From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 80303C3DA79
	for <linux-mm@archiver.kernel.org>; Mon, 15 Jan 2024 19:39:32 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id D50976B0093; Mon, 15 Jan 2024 14:39:31 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id CD73A6B009B; Mon, 15 Jan 2024 14:39:31 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B2BBA6B009C; Mon, 15 Jan 2024 14:39:31 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 9A1E96B0093
	for <linux-mm@kvack.org>; Mon, 15 Jan 2024 14:39:31 -0500 (EST)
Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id 6EE1B1A047F
	for <linux-mm@kvack.org>; Mon, 15 Jan 2024 19:39:31 +0000 (UTC)
X-FDA: 81682559742.28.7662FE4
Received: from casper.infradead.org (casper.infradead.org [90.155.50.34])
	by imf01.hostedemail.com (Postfix) with ESMTP id 3417C40010
	for <linux-mm@kvack.org>; Mon, 15 Jan 2024 19:39:28 +0000 (UTC)
Authentication-Results: imf01.hostedemail.com;
	dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=GknGwOR3;
	dmarc=none;
	spf=none (imf01.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1705347569;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=VZxWDVpCvSyMMfu91KFYLQxRYf92goXw309/GJka1jA=;
	b=gqtpnuV0bjLHDm9/grJwHEvR5k5RAdCd3fd6pUNZ5WtTrD6lOTOdOR/Oij7TFMz1i8QD6q
	iVhvQu75RYgdBuURngR+iwbbH7OgOUgVvScMABTBrupvE4ByTmfHv5QQ+S8cF+xT4sDdHR
	pv/VzSKMXlbrkOBJBhqmXkc2yLcwUpk=
ARC-Authentication-Results: i=1;
	imf01.hostedemail.com;
	dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=GknGwOR3;
	dmarc=none;
	spf=none (imf01.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705347569; a=rsa-sha256;
	cv=none;
	b=1LNV23e4zh+gFapJ0nUfRWVfiTPY+C5qkLlxu85efiqqzG71qKayV1j5HXydGiZ+kfXU9a
	pCww+FsENoNaa3FOG9UvJUrdbSQlFSEfqF/4hisJe5pb2v84gG3Mg+P9IKpKyZPde0Q41I
	xG5ZmLN5r8P34oxMtniu1KI694b//Yo=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description;
	bh=VZxWDVpCvSyMMfu91KFYLQxRYf92goXw309/GJka1jA=; b=GknGwOR3WJOANvxNIoJBsht0dF
	XYsbU6l237FY/y32zn2rCALaUsCZlCV/doukPROyDgBih0N5A4poaUezz78fJAKRRw4spk15ec5Vb
	wt2fW49Tf5hUy1Hhnn443PL5X7S9d7/gXo4XQwx3EUazTRQxz+Shm5v9T9MI7Iht32IIsAs0U1+5m
	qZsX/gGVMtWr+31/fvBSc0u6UiYa6uL+Zu+yPn0SAL9/S+oSphBGk8TFTU9cdTmhlCtPPQICjWSBx
	bQaKlCH6vSEgmCAmZ/tYp4bqLoAYu/ZJOK5RB/ww1iUiq2qK0Pp9RvifgWHu88AeS/d5XVWIE4CNl
	YlL/2RBA==;
Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux))
	id 1rPSmJ-00Ad0l-L5; Mon, 15 Jan 2024 19:37:47 +0000
Date: Mon, 15 Jan 2024 19:37:47 +0000
From: Matthew Wilcox <willy@infradead.org>
To: Bernd Edlinger <bernd.edlinger@hotmail.de>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
	Alexey Dobriyan <adobriyan@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>, Kees Cook <keescook@chromium.org>,
	Andy Lutomirski <luto@amacapital.net>,
	Will Drewry <wad@chromium.org>,
	Christian Brauner <brauner@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Michal Hocko <mhocko@suse.com>, Serge Hallyn <serge@hallyn.com>,
	James Morris <jamorris@linux.microsoft.com>,
	Randy Dunlap <rdunlap@infradead.org>,
	Suren Baghdasaryan <surenb@google.com>,
	Yafang Shao <laoar.shao@gmail.com>, Helge Deller <deller@gmx.de>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Adrian Reber <areber@redhat.com>,
	Thomas Gleixner <tglx@linutronix.de>, Jens Axboe <axboe@kernel.dk>,
	Alexei Starovoitov <ast@kernel.org>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	linux-kselftest@vger.kernel.org, linux-mm@kvack.org,
	tiozhang <tiozhang@didiglobal.com>,
	Luis Chamberlain <mcgrof@kernel.org>,
	"Paulo Alcantara (SUSE)" <pc@manguebit.com>,
	Sergey Senozhatsky <senozhatsky@chromium.org>,
	Frederic Weisbecker <frederic@kernel.org>,
	YueHaibing <yuehaibing@huawei.com>,
	Paul Moore <paul@paul-moore.com>, Aleksa Sarai <cyphar@cyphar.com>,
	Stefan Roesch <shr@devkernel.io>, Chao Yu <chao@kernel.org>,
	xu xin <xu.xin16@zte.com.cn>, Jeff Layton <jlayton@kernel.org>,
	Jan Kara <jack@suse.cz>, David Hildenbrand <david@redhat.com>,
	Dave Chinner <dchinner@redhat.com>, Shuah Khan <shuah@kernel.org>,
	Zheng Yejian <zhengyejian1@huawei.com>,
	Elena Reshetova <elena.reshetova@intel.com>,
	David Windsor <dwindsor@gmail.com>,
	Mateusz Guzik <mjguzik@gmail.com>, Ard Biesheuvel <ardb@kernel.org>,
	"Joel Fernandes (Google)" <joel@joelfernandes.org>,
	Hans Liljestrand <ishkamiel@gmail.com>
Subject: Re: [PATCH v14] exec: Fix dead-lock in de_thread with ptrace_attach
Message-ID: <ZaWJi/N2Dtye3aVs@casper.infradead.org>
References: <AM8PR10MB470801D01A0CF24BC32C25E7E40E9@AM8PR10MB4708.EURPRD10.PROD.OUTLOOK.COM>
 <AM8PR10MB470875B22B4C08BEAEC3F77FE4169@AM8PR10MB4708.EURPRD10.PROD.OUTLOOK.COM>
 <AS8P193MB1285DF698D7524EDE22ABFA1E4A1A@AS8P193MB1285.EURP193.PROD.OUTLOOK.COM>
 <AS8P193MB12851AC1F862B97FCE9B3F4FE4AAA@AS8P193MB1285.EURP193.PROD.OUTLOOK.COM>
 <AS8P193MB1285FF445694F149B70B21D0E46C2@AS8P193MB1285.EURP193.PROD.OUTLOOK.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <AS8P193MB1285FF445694F149B70B21D0E46C2@AS8P193MB1285.EURP193.PROD.OUTLOOK.COM>
X-Rspam-User: 
X-Stat-Signature: 5fjd8tyu4hcy7agq4rtfrmmk8gdpmxph
X-Rspamd-Server: rspam07
X-Rspamd-Queue-Id: 3417C40010
X-HE-Tag: 1705347568-403311
X-HE-Meta: U2FsdGVkX1+Zqn0455eGnx61BxBGXuqpZX9jNWDWRgEgeSWbB9aDzBFDeGwMHA+xEiTdotO3hG3UPW6PAzwlt3jeTqyQe782qWCcsg4w1+/KKqeMUvpjSrgMc0ALvbYGka3SBrOm+mXtH+WZFl60LErIBiH06J4hy+2PeTdmfa6zFQiuMyxdw/u1YG6F/fMUtzsDzK8n6Z+tR8vc9MoZHXKQiAfUQvglYFUA7f0A+zgOI33jIZ94JiXcbY2saS09acf7udLFfyzE7z4YydggAf4MJxbjaIAId0e+1B3WFZEuzCC5ZPJ4mvRXpTyc8gEn/Wzb7GwD30J3OcCDtZLCZybfgJ3+HqS4PTWHL/hMStp7aiA/dLiFJvtc1UG/HHZXUewf/BLeaS9fnz0LejabcReZkHVjNm57rBavNxbFmbj+C3jtGgRrX3G9jAR3iNr0I3D2dHaPFMLj5ppMe6GBct0bI29kJznZKMfBTheRFgwoQlmAe9zSfoNhQXB6baMPotWSPzxB8mRwTExYFw+xJsfW69hFPxyuomUQyMKpCR7SKoE1p5FGGrzdnn7dm695ZhyBfepzmDsLmKE10OuIpaVrIuX/OEXl5Tht8lzFLx1ADnr3y4v12MeMqyOaRTXwgKJS2xhAMWvpF/Jf5fKqLlsWIrz/b+FTBNXiepQkQDo6efgCDYwKliwGBqXccGngbgt84aNprCEB8fdpKlMBuTAmoXiU2ZLaLaHu69Douq1lWlqWv2u8iC2YhlOym1Ws19IoM4sxZU3LFoygd9KKySU3uHInWZWI1OH/6P33PihK/jEpiORc5Wn6fNYujxtHuAA02lEf21rxc0NCcGjnKmUC/iTnmpsOP8XHwE805qbsO9kPTlZkTjZwfvyuqVyuiG1r71lYdNV5OcQVbEcs3auBSOujtyh6+v1hAxladeloq3cHr/TphtUSZTwu7ksC4QWnovjtScX79L/IH2Z
 B3T+MHEi
 mM64YwxoPAkV04vfmMzd4F0WCO8zCHRC5pgsw0cuXl+BufY33MnkD+cMMwSpBbcsxJUKuVAapVE9KrvZcT69yGyEYsSRWqErP8YvwHJb7Sp3Q5SV/64MNUldLXhQhl/vXoCodkQ2tz3OmlF5Wnes2Oea5nd2jdKvC6iHiZ3RKYTxuSPQliT1k01kRqSOvTVlJK9o3OZJ3Y8zZ6NkX17MHlGh9+1QbqJuNVPPdPIbcr+18/3hbLmcPZc2fe4ZADb03gVKWK8Xix+jbEk4R6QIZA2YD2cT3Ee+CDm55ctZIkjsl0Ug=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Mon, Jan 15, 2024 at 08:22:19PM +0100, Bernd Edlinger wrote:
> This introduces signal->exec_bprm, which is used to
> fix the case when at least one of the sibling threads
> is traced, and therefore the trace process may dead-lock
> in ptrace_attach, but de_thread will need to wait for the
> tracer to continue execution.

