From: Oleg Nesterov <oleg@redhat.com>
To: Stephen Wilson <wilsons@start.ca>, Al Viro <viro@zeniv.linux.org.uk>
Cc: Johannes Weiner <jweiner@redhat.com>, linux-kernel@vger.kernel.org
Subject: Q: proc: hold cred_guard_mutex in check_mem_permission()
Date: Wed, 28 Sep 2011 22:20:20 +0200 [thread overview]
Message-ID: <20110928202020.GA3164@redhat.com> (raw)
Another change we probably need to backport, 18f661bc
"proc: hold cred_guard_mutex in check_mem_permission()".
>From the changelog:
Avoid a potential race when task exec's and we get a new ->mm but
check against the old credentials in ptrace_may_access().
Could you please explain? How can we race with exec?
This task is either current, or it is TASK_TRACED and we are the
tracer. In the latter case nobody can resume it except SIGKILL.
And the killed task obviously can't exec.
Afaics, all we need is: we should read task->mm after the
task_is_traced() check, we do not need the mutex.
IOW, what do you think about the patch below? I have no idea how
can I test it (and it wasn't even applied/compiled).
Also, I'd appreciate if you can explain the PTRACE_MODE_ATTACH
check. Again, we are already the tracer.
Oleg.
--- x/fs/proc/base.c
+++ x/fs/proc/base.c
@@ -194,38 +194,31 @@ static int proc_root_link(struct inode *
return result;
}
-static struct mm_struct *__check_mem_permission(struct task_struct *task)
+static int __check_mem_permission(struct task_struct *task)
{
- struct mm_struct *mm;
-
- mm = get_task_mm(task);
- if (!mm)
- return ERR_PTR(-EINVAL);
-
/*
* A task can always look at itself, in case it chooses
* to use system calls instead of load instructions.
*/
if (task == current)
- return mm;
+ return 0;
/*
* If current is actively ptrace'ing, and would also be
* permitted to freshly attach with ptrace now, permit it.
*/
- if (task_is_stopped_or_traced(task)) {
+ if (task_is_traced(task)) {
int match;
rcu_read_lock();
match = (ptrace_parent(task) == current);
rcu_read_unlock();
if (match && ptrace_may_access(task, PTRACE_MODE_ATTACH))
- return mm;
+ return 0;
}
/*
* No one else is allowed.
*/
- mmput(mm);
return ERR_PTR(-EPERM);
}
@@ -238,18 +231,11 @@ static struct mm_struct *check_mem_permi
struct mm_struct *mm;
int err;
- /*
- * Avoid racing if task exec's as we might get a new mm but validate
- * against old credentials.
- */
- err = mutex_lock_killable(&task->signal->cred_guard_mutex);
+ err = __check_mem_permission(task);
if (err)
return ERR_PTR(err);
- mm = __check_mem_permission(task);
- mutex_unlock(&task->signal->cred_guard_mutex);
-
- return mm;
+ return get_task_mm(task) ?: ERR_PTR(-EINVAL);
}
struct mm_struct *mm_for_maps(struct task_struct *task)
next reply other threads:[~2011-09-28 20:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-28 20:20 Oleg Nesterov [this message]
2011-09-29 7:13 ` Q: proc: hold cred_guard_mutex in check_mem_permission() Stephen Wilson
2011-09-29 11:48 ` Oleg Nesterov
2011-09-30 1:05 ` Stephen Wilson
2011-09-30 14:02 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110928202020.GA3164@redhat.com \
--to=oleg@redhat.com \
--cc=jweiner@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=wilsons@start.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.