Re: [patch 1/9] sys: Fix missing rcu protection for __task_cred() access

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Oleg Nesterov <oleg@redhat.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: LKML <linux-kernel@vger.kernel.org>,
	"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
	Dipankar Sarma <dipankar@in.ibm.com>, Ingo Molnar <mingo@elte.hu>,
	Peter Zijlstra <peterz@infradead.org>,
	Al Viro <viro@zeniv.linux.org.uk>,
	James Morris <jmorris@namei.org>,
	David Howells <dhowells@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	linux-security-module@vger.kernel.org
Subject: Re: [patch 1/9] sys: Fix missing rcu protection for __task_cred() access
Date: Thu, 10 Dec 2009 15:20:36 +0100	[thread overview]
Message-ID: <20091210142036.GA8226@redhat.com> (raw)
In-Reply-To: <20091210004703.029784964@linutronix.de>

On 12/10, Thomas Gleixner wrote:
>
> commit c69e8d9 (CRED: Use RCU to access another task's creds and to
> release a task's own creds) added non rcu_read_lock() protected access
> to task creds of the target task in set_prio_one().
>
> The comment above the function says:
>  * - the caller must hold the RCU read lock
>
> The calling code in sys_setpriority does read_lock(&tasklist_lock) but
> not rcu_read_lock(). This works only when CONFIG_TREE_PREEMPT_RCU=n.
> With CONFIG_TREE_PREEMPT_RCU=y the rcu_callbacks can run in the tick
> interrupt when they see no read side critical section.
> ...
> --- linux-2.6-tip.orig/kernel/sys.c
> +++ linux-2.6-tip/kernel/sys.c
> @@ -163,6 +163,7 @@ SYSCALL_DEFINE3(setpriority, int, which,
>  	if (niceval > 19)
>  		niceval = 19;
>
> +	rcu_read_lock();
>  	read_lock(&tasklist_lock);

Off-topic, but can't resist...

This also fixes another bug here. find_task_by_vpid() is not safe
without rcu_read_lock(). I do not mean it is not safe to use the
result, just find_pid_ns() by itself is not safe.

Usually tasklist gives enough protection, but if copy_process() fails
it calls free_pid() lockless and does call_rcu(delayed_put_pid().
This means, without rcu lock find_pid_ns() can't scan the hash table
safely.

Oleg.

next prev parent reply	other threads:[~2009-12-10 14:26 UTC|newest]

Thread overview: 72+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-12-10  0:52 [patch 0/9] Fix various __task_cred related invalid RCU assumptions Thomas Gleixner
2009-12-10  0:52 ` [patch 1/9] sys: Fix missing rcu protection for __task_cred() access Thomas Gleixner
2009-12-10  1:25   ` Paul E. McKenney
2009-12-10  2:29     ` Tetsuo Handa
2009-12-10  2:43   ` Paul E. McKenney
2009-12-10 14:29     ` Oleg Nesterov
2009-12-10 14:44       ` Thomas Gleixner
2009-12-11 13:45         ` David Howells
2009-12-11 13:52           ` Thomas Gleixner
2009-12-10 14:20   ` Oleg Nesterov [this message]
2009-12-10 14:38     ` Thomas Gleixner
2009-12-10 15:08     ` [patch 1/9] sys: Fix missing rcu protection for __task_cred()access Tetsuo Handa
2009-12-10 21:17       ` Thomas Gleixner
2009-12-11  3:25         ` Tetsuo Handa
2010-02-08 12:30         ` [PATCH] Update comment on find_task_by_pid_ns Tetsuo Handa
2010-02-08 13:21           ` Oleg Nesterov
2010-02-08 17:07             ` Thomas Gleixner
2010-02-08 17:16               ` Oleg Nesterov
2010-02-08 21:42                 ` Tetsuo Handa
2010-02-09 22:08                   ` Andrew Morton
2010-02-10 16:30                     ` Serge E. Hallyn
2010-02-10 17:57                       ` Andrew Morton
2010-02-10 18:39                         ` Thomas Gleixner
2010-02-10 20:18                           ` Serge E. Hallyn
2010-02-10 20:30                             ` Paul E. McKenney
2010-02-11  1:21                     ` Tetsuo Handa
2010-02-11 12:04     ` [PATCH] sys: Fix missing rcu protection for sys_getpriority Tetsuo Handa
2010-02-12 14:22       ` Serge E. Hallyn
2009-12-10 22:09   ` [tip:core/urgent] sys: Fix missing rcu protection for __task_cred() access tip-bot for Thomas Gleixner
2009-12-11 13:41   ` [patch 1/9] " David Howells
2009-12-10  0:52 ` [patch 2/9] fs: Add missing rcu protection for __task_cred() in sys_ioprio_get Thomas Gleixner
2009-12-11 13:46   ` David Howells
2009-12-10  0:53 ` [patch 3/9] proc: Add missing rcu protection for __task_cred() in task_sig() Thomas Gleixner
2009-12-11 13:46   ` David Howells
2009-12-10  0:53 ` [patch 4/9] oom: Add missing rcu protection of __task_cred() in dump_tasks Thomas Gleixner
2009-12-10  1:57   ` KOSAKI Motohiro
2009-12-11 13:49   ` David Howells
2009-12-11 13:52     ` Thomas Gleixner
2009-12-10  0:53 ` [patch 5/9] security: Use get_task_cred() in keyctl_session_to_parent() Thomas Gleixner
2009-12-10  2:45   ` Paul E. McKenney
2009-12-11 13:52   ` David Howells
2009-12-10  0:53 ` [patch 6/9] signal: Fix racy access to __task_cred in kill_pid_info_as_uid() Thomas Gleixner
2009-12-10 15:11   ` Oleg Nesterov
2009-12-10 22:09   ` [tip:core/urgent] " tip-bot for Thomas Gleixner
2009-12-11 13:53   ` [patch 6/9] " David Howells
2009-12-10  0:53 ` [patch 7/9] signals: Fix more rcu assumptions Thomas Gleixner
2009-12-10 14:34   ` Oleg Nesterov
2009-12-10 14:45     ` Thomas Gleixner
2009-12-11 13:59       ` David Howells
2009-12-10 22:09   ` [tip:core/urgent] " tip-bot for Thomas Gleixner
2009-12-10  0:53 ` [patch 8/9] Documentation: Fix invalid " Thomas Gleixner
2009-12-10 23:55   ` Vegard Nossum
2009-12-11 14:00   ` David Howells
2009-12-11 16:07     ` Linus Torvalds
2009-12-11 16:37       ` Paul E. McKenney
2009-12-11 18:08         ` Thomas Gleixner
2009-12-11 21:28   ` Arnd Bergmann
2009-12-11 22:01     ` Paul E. McKenney
2009-12-10  0:53 ` [patch 9/9] security: Fix invalid rcu assumptions in comments Thomas Gleixner
2009-12-11 14:01   ` David Howells
2009-12-10  2:28 ` [patch 0/9] Fix various __task_cred related invalid RCU assumptions Paul E. McKenney
2009-12-10  3:15   ` Linus Torvalds
2009-12-10  5:13     ` Peter Zijlstra
2009-12-10  5:34       ` Paul E. McKenney
2009-12-13 18:56         ` Peter Zijlstra
2009-12-14  1:53           ` Paul E. McKenney
2009-12-14 10:17             ` Peter Zijlstra
2009-12-14 14:16               ` Paul E. McKenney
2009-12-14 14:30                 ` Peter Zijlstra
2009-12-15  1:23                   ` Paul E. McKenney
2009-12-11 13:39 ` David Howells
2009-12-11 16:35   ` Paul E. McKenney

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20091210142036.GA8226@redhat.com \
    --to=oleg@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=dhowells@redhat.com \
    --cc=dipankar@in.ibm.com \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=paulmck@linux.vnet.ibm.com \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox