From: Cyrill Gorcunov <gorcunov@gmail.com>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Kees Cook <keescook@chromium.org>, Tejun Heo <tj@kernel.org>,
Andrew Vagin <avagin@openvz.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Serge Hallyn <serge.hallyn@canonical.com>,
Pavel Emelyanov <xemul@parallels.com>,
Vasiliy Kulikov <segoon@openwall.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Julien Tinnes <jln@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: + prctl-pr_set_mm-introduce-pr_set_mm_map-operation-v3.patch added to -mm tree
Date: Sat, 23 Aug 2014 16:22:14 +0400 [thread overview]
Message-ID: <20140823122214.GF25918@moon> (raw)
In-Reply-To: <20140823115302.GA27587@redhat.com>
On Sat, Aug 23, 2014 at 01:53:02PM +0200, Oleg Nesterov wrote:
> >
> > It should protect from allocation/devetion/mergin of another vma. IOW when
> > I lookup for vma I need to be sure it exist and won't disappear at least
> > while I validate it.
>
> plus you need mmap_sem (at least for reading) when you update mm_struct,
> this is clear.
>
> My question was why the whole function should be called under mmap_sem?
> It could take it only around find_vma() + check(RLIMIT_STACK) ?
Stricktly speaking yes, but don't forget we might need to update
exe::file as well which requires lock to be taken. So it is simplier
to take the read-lock for the whole function.
> In fact I do not think we need this vma_stack/RLIMIT_STACK check at all.
> It buys nithing and looks strange. RLIMIT_STACK is mostly for self-debugging,
> to catch the, say, unlimited recursion. An application can trivially
> create a stack region of arbitrary size. I'd seriously suggest to remove it.
Look, allocate stack for self is not a problem (we do this for our parasite
code which executes inside dumpee address space) but RLIMIT_STACK check is
present in ipc shmem so I think we still need this check in a sake of
consistency. (note this code doesn't require any special caps so I need
to use as much checks/tests as possible).
>
> > > > + if (prctl_map.auxv_size) {
> > > > + /* Last entry must be AT_NULL as specification requires */
> > > > + user_auxv[AT_VECTOR_SIZE - 2] = AT_NULL;
> > > > + user_auxv[AT_VECTOR_SIZE - 1] = AT_NULL;
> > > > +
> > > > + task_lock(current);
> > > > + memcpy(mm->saved_auxv, user_auxv, sizeof(user_auxv));
> > > > + task_unlock(current);
> > >
> > > Again, could you explain this task_lock() ?
> >
> > It is used for serialization access to saved_auxv, ie when we fill it
> > with new data the other reader (via procfs interface) should wait until
> > we finish.
>
> But proc_pid_auxv() doesn't take this lock? And even if it did, this lock
> can't help. task_lock() is per-thread, and multiple threads (including
> CLONE_VM tasks, vfork() for example) can share the same ->mm.
>
> This certainly doesn't look right.
It takes this lock but indeed this won't help much. Looks like I need
to use cred_guard_mutex instead of task_lock here, no?
next prev parent reply other threads:[~2014-08-23 12:22 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-22 19:22 + prctl-pr_set_mm-introduce-pr_set_mm_map-operation-v3.patch added to -mm tree Oleg Nesterov
2014-08-22 20:15 ` Cyrill Gorcunov
2014-08-23 11:53 ` Oleg Nesterov
2014-08-23 12:22 ` Cyrill Gorcunov [this message]
2014-08-23 13:14 ` Oleg Nesterov
2014-08-23 13:30 ` Oleg Nesterov
2014-08-23 14:18 ` Cyrill Gorcunov
2014-08-23 15:32 ` Oleg Nesterov
2014-08-23 16:33 ` Cyrill Gorcunov
2014-08-23 19:29 ` Oleg Nesterov
2014-08-23 20:11 ` Cyrill Gorcunov
-- strict thread matches above, loose matches on Subject: below --
2014-08-21 22:51 akpm
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140823122214.GF25918@moon \
--to=gorcunov@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=avagin@openvz.org \
--cc=ebiederm@xmission.com \
--cc=hpa@zytor.com \
--cc=jln@google.com \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=oleg@redhat.com \
--cc=segoon@openwall.com \
--cc=serge.hallyn@canonical.com \
--cc=tj@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.