Re: [PATCH v3 06/11] rlimits: do security check under task_lock

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Andrew Morton <akpm@linux-foundation.org>
To: Jiri Slaby <jslaby@suse.cz>
Cc: adobriyan@gmail.com, nhorman@tuxdriver.com, oleg@redhat.com,
	linux-kernel@vger.kernel.org, jirislaby@gmail.com,
	Heiko Carstens <heiko.carstens@de.ibm.com>,
	Ingo Molnar <mingo@elte.hu>
Subject: Re: [PATCH v3 06/11] rlimits: do security check under task_lock
Date: Thu, 13 May 2010 15:56:26 -0700	[thread overview]
Message-ID: <20100513155626.8d1fe293.akpm@linux-foundation.org> (raw)
In-Reply-To: <1273514451-28894-6-git-send-email-jslaby@suse.cz>

On Mon, 10 May 2010 20:00:46 +0200
Jiri Slaby <jslaby@suse.cz> wrote:

> Do security_task_setrlimit under task_lock. Other tasks may
> change limits under our hands while we are checking limits
> inside the function. From now on, they can't.
>
> ...
>
> --- a/kernel/sys.c
> +++ b/kernel/sys.c
> @@ -1277,7 +1277,7 @@ int do_setrlimit(struct task_struct *tsk, unsigned int resource,
>  		struct rlimit *new_rlim)
>  {
>  	struct rlimit *old_rlim;
> -	int retval;
> +	int retval = 0;
>  
>  	if (resource >= RLIM_NLIMITS)
>  		return -EINVAL;
> @@ -1293,10 +1293,6 @@ int do_setrlimit(struct task_struct *tsk, unsigned int resource,
>  		goto out;
>  	}
>  
> -	retval = security_task_setrlimit(tsk, resource, new_rlim);
> -	if (retval)
> -		goto out;
> -
>  	if (resource == RLIMIT_CPU && new_rlim->rlim_cur == 0) {
>  		/*
>  		 * The caller is asking for an immediate RLIMIT_CPU
> @@ -1309,11 +1305,13 @@ int do_setrlimit(struct task_struct *tsk, unsigned int resource,
>  
>  	old_rlim = tsk->signal->rlim + resource;
>  	task_lock(tsk->group_leader);
> -	if ((new_rlim->rlim_max <= old_rlim->rlim_max) ||
> -				capable(CAP_SYS_RESOURCE))
> -		*old_rlim = *new_rlim;
> -	else
> +	if ((new_rlim->rlim_max > old_rlim->rlim_max) &&
> +				!capable(CAP_SYS_RESOURCE))
>  		retval = -EPERM;
> +	if (!retval)
> +		retval = security_task_setrlimit(tsk, resource, new_rlim);
> +	if (!retval)
> +		*old_rlim = *new_rlim;
>  	task_unlock(tsk->group_leader);
>  
>  	if (retval || resource != RLIMIT_CPU)

Yikes, so the locking around all that selinux code becomes even more
brutal.  How much rope are you tying around the selinux developers'
hands here?

next prev parent reply	other threads:[~2010-05-13 22:57 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-05-10 18:00 [PATCH v3 01/11] rlimits: security, add task_struct to setrlimit Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 02/11] rlimits: add task_struct to update_rlimit_cpu Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 03/11] rlimits: make sure ->rlim_max never grows in sys_setrlimit Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 04/11] rlimits: split sys_setrlimit Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 05/11] rlimits: allow setrlimit to non-current tasks Jiri Slaby
2010-05-13 22:56   ` Andrew Morton
2010-06-06 20:23     ` [PATCH v3 06/11] rlimits: do security check under task_lock Jiri Slaby
2010-06-07 18:08       ` Oleg Nesterov
2010-06-23 15:20         ` Jiri Slaby
2010-06-23 16:12           ` Oleg Nesterov
2010-06-23 17:44             ` Jiri Slaby
2010-06-23 17:56               ` Oleg Nesterov
2010-06-23 21:35                 ` Jiri Slaby
2010-06-23 18:37               ` Stephen Smalley
2010-05-10 18:00 ` Jiri Slaby
2010-05-13 22:56   ` Andrew Morton [this message]
2010-05-10 18:00 ` [PATCH v3 07/11] rlimits: add rlimit64 structure Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 08/11] rlimits: redo do_setrlimit to more generic do_prlimit Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 09/11] rlimits: switch more rlimit syscalls to do_prlimit Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 10/11] rlimits: implement prlimit64 syscall Jiri Slaby
2010-05-13 22:56   ` Andrew Morton
2010-05-26 12:58     ` Jiri Slaby
2010-05-26 14:30       ` Andrew Morton
2010-05-26 15:13         ` Jiri Slaby
2010-05-10 18:00 ` [PATCH v3 11/11] unistd: add __NR_prlimit64 syscall numbers Jiri Slaby

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100513155626.8d1fe293.akpm@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=adobriyan@gmail.com \
    --cc=heiko.carstens@de.ibm.com \
    --cc=jirislaby@gmail.com \
    --cc=jslaby@suse.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=nhorman@tuxdriver.com \
    --cc=oleg@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox