From: Stephen Smalley <sds@tycho.nsa.gov>
To: Oleg Nesterov <oleg@redhat.com>
Cc: David Howells <dhowells@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
James Morris <jmorris@namei.org>,
Roland McGrath <roland@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] rework/fix is_single_threaded()
Date: Thu, 16 Apr 2009 10:36:12 -0400 [thread overview]
Message-ID: <1239892572.7591.43.camel@localhost.localdomain> (raw)
In-Reply-To: <20090416133658.GA6532@redhat.com>
On Thu, 2009-04-16 at 15:36 +0200, Oleg Nesterov wrote:
> On 04/16, David Howells wrote:
> >
> > Oleg Nesterov <oleg@redhat.com> wrote:
> >
> > > - Fix the comment, is_single_threaded(p) actually means that nobody shares
> > > ->mm with p.
> > >
> > > I think this helper should be renamed,
> >
> > What we want to know when we ask this function is whether or not a process is
> > single-threaded, hence the name. The fact that because:
> >
> > CLONE_THREAD => CLONE_SIGHAND => CLONE_VM
> >
> > we can work this out purely by checking that there aren't any processes that
> > share VM space with us is immaterial.
>
> Confused... I already asked this in http://marc.info/?t=123853355800001
> "what is_single_threaded() does?" and perhaps I misunderstood you.
>
> So, once again, what it should do? If we only care about CLONE_THREAD (implies
> CLONE_VM), then we can just do
>
> bool is_single_threaded(struct task_struct *p)
> {
> return atomic_read(&p->signal->live) == 1;
> }
>
> But, if it should check p doesn't share VM space (this is what it does
> with or without the patch), then we have to scan all processes.
In the SELinux case, we care about shared VM space. The purpose of the
check for SELinux is to prevent the security contexts of tasks that
share a VM from diverging from one another, as we cannot enforce any
separation among them.
> > > and it should not have arguments. With or without this patch it must not be
> > > used unless p == current, otherwise we can't safely use p->signal or p->mm.
> >
> > Well, I can live with that, but you need to check with the SELinux people too.
> > Whilst they do currently limit the selinux_setprocattr() to current only, they
> > still hand the task pointer that function is given around.
>
> Yes, I see. But (apart from "not safe" above), from the security pov it doesn't
> make sense to call is_single_threaded(p) unless p == current ? The task can
> fork right after the check.
Right. In the SELinux case, we will only ever call it with p ==
current, and if you want to make that explicit by dropping the task
argument and directly acting on current, feel free.
--
Stephen Smalley
National Security Agency
next prev parent reply other threads:[~2009-04-16 15:18 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-13 21:45 [PATCH] rework/fix is_single_threaded() Oleg Nesterov
2009-04-15 23:32 ` Andrew Morton
2009-04-16 13:40 ` Oleg Nesterov
2009-04-16 10:04 ` David Howells
2009-04-16 13:36 ` Oleg Nesterov
2009-04-16 14:36 ` Stephen Smalley [this message]
2009-04-16 14:54 ` Oleg Nesterov
2009-06-18 19:07 ` Andrew Morton
2009-06-18 19:42 ` Oleg Nesterov
2009-06-22 18:51 ` Andrew Morton
2009-06-22 17:14 ` Oleg Nesterov
2009-06-22 21:04 ` Andrew Morton
2009-06-22 19:24 ` Oleg Nesterov
2009-07-09 13:01 ` David Howells
2009-07-09 21:25 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1239892572.7591.43.camel@localhost.localdomain \
--to=sds@tycho.nsa.gov \
--cc=akpm@linux-foundation.org \
--cc=dhowells@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=roland@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox