys_setrlimit Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 05/11] rlimits: allow setrlimit to non-current tasks Jiri Slaby
2010-05-13 22:56   ` Andrew Morton
2010-06-06 20:23     ` [PATCH v3 06/11] rlimits: do security check under task_lock Jiri Slaby
2010-06-07 18:08       ` Oleg Nesterov
2010-06-23 15:20         ` Jiri Slaby
2010-06-23 16:12           ` Oleg Nesterov
2010-06-23 17:44             ` Jiri Slaby
2010-06-23 17:56               ` Oleg Nesterov
2010-06-23 21:35                 ` Jiri Slaby
2010-06-23 18:37               ` Stephen Smalley
2010-05-10 18:00 ` Jiri Slaby
2010-05-13 22:56   ` Andrew Morton [this message]
2010-05-10 18:00 ` [PATCH v3 07/11] rlimits: add rlimit64 structure Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 08/11] rlimits: redo do_setrlimit to more generic do_prlimit Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 09/11] rlimits: switch more rlimit syscalls to do_prlimit Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 10/11] rlimits: implement prlimit64 syscall Jiri Slaby
2010-05-13 22:56   ` Andrew Morton
2010-05-26 12:58     ` Jiri Slaby
2010-05-26 14:30       ` Andrew Morton
2010-05-26 15:13         ` Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 11/11] unistd: add __NR_prlimit64 syscall numbers Jiri Slaby

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100513155626.8d1fe293.akpm@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=adobriyan@gmail.com \
    --cc=heiko.carstens@de.ibm.com \
    --cc=jirislaby@gmail.com \
    --cc=jslaby@suse.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=nhorman@tuxdriver.com \
    --cc=oleg@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.