From: Davidlohr Bueso <dave@stgolabs.net>
To: axboe@kernel.dk
Cc: oleg@redhat.com, linux-block@vger.kernel.org,
linux-kernel@vger.kernel.org, dave@stgolabs.net,
Davidlohr Bueso <dbueso@suse.de>
Subject: [PATCH] block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
Date: Fri, 10 Dec 2021 10:20:58 -0800 [thread overview]
Message-ID: <20211210182058.43417-1-dave@stgolabs.net> (raw)
do_each_pid_thread(PIDTYPE_PGID) can race with a concurrent
change_pid(PIDTYPE_PGID) that can move the task from one hlist
to another while iterating. Serialize ioprio_get to take
the tasklist_lock in this case, just like it's set counterpart.
Fixes: d69b78ba1de (ioprio: grab rcu_read_lock in sys_ioprio_{set,get}())
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
---
This is basically a resend of https://lore.kernel.org/all/20200817003148.23691-3-dave@stgolabs.net/
with Oleg's ack and without the ioprio_set part as this was fixed
later after this patch was lost for whatever reason.
block/ioprio.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/block/ioprio.c b/block/ioprio.c
index 313c14a70bbd..6f01d35a5145 100644
--- a/block/ioprio.c
+++ b/block/ioprio.c
@@ -220,6 +220,7 @@ SYSCALL_DEFINE2(ioprio_get, int, which, int, who)
pgrp = task_pgrp(current);
else
pgrp = find_vpid(who);
+ read_lock(&tasklist_lock);
do_each_pid_thread(pgrp, PIDTYPE_PGID, p) {
tmpio = get_task_ioprio(p);
if (tmpio < 0)
@@ -229,6 +230,8 @@ SYSCALL_DEFINE2(ioprio_get, int, which, int, who)
else
ret = ioprio_best(ret, tmpio);
} while_each_pid_thread(pgrp, PIDTYPE_PGID, p);
+ read_unlock(&tasklist_lock);
+
break;
case IOPRIO_WHO_USER:
uid = make_kuid(current_user_ns(), who);
--
2.26.2
next reply other threads:[~2021-12-10 18:21 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-10 18:20 Davidlohr Bueso [this message]
2021-12-10 18:26 ` [PATCH] block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211210182058.43417-1-dave@stgolabs.net \
--to=dave@stgolabs.net \
--cc=axboe@kernel.dk \
--cc=dbueso@suse.de \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox