From: Oleg Nesterov <oleg@redhat.com>
To: Stephen Wilson <wilsons@start.ca>, Al Viro <viro@zeniv.linux.org.uk>
Cc: Johannes Weiner <jweiner@redhat.com>, linux-kernel@vger.kernel.org
Subject: Q: proc: hold cred_guard_mutex in check_mem_permission()
Date: Wed, 28 Sep 2011 22:20:20 +0200 [thread overview]
Message-ID: <20110928202020.GA3164@redhat.com> (raw)
Another change we probably need to backport, 18f661bc
"proc: hold cred_guard_mutex in check_mem_permission()".
>From the changelog:
Avoid a potential race when task exec's and we get a new ->mm but
check against the old credentials in ptrace_may_access().
Could you please explain? How can we race with exec?
This task is either current, or it is TASK_TRACED and we are the
tracer. In the latter case nobody can resume it except SIGKILL.
And the killed task obviously can't exec.
Afaics, all we need is: we should read task->mm after the
task_is_traced() check, we do not need the mutex.
IOW, what do you think about the patch below? I have no idea how
can I test it (and it wasn't even applied/compiled).
Also, I'd appreciate if you can explain the PTRACE_MODE_ATTACH
check. Again, we are already the tracer.
Oleg.
--- x/fs/proc/base.c
+++ x/fs/proc/base.c
@@ -194,38 +194,31 @@ static int proc_root_link(struct inode *
return result;
}
-static struct mm_struct *__check_mem_permission(struct task_struct *task)
+static int __check_mem_permission(struct task_struct *task)
{
- struct mm_struct *mm;
-
- mm = get_task_mm(task);
- if (!mm)
- return ERR_PTR(-EINVAL);
-
/*
* A task can always look at itself, in case it chooses
* to use system calls instead of load instructions.
*/
if (task == current)
- return mm;
+ return 0;
/*
* If current is actively ptrace'ing, and would also be
* permitted to freshly attach with ptrace now, permit it.
*/
- if (task_is_stopped_or_traced(task)) {
+ if (task_is_traced(task)) {
int match;
rcu_read_lock();
match = (ptrace_parent(task) == current);
rcu_read_unlock();
if (match && ptrace_may_access(task, PTRACE_MODE_ATTACH))
- return mm;
+ return 0;
}
/*
* No one else is allowed.
*/
- mmput(mm);
return ERR_PTR(-EPERM);
}
@@ -238,18 +231,11 @@ static struct mm_struct *check_mem_permi
struct mm_struct *mm;
int err;
- /*
- * Avoid racing if task exec's as we might get a new mm but validate
- * against old credentials.
- */
- err = mutex_lock_killable(&task->signal->cred_guard_mutex);
+ err = __check_mem_permission(task);
if (err)
return ERR_PTR(err);
- mm = __check_mem_permission(task);
- mutex_unlock(&task->signal->cred_guard_mutex);
-
- return mm;
+ return get_task_mm(task) ?: ERR_PTR(-EINVAL);
}
struct mm_struct *mm_for_maps(struct task_struct *task)
next reply other threads:[~2011-09-28 20:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-28 20:20 Oleg Nesterov [this message]
2011-09-29 7:13 ` Q: proc: hold cred_guard_mutex in check_mem_permission() Stephen Wilson
2011-09-29 11:48 ` Oleg Nesterov
2011-09-30 1:05 ` Stephen Wilson
2011-09-30 14:02 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110928202020.GA3164@redhat.com \
--to=oleg@redhat.com \
--cc=jweiner@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=wilsons@start.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox