From: John Johansen <john.johansen@canonical.com>
To: Richard Guy Briggs <rgb@redhat.com>
Cc: Oleg Nesterov <oleg@redhat.com>,
linux-audit@redhat.com, linux-kernel@vger.kernel.org,
Eric Paris <eparis@redhat.com>, Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH 03/12] pid: get ppid pid_t of task in init_pid_ns safely
Date: Fri, 30 Aug 2013 13:37:09 -0700 [thread overview]
Message-ID: <52210275.8040601@canonical.com> (raw)
In-Reply-To: <20130830195646.GJ21110@madcap2.tricolour.ca>
On 08/30/2013 12:56 PM, Richard Guy Briggs wrote:
> On Tue, Aug 27, 2013 at 07:21:55PM +0200, Oleg Nesterov wrote:
>> On 08/20, Richard Guy Briggs wrote:
>>>
>>> Added the functions
>>> task_ppid()
>>> task_ppid_nr_ns()
>>> task_ppid_nr_init_ns()
>>> to safely abstract the lookup of the PPID
>>
>> but it is not safe.
>>
>>> +static inline struct pid *task_ppid(struct task_struct *task)
>>> +{
>>> + return task_tgid(rcu_dereference(current->real_parent));
>> ^^^^^^^
>> task?
>
> Yup, thanks for those two catches.
>
>>> + rcu_read_unlock();
>>
>> And why this is safe?
>>
>> rcu_read_lock() can't help if tsk was already dead _before_ it takes
>> the rcu lock. ->real_parent can point the already freed/reused/unmapped
>> memory.
>
> Does it not bump a refcount if it is holding a pointer to it? So the
> parent task might be dead, but it won't cause a pointer dereference
> issue.
>
>> This is safe if, for example, the caller alredy holds rcu_read_lock()
>> and tsk was found by find_task_by*(), or tsk is current.
>
> Fair enough, I'll have a more careful look at this. Thanks.
>
> Most of the instances are current, but the one called from apparmour is
> stored. I've just learned that this is bad and someone else just chimed
> in that they have a patch to remove it...
the apparmor case isn't actually stored long term. The stored task will be
a parameter that was passed into an lsm hook and the buffer that it is
stored in dies before the hook is done. Its temporarily stored in the
struct so that it can be passed into the lsm_audit fn, and printed into an
allocated audit buffer. The text version in the audit buffer is what will
exist beyond the hook.
There are three patches, I'll reply them below once I have finished rebasing
them to apply to the current tree instead of my dev tree.
next prev parent reply other threads:[~2013-08-30 20:37 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-20 21:31 [PATCH 00/12] RFC: steps to make audit pid namespace-safe Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 01/12] audit: Kill the unused struct audit_aux_data_capset Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 02/12] audit: fix netlink portid naming and types Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 03/12] pid: get ppid pid_t of task in init_pid_ns safely Richard Guy Briggs
2013-08-27 17:21 ` Oleg Nesterov
2013-08-30 19:56 ` Richard Guy Briggs
2013-08-30 20:37 ` John Johansen [this message]
2013-08-30 22:41 ` [PATCH 1/3] apparmor: fix capability to not use the current task, during reporting John Johansen
2013-08-30 22:42 ` [PATCH 2/3] apparmor: remove tsk field from the apparmor_audit_struct John Johansen
2013-08-30 22:43 ` [PATCH 03/3] apparmor: remove parent task info from audit logging John Johansen
2013-09-03 18:31 ` [PATCH 03/12] pid: get ppid pid_t of task in init_pid_ns safely Richard Guy Briggs
2013-12-11 14:47 ` Richard Guy Briggs
2013-12-11 16:44 ` John Johansen
2013-12-11 17:19 ` Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 04/12] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 05/12] pid: get pid_t of task in init_pid_ns correctly Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 06/12] audit: Simplify and correct audit_log_capset Richard Guy Briggs
2013-08-20 21:31 ` [PATCH 07/12] audit: store audit_pid as a struct pid pointer Richard Guy Briggs
2013-08-20 21:32 ` [PATCH 08/12] audit: anchor all pid references in the initial pid namespace Richard Guy Briggs
2013-08-20 21:32 ` [PATCH 09/12] pid: modify task_pid_nr to work without task->pid Richard Guy Briggs
2013-12-16 21:03 ` [PATCH] pid: change task_struct::pid to read-only Richard Guy Briggs
2013-12-17 9:58 ` Peter Zijlstra
[not found] ` <20131220044826.GF14944@madcap2.tricolour.ca>
2013-12-20 4:48 ` Richard Guy Briggs
2013-12-17 9:59 ` Peter Zijlstra
2013-12-17 15:36 ` Oleg Nesterov
2013-12-17 15:40 ` Oleg Nesterov
2013-12-20 19:01 ` Oleg Nesterov
2013-12-20 20:19 ` Richard Guy Briggs
2013-12-20 21:33 ` Peter Zijlstra
2013-12-22 16:03 ` Oleg Nesterov
