From: Oleg Nesterov <oleg@redhat.com>
To: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Matt Helsley <matthltc@us.ibm.com>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Pavel Emelyanov <xemul@parallels.com>,
Kees Cook <keescook@chromium.org>, Tejun Heo <tj@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [RFC] c/r: prctl: Add ability to set new mm_struct::exe_file v3
Date: Fri, 9 Mar 2012 14:47:32 +0100 [thread overview]
Message-ID: <20120309134732.GA3696@redhat.com> (raw)
In-Reply-To: <20120309133555.GA23040@moon>
On 03/09, Cyrill Gorcunov wrote:
>
> On Fri, Mar 09, 2012 at 04:57:35PM +0400, Cyrill Gorcunov wrote:
> >
> > yeah, thanks, will update.
> >
>
> This one should fit all requirements I hope.
Oh, sorry Cyrill, I simply can't resist...
> +static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
> +{
> + struct file *exe_file;
> + struct dentry *dentry;
> + int err;
> +
> + if (mm->num_exe_file_vmas)
> + return -EBUSY;
> +
> + exe_file = fget(fd);
> + if (!exe_file)
> + return -EBADF;
> +
> + dentry = exe_file->f_path.dentry;
> +
> + /*
> + * Because the original mm->exe_file
> + * points to executable file, make sure
> + * this one is executable as well to not
> + * break an overall picture.
> + */
> + err = -EACCES;
> + if (!S_ISREG(dentry->d_inode->i_mode) ||
> + exe_file->f_path.mnt->mnt_flags & MNT_NOEXEC)
> + goto exit;
> +
> + err = inode_permission(dentry->d_inode, MAY_EXEC);
> + if (err)
> + goto exit;
> +
> + /*
> + * Setting new mm::exe_file is only allowed
> + * when no VM_EXECUTABLE vma's left. This is
> + * a special C/R case when a restored program
> + * need to change own /proc/$pid/exe symlink.
> + * After this call mm::num_exe_file_vmas become
> + * meaningless. If mm::num_exe_file_vmas will
> + * ever increase back from zero -- this code
> + * needs to be revised, thus WARN_ here, just
> + * to be sure.
To be shure in what??
> + */
> + down_write(&mm->mmap_sem);
> + WARN_ON_ONCE(mm->num_exe_file_vmas);
We already checked it is zero. Yes, it shouldn't grow. But why
do we need another check here?
If it can grow, it can grow after we drop mmap_sem as well and
this would be wrong. So may be we need another WARN_ON() at the
end?
I'd understand if you add something like
WARN_ON(!mm->num_exe_file_vmas && !current->in_exec);
into added_exe_file_vma().
Or
WARN_ON(mm->num_exe_file_vmas <= 0);
into removed_exe_file_vma().
But imho your WARN looks like "OK, I checked it lockless but I
am not sure this is correct".
Oleg.
next prev parent reply other threads:[~2012-03-09 13:54 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-08 16:51 [RFC] c/r: prctl: Add ability to set new mm_struct::exe_file v3 Cyrill Gorcunov
2012-03-08 18:26 ` Oleg Nesterov
2012-03-08 19:03 ` Cyrill Gorcunov
2012-03-08 19:05 ` Oleg Nesterov
2012-03-08 19:25 ` Cyrill Gorcunov
2012-03-08 19:25 ` Oleg Nesterov
2012-03-08 19:36 ` Cyrill Gorcunov
2012-03-08 21:48 ` Cyrill Gorcunov
2012-03-09 12:48 ` Oleg Nesterov
2012-03-09 12:57 ` Cyrill Gorcunov
2012-03-09 13:35 ` Cyrill Gorcunov
2012-03-09 13:47 ` Oleg Nesterov [this message]
2012-03-09 14:13 ` Cyrill Gorcunov
2012-03-09 14:26 ` Oleg Nesterov
2012-03-09 14:42 ` Cyrill Gorcunov
2012-03-09 15:21 ` Oleg Nesterov
2012-03-09 15:42 ` Cyrill Gorcunov
2012-03-09 22:02 ` Matt Helsley
2012-03-09 22:39 ` Cyrill Gorcunov
2012-03-09 23:59 ` Matt Helsley
2012-03-10 7:48 ` Cyrill Gorcunov
2012-03-13 2:45 ` Matt Helsley
2012-03-13 6:26 ` Cyrill Gorcunov
2012-03-13 7:18 ` Cyrill Gorcunov
2012-03-13 15:43 ` Oleg Nesterov
2012-03-13 16:00 ` Cyrill Gorcunov
2012-03-13 16:04 ` Cyrill Gorcunov
2012-03-13 16:44 ` Oleg Nesterov
2012-03-14 1:41 ` Matt Helsley
2012-03-14 5:47 ` Cyrill Gorcunov
2012-03-14 22:21 ` Matt Helsley
2012-03-14 22:48 ` Cyrill Gorcunov
2012-03-14 0:36 ` Matt Helsley
2012-03-09 21:46 ` Matt Helsley
2012-03-09 21:52 ` Cyrill Gorcunov
2012-03-08 19:31 ` Kees Cook
2012-03-08 19:40 ` Cyrill Gorcunov
2012-03-08 20:02 ` Andy Lutomirski
2012-03-08 20:06 ` Kees Cook
2012-03-08 20:07 ` Cyrill Gorcunov
2012-03-08 20:15 ` Andy Lutomirski
2012-03-08 20:21 ` Cyrill Gorcunov
2012-03-08 20:24 ` Andy Lutomirski
2012-03-08 20:28 ` Cyrill Gorcunov
2012-03-08 21:57 ` Cyrill Gorcunov
2012-03-08 22:03 ` Kees Cook
2012-03-08 22:12 ` Cyrill Gorcunov
2012-03-08 22:14 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120309134732.GA3696@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=gorcunov@openvz.org \
--cc=keescook@chromium.org \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=matthltc@us.ibm.com \
--cc=tj@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.