From: Oleg Nesterov <oleg@redhat.com>
To: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Roland McGrath <roland@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org, oss-security@lists.openwall.com,
Solar Designer <solar@openwall.com>,
Kees Cook <kees.cook@canonical.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Neil Horman <nhorman@tuxdriver.com>,
linux-fsdevel@vger.kernel.org, pageexec@freemail.hu,
"Brad Spengler <spender@grsecurity.net>,
Eugene Teo" <eugene@redhat.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Subject: Re: [PATCH] move cred_guard_mutex from task_struct to signal_struct
Date: Fri, 10 Sep 2010 19:24:57 +0200 [thread overview]
Message-ID: <20100910172457.GA23393@redhat.com> (raw)
In-Reply-To: <20100910101528.C958.A69D9226@jp.fujitsu.com>
On 09/10, KOSAKI Motohiro wrote:
>
> 1) moving cread_guard_mutex itself
> - no increase execve overhead
> -> very good
> - it also prevent parallel ptrace
No, it doesn't. Only PTRACE_ATTACH needs this mutex, and as Roland
pointed out it also needs write_lock(tasklist) which is worse. So
this change doesn't make any practical harm for ptrace.
> 2) move in_exec_mm to signal_struct too
> -> very hard. oom-killer can use very few lock because it's called
> from various place. now both ->mm and ->in_exec_mm are protected
> task_lock() and it help to avoid messy.
Yes. But, if ->in_exec_mm is only used by oom_badness(), then I think
you can use task_lock(tsk->group_leader). oom_badness() needs tasklist
anyway, this means it can't race with de_thread() changing the leader.
But up to you.
Another very minor nit (but again, up to you). Perhaps exec_mmap()
could clear ->in_exec_mm (in task_struct or signal_struct, this doesnt
matter), it takes task_lock(current) anyway (and at this point current
is always the group leader).
> Let's move ->cred_guard_mutex from task_struct to signal_struct. It
> naturally prevent multiple-threads-inside-exec.
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
This is very minor, but perhaps you can also fix a couple of comments
which mention task->cred_guard_mutex,
fs/exec.c:1109 the caller must hold current->cred_guard_mutex
kernel/cred.c:328 The caller must hold current->cred_guard_mutex
include/linux/tracehook.h:153 @task->cred_guard_mutex
Oleg.
next prev parent reply other threads:[~2010-09-10 17:29 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-27 22:02 [PATCH] exec argument expansion can inappropriately trigger OOM-killer Kees Cook
2010-08-30 0:19 ` KOSAKI Motohiro
2010-08-30 0:56 ` Roland McGrath
[not found] ` <20100830005648.431B7400D9-nL1rrgvulkc2UH6IwYuUx0EOCMrvLtNR@public.gmane.org>
2010-08-30 3:23 ` Solar Designer
2010-08-30 10:06 ` Roland McGrath
2010-08-30 19:48 ` Solar Designer
2010-08-31 0:40 ` Roland McGrath
2010-09-08 2:34 ` [PATCH 0/3] execve argument-copying fixes Roland McGrath
2010-09-08 2:35 ` [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath
2010-09-08 8:29 ` pageexec
[not found] ` <4C874986.23581.F34F4BD-tVCe0bXVy/VhMnff8nq0I0CAg8bcNmFB@public.gmane.org>
2010-09-10 8:59 ` Roland McGrath
[not found] ` <20100910085915.8CC23405D5-nL1rrgvulkc2UH6IwYuUx0EOCMrvLtNR@public.gmane.org>
2010-09-11 13:30 ` pageexec-Y8qEzhMunLyT9ig0jae3mg
2010-09-14 19:33 ` Roland McGrath
[not found] ` <20100914193331.DB434403E8-nL1rrgvulkc2UH6IwYuUx0EOCMrvLtNR@public.gmane.org>
2010-09-14 22:35 ` pageexec-Y8qEzhMunLyT9ig0jae3mg
2010-09-08 11:57 ` Brad Spengler
2010-09-09 5:31 ` KOSAKI Motohiro
[not found] ` <20100909141534.C948.A69D9226-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2010-09-10 9:25 ` Roland McGrath
2010-09-10 9:43 ` KOSAKI Motohiro
[not found] ` <20100910092541.2864A405D5-nL1rrgvulkc2UH6IwYuUx0EOCMrvLtNR@public.gmane.org>
2010-09-11 13:39 ` pageexec-Y8qEzhMunLyT9ig0jae3mg
[not found] ` <4C8B8692.7649.3E0895B-tVCe0bXVy/VhMnff8nq0I0CAg8bcNmFB@public.gmane.org>
2010-09-14 18:51 ` Roland McGrath
[not found] ` <20100914185135.03DD6403E8-nL1rrgvulkc2UH6IwYuUx0EOCMrvLtNR@public.gmane.org>
2010-09-14 20:28 ` pageexec-Y8qEzhMunLyT9ig0jae3mg
[not found] ` <4C8FDAEF.17347.14CA1791-tVCe0bXVy/VhMnff8nq0I0CAg8bcNmFB@public.gmane.org>
2010-09-14 21:16 ` Roland McGrath
[not found] ` <20100914211644.E0C58403E8-nL1rrgvulkc2UH6IwYuUx0EOCMrvLtNR@public.gmane.org>
2010-09-14 22:27 ` pageexec-Y8qEzhMunLyT9ig0jae3mg
[not found] ` <4C8FF6EE.21454.153770F9-tVCe0bXVy/VhMnff8nq0I0CAg8bcNmFB@public.gmane.org>
2010-09-14 23:04 ` Roland McGrath
[not found] ` <20100914230411.B1F0D403E8-nL1rrgvulkc2UH6IwYuUx0EOCMrvLtNR@public.gmane.org>
2010-09-15 9:27 ` pageexec-Y8qEzhMunLyT9ig0jae3mg
[not found] ` <20100908115728.GB11762-JNS0hek0TMl4qEwOxq4T+Q@public.gmane.org>
2010-09-10 9:18 ` Roland McGrath
2010-09-08 2:36 ` [PATCH 2/3] execve: improve interactivity with large arguments Roland McGrath
2010-09-08 2:37 ` [PATCH 3/3] execve: make responsive to SIGKILL " Roland McGrath
2010-09-08 3:00 ` [PATCH 0/3] execve argument-copying fixes KOSAKI Motohiro
2010-09-09 5:01 ` [PATCH 0/2] execve memory exhaust of " KOSAKI Motohiro
2010-09-09 5:03 ` [PATCH 1/2] oom: don't ignore rss in nascent mm KOSAKI Motohiro
2010-09-09 22:05 ` Oleg Nesterov
[not found] ` <20100909220504.GA6273-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2010-09-10 9:39 ` Roland McGrath
2010-09-10 9:57 ` [PATCH] move cred_guard_mutex from task_struct to signal_struct KOSAKI Motohiro
2010-09-10 17:24 ` Oleg Nesterov [this message]
2010-09-16 5:51 ` KOSAKI Motohiro
2010-09-09 5:04 ` [PATCH 2/2] execve: check the VM has enough memory at first KOSAKI Motohiro
2010-09-10 15:06 ` Linus Torvalds
2010-09-14 1:52 ` KOSAKI Motohiro
2010-09-16 5:51 ` KOSAKI Motohiro
2010-09-16 15:01 ` Linus Torvalds
[not found] ` <20100830032331.GA22773-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
2010-08-30 17:49 ` [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer
[not found] ` <20100830174920.GA25091-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
2010-08-30 22:08 ` Brad Spengler
[not found] ` <20100830220847.GA24980-JNS0hek0TMl4qEwOxq4T+Q@public.gmane.org>
2010-08-31 11:53 ` Solar Designer
2010-08-31 11:56 ` [PATCH] exec argument expansion can inappropriately triggerOOM-killer Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100910172457.GA23393@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=eugene@redhat.com \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=kees.cook@canonical.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=oss-security@lists.openwall.com \
--cc=pageexec@freemail.hu \
--cc=roland@redhat.com \
--cc=solar@openwall.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).