From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751346AbdBXQMX (ORCPT <rfc822;w@1wt.eu>);
        Fri, 24 Feb 2017 11:12:23 -0500
Received: from mx1.redhat.com ([209.132.183.28]:50478 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750995AbdBXQMQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 24 Feb 2017 11:12:16 -0500
Date: Fri, 24 Feb 2017 17:03:54 +0100
From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>,
        "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Aleksa Sarai <asarai@suse.com>, Andy Lutomirski <luto@amacapital.net>,
        Attila Fazekas <afazekas@redhat.com>, Jann Horn <jann@thejh.net>,
        Kees Cook <keescook@chromium.org>, Michal Hocko <mhocko@kernel.org>,
        Ulrich Obergfell <uobergfe@redhat.com>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/2] fix the traced mt-exec deadlock
Message-ID: <20170224160354.GA845@redhat.com>
References: <20170213141452.GA30203@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20170213141452.GA30203@redhat.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Fri, 24 Feb 2017 16:03:57 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Eric,

our discussion was a bit confusing, and it seems that we did not
fully convince each other. So let me ask what do you finally think
about this fix.

Let me repeat. Even if I do not agree with some of your objections,
I do agree that 1/2 does not look nice and clean. And we seem to
agree that either way, with or without this fix, we need more changes
in this area.

But we need a simple and backportable fix for stable trees, say for
rhel7. This bug was reported many times, and this is the simplest
solution I was able to find.

Oleg.


On 02/13, Oleg Nesterov wrote:
>
> Hello,
>
> Lets finally fix this problem, it was reported several times. I still think that
> in the longer term we should (try to) rework the security hooks and (partially)
> revert this change, but this is not trivial and we need something backportable
> anyway.
>
> Eric, Jann, we already discussed this change. 1/2 is the same patch I suggested 3
> months ago except now it compiles and moves flush_signal_handlers() to de_thread().
>
> Both patches ask for subsequent cleanups, see the changelogs.
>
> Oleg.
>
>  arch/x86/ia32/ia32_aout.c |   3 ++
>  fs/binfmt_aout.c          |   3 ++
>  fs/binfmt_elf.c           |   6 ++-
>  fs/binfmt_elf_fdpic.c     |   4 ++
>  fs/binfmt_flat.c          |   3 ++
>  fs/exec.c                 | 128 +++++++++++++++++++++++-----------------------
>  include/linux/binfmts.h   |   1 +
>  kernel/exit.c             |   5 +-
>  kernel/signal.c           |  21 +++++---
>  9 files changed, 101 insertions(+), 73 deletions(-)