Re: [PATCH 6/7] mm: kill vma flag VM_EXECUTABLE

[Konstantin Khlebnikov <khlebnikov@openvz.org>]

[-- Attachment #1: Type: text/plain, Size: 900 bytes --]

Cyrill Gorcunov wrote:
> On Mon, Apr 02, 2012 at 08:19:59PM +0400, Konstantin Khlebnikov wrote:
>> Oleg Nesterov wrote:
>>> On 04/02, Konstantin Khlebnikov wrote:
>>>>
>>>> In this patch I leave mm->exe_file lockless.
>>>> After exec/fork we can change it only for current task and only if mm->mm_users == 1.
>>>>
>>>> something like this:
>>>>
>>>> task_lock(current);
>>>
>>> OK, this protects against the race with get_task_mm()
>>>
>>>> if (atomic_read(&current->mm->mm_users) == 1)
>>>
>>> this means PR_SET_MM_EXE_FILE can fail simply because someone did
>>> get_task_mm(). Or the caller is multithreaded.
>>
>> This is sad, seems like we should keep mm->exe_file protection by mm->mmap_sem.
>> So, I'll rework this patch...
>
> Ah, it's about locking. I misundertand it at first.
> Oleg, forget about my email then.

Yes, it's about locking. Please review patch for your code from attachment.

[-- Attachment #2: diff-pr-set-mm-exe-file-without-vm_executable --]
[-- Type: text/plain, Size: 2121 bytes --]

diff --git a/include/linux/sched.h b/include/linux/sched.h
index cff94cd..4a41270 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -437,6 +437,7 @@ extern int get_dumpable(struct mm_struct *mm);
 					/* leave room for more dump flags */
 #define MMF_VM_MERGEABLE	16	/* KSM may merge identical pages */
 #define MMF_VM_HUGEPAGE		17	/* set when VM_HUGEPAGE is set on vma */
+#define MMF_EXE_FILE_CHANGED	18	/* see prctl(PR_SET_MM_EXE_FILE) */
 
 #define MMF_INIT_MASK		(MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK)
 
diff --git a/kernel/sys.c b/kernel/sys.c
index da660f3..b217069 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1714,17 +1714,11 @@ static bool vma_flags_mismatch(struct vm_area_struct *vma,
 
 static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
 {
+	struct vm_area_struct *vma;
 	struct file *exe_file;
 	struct dentry *dentry;
 	int err;
 
-	/*
-	 * Setting new mm::exe_file is only allowed when no VM_EXECUTABLE vma's
-	 * remain. So perform a quick test first.
-	 */
-	if (mm->num_exe_file_vmas)
-		return -EBUSY;
-
 	exe_file = fget(fd);
 	if (!exe_file)
 		return -EBADF;
@@ -1745,17 +1739,28 @@ static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
 	if (err)
 		goto exit;
 
+	down_write(&mm->mmap_sem);
+	/*
+	 * Forbid mm->exe_file change if there are mapped some other files.
+	 */
+	err = -EEXIST;
+	for (vma = mm->mmap; vma; vma = vma->vm_next) {
+		if (vma->vm_file &&
+		    !path_equal(&vma->vm_file->f_path, &exe_file->f_path))
+			goto out_unlock;
+	}
 	/*
 	 * The symlink can be changed only once, just to disallow arbitrary
 	 * transitions malicious software might bring in. This means one
 	 * could make a snapshot over all processes running and monitor
 	 * /proc/pid/exe changes to notice unusual activity if needed.
 	 */
-	down_write(&mm->mmap_sem);
-	if (likely(!mm->exe_file))
-		set_mm_exe_file(mm, exe_file);
-	else
-		err = -EBUSY;
+	err = -EBUSY;
+	if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags))
+		goto out_unlock;
+	set_mm_exe_file(mm, exe_file);
+	err = 0;
+out_unlock:
 	up_write(&mm->mmap_sem);
 
 exit: