Re: [PATCH 1/9] exec: add a global execve counter

[Djalal Harouni <tixxdz@opendz.org>]

On Sat, Mar 10, 2012 at 04:12:20PM -0800, Linus Torvalds wrote:
> On Sat, Mar 10, 2012 at 3:25 PM, Djalal Harouni <tixxdz@opendz.org> wrote:
> >
> > Given that consideration this patch introduces two counters:
> > A global atomic execve counter that will be incremented on every
> > do_execve_common() call, and an atomic exec_id member for the task_struct.
> 
> This seems horribly expensive on most 32-bit architectures, including
> very much x86-32. That atomic64_inc_return() is not cheap.  It's
> possible that it's basically an impossible operation to do atomically
> on certain platforms, causing it to use some random spinlock instead.
Yes it will use spinlocks, and before that we also hold the
current->signal->cred_guard_mutex during all the do_execve_common(), not
to mention the search_binary_handler() logic which will test binary
format... it can even call request_module()

There is the first:
exec_id = atomic64_inc_return(&exec_counter); /* increment global */

and the second one:
atomic64_set(&current->exec_id, exec_id); /* set task exec_id */

I've added this since when we track the target task we do not want to race
against it when it does its execve call or when we set the exec_id at
open time of the /proc/<pid>/* files.

I can remove this second one but in this situation we must track only
reader (current), which is an aggressive behaviour, actually it may be
safer to do so. I've made the target track change to fit the desired
behaviour of "bind files to their process image".

And when we are at it, we should only allow reading of /proc/<pid>/mem, at
least it's only info leak in case there are future changes that can affect
the current protections.

-- 
tixxdz
http://opendz.org