From: Al Viro <viro@ZenIV.linux.org.uk>
To: Sasha Levin <levinsasha928@gmail.com>
Cc: linux-fsdevel@vger.kernel.org,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: vfs: INFO: possible circular locking dependency detected
Date: Wed, 9 May 2012 17:37:32 +0100 [thread overview]
Message-ID: <20120509163732.GN22082@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20120509162854.GM22082@ZenIV.linux.org.uk>
On Wed, May 09, 2012 at 05:28:54PM +0100, Al Viro wrote:
> On Wed, May 09, 2012 at 06:23:30PM +0200, Sasha Levin wrote:
> > On Wed, May 9, 2012 at 6:12 PM, Al Viro <viro@zeniv.linux.org.uk> wrote:
> > > On Wed, May 09, 2012 at 05:25:14PM +0200, Sasha Levin wrote:
> > >> Hi all,
> > >>
> > >> I've started seeing the following warning while fuzzing inside a KVM guest with the latest -next:
> > > ? ? ? ?It's not a realistic attack, fortunately, since you need root
> > > to get past open_exec() on any of those... ?Wait. ?How _did_ you get
> > > past open_exec(), anyway? ?MAY_EXEC is not supposed to be granted on
> > > anything that has no exec bits at all and AFAICS none of those files
> > > have them.
> >
> > You could chmod +x and run them, no?
>
> Can't. proc_setattr() will give you -EPERM and refuse to do anything
> if you call it with ATTR_MODE in ->ia_valid.
OTOH, you probably can do that on unrelated seq_file outside of per-process
part of procfs. So, yes, one could get a warning like that if they, as root,
would do e.g.
chmod +x /proc/swaps
attempt to execve() /proc/swaps
cat /proc/self/environ
and enjoy the hard-earned false positive (it's a different seq_file, so
we have no deadlock). If that's _all_ that happened, I'm not particulary
concerned; it's not pretty, but saying "thou shalt not grab ->cred_guard_mutex
anywhere in ->read() on anything that has exec bits or might get one" is
not too terrible. If that's something else, though, we might have a real
problem...
next prev parent reply other threads:[~2012-05-09 16:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-09 15:25 vfs: INFO: possible circular locking dependency detected Sasha Levin
2012-05-09 16:12 ` Al Viro
2012-05-09 16:23 ` Sasha Levin
2012-05-09 16:28 ` Al Viro
2012-05-09 16:36 ` Sasha Levin
2012-05-09 16:37 ` Al Viro [this message]
2012-05-09 17:13 ` Sasha Levin
2012-05-09 18:49 ` Dave Jones
2012-05-09 18:49 ` Dave Jones
2012-05-09 16:25 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120509163732.GN22082@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=levinsasha928@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.