Not entirely sure why I've been added to the cc; this doesn't seem
like it's even remotely within my realm of expertise.

> +++ b/include/linux/cred.h
> @@ -153,6 +153,7 @@ extern const struct cred *get_task_cred(struct task_struct *);
>  extern struct cred *cred_alloc_blank(void);
>  extern struct cred *prepare_creds(void);
>  extern struct cred *prepare_exec_creds(void);
> +extern bool is_dumpability_changed(const struct cred *, const struct cred *);

Using 'extern' for function declarations is deprecated.  More
importantly, you have two arguments of the same type, and how do I know
which one is which if you don't name them?

> +++ b/kernel/cred.c
> @@ -375,6 +375,28 @@ static bool cred_cap_issubset(const struct cred *set, const struct cred *subset)
>  	return false;
>  }
>  
> +/**
> + * is_dumpability_changed - Will changing creds from old to new
> + * affect the dumpability in commit_creds?
> + *
> + * Return: false - dumpability will not be changed in commit_creds.
> + *         true  - dumpability will be changed to non-dumpable.
> + *
> + * @old: The old credentials
> + * @new: The new credentials
> + */

Does kernel-doc really parse this correctly?  Normal style would be:

/**
 * is_dumpability_changed - Will changing creds affect dumpability?
 * @old: The old credentials.
 * @new: The new credentials.
 *
 * If the @new credentials have no elevated privileges compared to the
 * @old credentials, the task may remain dumpable.  Otherwise we have
 * to mark the task as undumpable to avoid information leaks from higher
 * to lower privilege domains.
 *
 * Return: True if the task will become undumpable.
 */

> @@ -508,6 +531,14 @@ static int ptrace_traceme(void)
>  {
>  	int ret = -EPERM;
>  
> +	if (mutex_lock_interruptible(&current->signal->cred_guard_mutex))
> +		return -ERESTARTNOINTR;

Do you really want this to be interruptible by a timer signal or a
window resize event?