From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Waiman Long <longman@redhat.com>,
Christian Brauner <brauner@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Jens Axboe <axboe@kernel.dk>, Alexey Gladkov <legion@kernel.org>,
David Hildenbrand <david@redhat.com>,
Jann Horn <jannh@google.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] copy_process(): Move fd_install() out of sighand->siglock critical section
Date: Tue, 08 Feb 2022 16:25:02 -0600 [thread overview]
Message-ID: <87czjxdmip.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <YgLr2GEXgz/TxdUA@zeniv-ca.linux.org.uk> (Al Viro's message of "Tue, 8 Feb 2022 22:16:56 +0000")
Al Viro <viro@zeniv.linux.org.uk> writes:
> On Tue, Feb 08, 2022 at 03:59:06PM -0600, Eric W. Biederman wrote:
>
>> The fd is being installed in the fdtable of the parent process,
>> and the siglock and tasklist_lock are held to protect the child.
>>
>>
>> Further fd_install is exposing the fd to userspace where it can be used
>> by the process_madvise and the process_mrelease system calls, from
>> anything that shares the fdtable of the parent thread. Which means it
>> needs to be guaranteed that kernel_clone will call wake_up_process
>> before it is safe to call fd_install.
>
> You mean "no calling fd_install() until after we are past the last possible
> failure exit, by which point we know that wake_up_process() will eventually
> be called", hopefully? If so (as I assumed all along), anything downstream
> of
> if (fatal_signal_pending(current)) {
> retval = -EINTR;
> goto bad_fork_cancel_cgroup;
> }
>
> should be fine...
Except for the problems of calling fd_install under siglock, and
tasklist_lock, which protect nothing and cause lockdep splats.
There may also be assumptions on the task actually being fully setup,
if not today then in a future use pidfd. So I am not particularly
comfortable with fd_install coming before we drop tasklist_lock.
I was pointing out that to resolve the locking issue we fundamentally
can not move the fd_install earlier, to resolve the locking issues.
Eric
next prev parent reply other threads:[~2022-02-08 22:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-08 16:39 [PATCH] copy_process(): Move fd_install() out of sighand->siglock critical section Waiman Long
2022-02-08 18:16 ` Al Viro
2022-02-08 18:51 ` Waiman Long
2022-02-08 19:07 ` Al Viro
2022-02-08 21:59 ` Eric W. Biederman
2022-02-08 22:16 ` Al Viro
2022-02-08 22:25 ` Eric W. Biederman [this message]
2022-02-09 16:25 ` Waiman Long
2022-02-11 8:27 ` Christian Brauner
2022-02-09 22:18 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87czjxdmip.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=david@redhat.com \
--cc=jannh@google.com \
--cc=legion@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.