2014-01-23 19:24 ` Richard Guy Briggs
[not found] ` <20131220140417.GE14884@madcap2.tricolour.ca>
2014-01-23 19:32 ` [PATCH 0/7][RFC] pid: changes to support audit Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 1/7] pid: change task_struct::pid to read-only Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 2/7] compiler: CONST_CAST makes writing const vars easier and obvious Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 3/7] pid: use the CONST_CAST macro instead to write to const task_struct::pid Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 4/7] pid: modify task_tgid_nr to work without task->tgid Richard Guy Briggs
2014-02-20 18:35 ` Oleg Nesterov
2014-02-21 20:47 ` Richard Guy Briggs
2014-02-24 18:40 ` Oleg Nesterov
2014-01-23 19:32 ` [PATCH 5/7] pid: rewrite task helper function is_global_init() avoiding task->pid Richard Guy Briggs
2014-02-20 18:39 ` Oleg Nesterov
2014-02-21 16:10 ` Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 6/7] pid: mark struct task const in helper functions Richard Guy Briggs
2014-01-23 19:32 ` [PATCH 7/7] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
2014-02-20 19:01 ` Oleg Nesterov
2014-02-21 18:10 ` Richard Guy Briggs
2014-02-24 18:32 ` Oleg Nesterov
2014-03-17 20:14 ` Tony Luck
2014-03-17 20:15 ` Eric Paris
2014-01-23 21:25 ` [PATCH 0/7][RFC] pid: changes to support audit Peter Zijlstra
2014-01-24 6:14 ` Richard Guy Briggs
2014-01-24 8:52 ` Peter Zijlstra
2014-01-24 14:31 ` Richard Guy Briggs
2014-02-19 16:18 ` Richard Guy Briggs
2014-02-19 17:47 ` Oleg Nesterov
2014-02-19 18:15 ` Richard Guy Briggs
2014-02-20 19:08 ` Oleg Nesterov
2013-08-20 21:32 ` [PATCH 10/12] pid: modify task_tgid_nr to work without task->tgid Richard Guy Briggs
2013-08-20 21:32 ` [PATCH 11/12] pid: rewrite task helper functions avoiding task->pid and task->tgid Richard Guy Briggs
2013-08-22 19:08 ` Oleg Nesterov
2013-08-26 22:07 ` Richard Guy Briggs
2013-08-27 16:15 ` Oleg Nesterov
2013-12-16 17:35 ` Richard Guy Briggs
2013-12-16 21:05 ` Oleg Nesterov
2013-12-16 22:20 ` Richard Guy Briggs
2013-12-17 9:34 ` Peter Zijlstra
2013-12-17 9:48 ` Peter Zijlstra
2013-12-20 4:54 ` Richard Guy Briggs
2013-08-22 20:05 ` Peter Zijlstra
2013-08-22 21:43 ` Richard Guy Briggs
2013-08-23 6:36 ` Peter Zijlstra
2013-08-27 2:37 ` Richard Guy Briggs
2013-08-27 12:11 ` Peter Zijlstra
2013-08-27 21:35 ` Eric W. Biederman
2013-08-28 8:16 ` Peter Zijlstra
2013-08-23 19:28 ` Oleg Nesterov
2013-08-27 3:04 ` Richard Guy Briggs
2013-08-27 17:11 ` Oleg Nesterov
2013-08-30 19:06 ` audit looks unmaintained? [was: Re: [PATCH 11/12] pid: rewrite task helper functions avoiding task->pid and task->tgid] Richard Guy Briggs
2013-08-30 19:54 ` Steve Grubb
2013-09-08 15:54 ` Oleg Nesterov
2013-09-10 17:20 ` Oleg Nesterov
2013-09-13 18:42 ` Steve Grubb
2013-09-14 18:10 ` Oleg Nesterov
2013-09-13 18:28 ` Steve Grubb
2013-09-14 18:08 ` Oleg Nesterov
2013-08-20 21:32 ` [PATCH 12/12] pid: mark struct task const in helper functions Richard Guy Briggs
2013-12-23 22:27 ` [PATCH 0/5][RFC][v2] steps to make audit pid namespace-safe Richard Guy Briggs
2013-12-23 22:27 ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
2013-12-30 17:04 ` Oleg Nesterov
2013-12-23 22:27 ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
2013-12-30 17:07 ` Oleg Nesterov
2013-12-23 22:27 ` [PATCH 3/5] audit: store audit_pid as a struct pid pointer Richard Guy Briggs
2013-12-30 17:51 ` Oleg Nesterov
2014-01-21 23:37 ` Richard Guy Briggs
2013-12-23 22:27 ` [PATCH 4/5] audit: anchor all pid references in the initial pid namespace Richard Guy Briggs
2013-12-30 18:06 ` Oleg Nesterov
2014-02-19 20:28 ` Richard Guy Briggs
2013-12-23 22:27 ` [PATCH 5/5] audit: allow user processes to log from another PID namespace Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 0/5][RFC][v3] steps to make audit pid namespace-safe Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 3/5] audit: store audit_pid as a struct pid pointer Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 4/5] audit: anchor all pid references in the initial pid namespace Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 5/5] audit: allow user processes to log from another PID namespace Richard Guy Briggs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52210275.8040601@canonical.com \
--to=john.johansen@canonical.com \
--cc=eparis@redhat.com \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=rgb@redhat.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).