Re: [PATCH] move cred_guard_mutex from task_struct to signal_struct

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Oleg Nesterov <oleg@redhat.com>
To: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Roland McGrath <roland@redhat.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	linux-kernel@vger.kernel.org, oss-security@lists.openwall.com,
	Solar Designer <solar@openwall.com>,
	Kees Cook <kees.cook@canonical.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Neil Horman <nhorman@tuxdriver.com>,
	linux-fsdevel@vger.kernel.org, pageexec@freemail.hu,
	"Brad Spengler <spender@grsecurity.net>,
	Eugene Teo"  <eugene@redhat.com>,
	KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Subject: Re: [PATCH] move cred_guard_mutex from task_struct to signal_struct
Date: Fri, 10 Sep 2010 19:24:57 +0200	[thread overview]
Message-ID: <20100910172457.GA23393@redhat.com> (raw)
In-Reply-To: <20100910101528.C958.A69D9226@jp.fujitsu.com>

On 09/10, KOSAKI Motohiro wrote:
>
> 1) moving cread_guard_mutex itself
>    - no increase execve overhead
> 	-> very good
>    - it also prevent parallel ptrace

No, it doesn't. Only PTRACE_ATTACH needs this mutex, and as Roland
pointed out it also needs write_lock(tasklist) which is worse. So
this change doesn't make any practical harm for ptrace.

> 2) move in_exec_mm to signal_struct too
>    -> very hard. oom-killer can use very few lock because it's called
>       from various place. now both ->mm and ->in_exec_mm are protected
>       task_lock() and it help to avoid messy.

Yes. But, if ->in_exec_mm is only used by oom_badness(), then I think
you can use task_lock(tsk->group_leader). oom_badness() needs tasklist
anyway, this means it can't race with de_thread() changing the leader.
But up to you.

Another very minor nit (but again, up to you). Perhaps exec_mmap()
could clear ->in_exec_mm (in task_struct or signal_struct, this doesnt
matter), it takes task_lock(current) anyway (and at this point current
is always the group leader).

> Let's move ->cred_guard_mutex from task_struct to signal_struct. It
> naturally prevent multiple-threads-inside-exec.

Reviewed-by: Oleg Nesterov <oleg@redhat.com>

This is very minor, but perhaps you can also fix a couple of comments
which mention task->cred_guard_mutex,

	fs/exec.c:1109		the caller must hold current->cred_guard_mutex
	kernel/cred.c:328	The caller must hold current->cred_guard_mutex
	include/linux/tracehook.h:153	@task->cred_guard_mutex

Oleg.

next prev parent reply	other threads:[~2010-09-10 17:29 UTC|newest]

Thread overview: 62+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-08-27 22:02 [PATCH] exec argument expansion can inappropriately trigger OOM-killer Kees Cook
2010-08-30  0:19 ` KOSAKI Motohiro
2010-08-30  0:56 ` Roland McGrath
2010-08-30  3:23   ` Solar Designer
2010-08-30  3:23     ` Solar Designer
2010-08-30 10:06     ` Roland McGrath
2010-08-30 19:48       ` Solar Designer
2010-08-31  0:40         ` Roland McGrath
2010-09-08  2:34       ` [PATCH 0/3] execve argument-copying fixes Roland McGrath
2010-09-08  2:35         ` [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath
2010-09-08  8:29           ` pageexec
2010-09-10  8:59             ` Roland McGrath
2010-09-10  8:59               ` Roland McGrath
2010-09-11 13:30               ` pageexec
2010-09-11 13:30                 ` pageexec-Y8qEzhMunLyT9ig0jae3mg
2010-09-14 19:33                 ` Roland McGrath
2010-09-14 22:35                   ` pageexec
2010-09-14 22:35                     ` pageexec-Y8qEzhMunLyT9ig0jae3mg
2010-09-08 11:57           ` Brad Spengler
2010-09-09  5:31             ` KOSAKI Motohiro
2010-09-10  9:25               ` Roland McGrath
2010-09-10  9:25                 ` Roland McGrath
2010-09-10  9:43                 ` KOSAKI Motohiro
2010-09-11 13:39                 ` pageexec
2010-09-11 13:39                   ` pageexec-Y8qEzhMunLyT9ig0jae3mg
2010-09-14 18:51                   ` Roland McGrath
2010-09-14 18:51                     ` Roland McGrath
2010-09-14 20:28                     ` pageexec
2010-09-14 20:28                       ` pageexec-Y8qEzhMunLyT9ig0jae3mg
2010-09-14 21:16                       ` Roland McGrath
2010-09-14 21:16                         ` Roland McGrath
2010-09-14 22:27                         ` pageexec
2010-09-14 22:27                           ` pageexec-Y8qEzhMunLyT9ig0jae3mg
2010-09-14 23:04                           ` Roland McGrath
2010-09-14 23:04                             ` Roland McGrath
2010-09-15  9:27                             ` pageexec
2010-09-15  9:27                               ` pageexec-Y8qEzhMunLyT9ig0jae3mg
2010-09-10  9:18             ` Roland McGrath
2010-09-10  9:18               ` Roland McGrath
2010-09-08  2:36         ` [PATCH 2/3] execve: improve interactivity with large arguments Roland McGrath
2010-09-08  2:37         ` [PATCH 3/3] execve: make responsive to SIGKILL " Roland McGrath
2010-09-08  3:00         ` [PATCH 0/3] execve argument-copying fixes KOSAKI Motohiro
2010-09-09  5:01         ` [PATCH 0/2] execve memory exhaust of " KOSAKI Motohiro
2010-09-09  5:03           ` [PATCH 1/2] oom: don't ignore rss in nascent mm KOSAKI Motohiro
2010-09-09 22:05             ` Oleg Nesterov
2010-09-10  9:39               ` Roland McGrath
2010-09-10  9:39                 ` Roland McGrath
2010-09-10  9:57               ` [PATCH] move cred_guard_mutex from task_struct to signal_struct KOSAKI Motohiro
2010-09-10 17:24                 ` Oleg Nesterov [this message]
2010-09-16  5:51                   ` KOSAKI Motohiro
2010-09-09  5:04           ` [PATCH 2/2] execve: check the VM has enough memory at first KOSAKI Motohiro
2010-09-10 15:06             ` Linus Torvalds
2010-09-14  1:52               ` KOSAKI Motohiro
2010-09-16  5:51                 ` KOSAKI Motohiro
2010-09-16 15:01                   ` Linus Torvalds
2010-08-30 17:49     ` [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer
2010-08-30 17:49       ` Solar Designer
2010-08-30 22:08       ` Brad Spengler
2010-08-30 22:08         ` Brad Spengler
2010-08-31 11:53         ` Solar Designer
2010-08-31 11:53           ` Solar Designer
2010-08-31 11:56         ` [PATCH] exec argument expansion can inappropriately triggerOOM-killer Tetsuo Handa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100910172457.GA23393@redhat.com \
    --to=oleg@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=eugene@redhat.com \
    --cc=kamezawa.hiroyu@jp.fujitsu.com \
    --cc=kees.cook@canonical.com \
    --cc=kosaki.motohiro@jp.fujitsu.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nhorman@tuxdriver.com \
    --cc=oss-security@lists.openwall.com \
    --cc=pageexec@freemail.hu \
    --cc=roland@redhat.com \
    --cc=solar@openwall.com \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.