[PATCH -mm 4/5] fault-inject: simplify access check for fail-nth

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Akinobu Mita <akinobu.mita@gmail.com>
To: akpm@linux-foundation.org, linux-kernel@vger.kernel.org
Cc: Akinobu Mita <akinobu.mita@gmail.com>,
	Dmitry Vyukov <dvyukov@google.com>
Subject: [PATCH -mm 4/5] fault-inject: simplify access check for fail-nth
Date: Thu,  6 Apr 2017 23:56:00 +0900	[thread overview]
Message-ID: <1491490561-10485-5-git-send-email-akinobu.mita@gmail.com> (raw)
In-Reply-To: <1491490561-10485-1-git-send-email-akinobu.mita@gmail.com>

The fail-nth file is created with 0666 and the access is permitted if
and only if the task is current.

This file is owned by the currnet user.  So we can create it with 0644
and allow the owner to write it.  This enables to watch the status of
task->fail_nth from another processes.

Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
---
 fs/proc/base.c | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 9d14215..14e7b73 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1366,16 +1366,16 @@ static ssize_t proc_fail_nth_write(struct file *file, const char __user *buf,
 	int err;
 	unsigned int n;
 
+	err = kstrtoint_from_user(buf, count, 0, &n);
+	if (err)
+		return err;
+
 	task = get_proc_task(file_inode(file));
 	if (!task)
 		return -ESRCH;
+	task->fail_nth = n;
 	put_task_struct(task);
-	if (task != current)
-		return -EPERM;
-	err = kstrtouint_from_user(buf, count, 0, &n);
-	if (err)
-		return err;
-	current->fail_nth = n;
+
 	return count;
 }
 
@@ -1389,11 +1389,9 @@ static ssize_t proc_fail_nth_read(struct file *file, char __user *buf,
 	task = get_proc_task(file_inode(file));
 	if (!task)
 		return -ESRCH;
-	put_task_struct(task);
-	if (task != current)
-		return -EPERM;
 	len = snprintf(numbuf, sizeof(numbuf), "%u\n", task->fail_nth);
 	len = simple_read_from_buffer(buf, count, ppos, numbuf, len);
+	put_task_struct(task);
 
 	return len;
 }
@@ -3358,11 +3356,7 @@ static const struct pid_entry tid_base_stuff[] = {
 #endif
 #ifdef CONFIG_FAULT_INJECTION
 	REG("make-it-fail", S_IRUGO|S_IWUSR, proc_fault_inject_operations),
-	/*
-	 * Operations on the file check that the task is current,
-	 * so we create it with 0666 to support testing under unprivileged user.
-	 */
-	REG("fail-nth", 0666, proc_fail_nth_operations),
+	REG("fail-nth", 0644, proc_fail_nth_operations),
 #endif
 #ifdef CONFIG_TASK_IO_ACCOUNTING
 	ONE("io",	S_IRUSR, proc_tid_io_accounting),
-- 
2.7.4

next prev parent reply	other threads:[~2017-04-06 14:57 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-06 14:55 [PATCH -mm 0/5] fault-inject: improve fail-nth interface Akinobu Mita
2017-04-06 14:55 ` [PATCH -mm 1/5] fault-inject: automatically detect the number base for fail-nth write interface Akinobu Mita
2017-04-06 14:55 ` [PATCH -mm 2/5] fault-inject: parse as natural 1-based value " Akinobu Mita
2017-04-06 14:55 ` [PATCH -mm 3/5] fault-inject: make fail-nth read/write interface symmetric Akinobu Mita
2017-04-07 20:37   ` Dmitry Vyukov
2017-07-12 20:49     ` Andrew Morton
2017-07-13 16:17       ` Akinobu Mita
2017-04-06 14:56 ` Akinobu Mita [this message]
2017-04-07 20:23   ` [PATCH -mm 4/5] fault-inject: simplify access check for fail-nth Dmitry Vyukov
2017-04-07 20:45   ` Dmitry Vyukov
2017-04-08  8:25     ` Akinobu Mita
2017-04-08 17:35       ` Dmitry Vyukov
2017-04-06 14:56 ` [PATCH -mm 5/5] fault-inject: add /proc/<pid>/fail-nth Akinobu Mita

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9d14215 dfblob:14e7b73 )
 OR (
bs:"[PATCH -mm 4/5] fault-inject: simplify access check for fail-nth" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1491490561-10485-5-git-send-email-akinobu.mita@gmail.com \
    --to=akinobu.mita@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=dvyukov@google.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).