From: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
To: oleg@redhat.com, akpm@linux-foundation.org
Cc: kosaki.motohiro@jp.fujitsu.com, viro@ZenIV.linux.org.uk,
keescook@chromium.org, mhocko@suse.cz, snanda@chromium.org,
dserrg@gmail.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/4] check_unsafe_exec: kill the dead -EAGAIN and clear_in_exec logic
Date: Fri, 22 Nov 2013 15:27:14 -0500 [thread overview]
Message-ID: <528FBE22.5030208@jp.fujitsu.com> (raw)
In-Reply-To: <20131122175442.GA31453@redhat.com>
(11/22/2013 12:54 PM), Oleg Nesterov wrote:
> fs_struct->in_exec == T means that this ->fs is used by a single
> process (thread group), and one of the treads does do_execve().
>
> To avoid the mt-exec races this code has the following complications:
>
> 1. check_unsafe_exec() returns -EBUSY if ->in_exec was
> already set by another thread.
>
> 2. do_execve_common() records "clear_in_exec" to ensure
> that the error path can only clear ->in_exec if it was
> set by current.
>
> However, after 9b1bf12d5d51 "signals: move cred_guard_mutex from
> task_struct to signal_struct" we do not need these complications:
>
> 1. We can't race with our sub-thread, this is called under
> per-process ->cred_guard_mutex. And we can't race with
> another CLONE_FS task, we already checked that this fs
> is not shared.
>
> We can remove the dead -EAGAIN logic.
>
> 2. "out_unmark:" in do_execve_common() is either called
> under ->cred_guard_mutex, or after de_thread() which
> kills other threads, so we can't race with sub-thread
> which could set ->in_exec. And if ->fs is shared with
> another process ->in_exec should be false anyway.
>
> We can clear in_exec unconditionally.
>
> This also means that check_unsafe_exec() can be void.
>
> Signed-off-by: Oleg Nesterov <oleg@redhat.com>
I have found no problem in this patch. However, I have a very basic question.
Why do we need to keep fs->in_exec? If I understand correctly, it is needed for
retrieving fork() and exec() race in the same process. If it is correct,
can't we move it it to signal->in_exec? It seems to match signal->cred_guard_mutex
and _I_ can easily understand what the code want.
In the other words, currently we have no protection against making new thread when
p->fs is shared w/ another process and I have no idea why multi process sharing influence
multi thread behavior.
I am not expert in this area and I may overlook something. Please correct me if I am silly.
next prev parent reply other threads:[~2013-11-22 20:27 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-22 17:54 [PATCH 0/4] in_exec/etc cleanups Oleg Nesterov
2013-11-22 17:54 ` [PATCH 1/4] check_unsafe_exec: use while_each_thread() rather than next_thread() Oleg Nesterov
2013-11-22 19:42 ` KOSAKI Motohiro
2013-11-22 20:24 ` Oleg Nesterov
2013-11-22 20:32 ` KOSAKI Motohiro
2013-11-22 17:54 ` [PATCH 2/4] check_unsafe_exec: kill the dead -EAGAIN and clear_in_exec logic Oleg Nesterov
2013-11-22 20:27 ` KOSAKI Motohiro [this message]
2013-11-22 20:49 ` Oleg Nesterov
2013-11-22 21:00 ` KOSAKI Motohiro
2013-11-23 15:32 ` Oleg Nesterov
2013-11-22 17:54 ` [PATCH 3/4] exec: move the final allow_write_access/fput into free_bprm() Oleg Nesterov
2013-11-22 20:29 ` KOSAKI Motohiro
2013-11-23 19:22 ` Kees Cook
2013-11-22 17:54 ` [PATCH 4/4] kill task_struct->did_exec Oleg Nesterov
2013-11-22 19:46 ` KOSAKI Motohiro
2013-11-22 20:33 ` [PATCH v2 " Oleg Nesterov
2013-11-22 20:33 ` KOSAKI Motohiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=528FBE22.5030208@jp.fujitsu.com \
--to=kosaki.motohiro@jp.fujitsu.com \
--cc=akpm@linux-foundation.org \
--cc=dserrg@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.cz \
--cc=oleg@redhat.com \
--cc=snanda@chromium.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.