[PATCH -mm 1/2] rename is_single_threaded(task) to is_current_single_threaded(void)

[PATCH -mm 1/2] rename is_single_threaded(task) to is_current_single_threaded(void)

[Oleg Nesterov]

(on top of rework-fix-is_single_threaded.patch)

- is_single_threaded(task) is not safe unless task == current,
  we can't use task->signal or task->mm.

- it doesn't make sense unless task == current, the task can
  fork right after the check.

Rename it to is_current_single_threaded() and kill the argument.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---

 include/linux/sched.h        |    2 +-
 lib/is_single_threaded.c     |    3 ++-
 security/selinux/hooks.c     |    2 +-
 security/keys/process_keys.c |    2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

--- WAIT/include/linux/sched.h~ISS_1_RENAME	2009-07-01 20:20:57.000000000 +0200
+++ WAIT/include/linux/sched.h	2009-07-09 22:14:21.000000000 +0200
@@ -2055,7 +2055,7 @@ static inline unsigned long wait_task_in
 #define for_each_process(p) \
 	for (p = &init_task ; (p = next_task(p)) != &init_task ; )
 
-extern bool is_single_threaded(struct task_struct *);
+extern bool is_current_single_threaded(void);
 
 /*
  * Careful: do_each_thread/while_each_thread is a double loop so
--- WAIT/lib/is_single_threaded.c~ISS_1_RENAME	2009-07-09 19:43:27.000000000 +0200
+++ WAIT/lib/is_single_threaded.c	2009-07-09 22:16:29.000000000 +0200
@@ -15,8 +15,9 @@
 /*
  * Returns true if the task does not share ->mm with another thread/process.
  */
-bool is_single_threaded(struct task_struct *task)
+bool is_current_single_threaded(void)
 {
+	struct task_struct *task = current;
 	struct mm_struct *mm = task->mm;
 	struct task_struct *p, *t;
 	bool ret;
--- WAIT/security/selinux/hooks.c~ISS_1_RENAME	2009-07-03 11:15:08.000000000 +0200
+++ WAIT/security/selinux/hooks.c	2009-07-09 22:17:58.000000000 +0200
@@ -5182,7 +5182,7 @@ static int selinux_setprocattr(struct ta
 
 		/* Only allow single threaded processes to change context */
 		error = -EPERM;
-		if (!is_single_threaded(p)) {
+		if (!is_current_single_threaded()) {
 			error = security_bounded_transition(tsec->sid, sid);
 			if (error)
 				goto abort_change;
--- WAIT/security/keys/process_keys.c~ISS_1_RENAME	2009-04-06 00:03:42.000000000 +0200
+++ WAIT/security/keys/process_keys.c	2009-07-09 22:18:31.000000000 +0200
@@ -702,7 +702,7 @@ long join_session_keyring(const char *na
 	/* only permit this if there's a single thread in the thread group -
 	 * this avoids us having to adjust the creds on all threads and risking
 	 * ENOMEM */
-	if (!is_single_threaded(current))
+	if (!is_current_single_threaded())
 		return -EMLINK;
 
 	new = prepare_creds();

Re: [PATCH -mm 1/2] rename is_single_threaded(task) to is_current_single_threaded(void)

[James Morris]

On Thu, 9 Jul 2009, Oleg Nesterov wrote:

> (on top of rework-fix-is_single_threaded.patch)
> 
> - is_single_threaded(task) is not safe unless task == current,
>   we can't use task->signal or task->mm.
> 
> - it doesn't make sense unless task == current, the task can
>   fork right after the check.
> 
> Rename it to is_current_single_threaded() and kill the argument.
> 
> Signed-off-by: Oleg Nesterov <oleg@redhat.com>

Acked-by: James Morris <jmorris@namei.org>

-- 
James Morris
<jmorris@namei.org>

Re: [PATCH -mm 1/2] rename is_single_threaded(task) to is_current_single_threaded(void)

[Christoph Hellwig]

On Thu, Jul 09, 2009 at 11:28:47PM +0200, Oleg Nesterov wrote:
> (on top of rework-fix-is_single_threaded.patch)
> 
> - is_single_threaded(task) is not safe unless task == current,
>   we can't use task->signal or task->mm.
> 
> - it doesn't make sense unless task == current, the task can
>   fork right after the check.
> 
> Rename it to is_current_single_threaded() and kill the argument.

It would be more natural to put the current first, as in
current_is_single_threaded().  That would also fit with the various
other current_* helpers we have.

Re: [PATCH -mm 1/2] rename is_single_threaded(task) to is_current_single_threaded(void)

[Oleg Nesterov]

On 07/09, Christoph Hellwig wrote:
>
> On Thu, Jul 09, 2009 at 11:28:47PM +0200, Oleg Nesterov wrote:
> > (on top of rework-fix-is_single_threaded.patch)
> >
> > - is_single_threaded(task) is not safe unless task == current,
> >   we can't use task->signal or task->mm.
> >
> > - it doesn't make sense unless task == current, the task can
> >   fork right after the check.
> >
> > Rename it to is_current_single_threaded() and kill the argument.
>
> It would be more natural to put the current first, as in
> current_is_single_threaded().  That would also fit with the various
> other current_* helpers we have.

Agreed, re-sending.

Oleg.

[PATCH v2 -mm 1/2] rename is_single_threaded(task) to current_is_single_threaded(void)

[Oleg Nesterov]

(on top of rework-fix-is_single_threaded.patch)

- is_single_threaded(task) is not safe unless task == current,
  we can't use task->signal or task->mm.

- it doesn't make sense unless task == current, the task can
  fork right after the check.

Rename it to current_is_single_threaded() and kill the argument.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
---

 include/linux/sched.h        |    2 +-
 lib/is_single_threaded.c     |    3 ++-
 security/selinux/hooks.c     |    2 +-
 security/keys/process_keys.c |    2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

--- WAIT/include/linux/sched.h~ISS_1_RENAME	2009-07-01 20:20:57.000000000 +0200
+++ WAIT/include/linux/sched.h	2009-07-09 22:14:21.000000000 +0200
@@ -2055,7 +2055,7 @@ static inline unsigned long wait_task_in
 #define for_each_process(p) \
 	for (p = &init_task ; (p = next_task(p)) != &init_task ; )
 
-extern bool is_single_threaded(struct task_struct *);
+extern bool current_is_single_threaded(void);
 
 /*
  * Careful: do_each_thread/while_each_thread is a double loop so
--- WAIT/lib/is_single_threaded.c~ISS_1_RENAME	2009-07-09 19:43:27.000000000 +0200
+++ WAIT/lib/is_single_threaded.c	2009-07-09 22:16:29.000000000 +0200
@@ -15,8 +15,9 @@
 /*
  * Returns true if the task does not share ->mm with another thread/process.
  */
-bool is_single_threaded(struct task_struct *task)
+bool current_is_single_threaded(void)
 {
+	struct task_struct *task = current;
 	struct mm_struct *mm = task->mm;
 	struct task_struct *p, *t;
 	bool ret;
--- WAIT/security/selinux/hooks.c~ISS_1_RENAME	2009-07-03 11:15:08.000000000 +0200
+++ WAIT/security/selinux/hooks.c	2009-07-09 22:17:58.000000000 +0200
@@ -5182,7 +5182,7 @@ static int selinux_setprocattr(struct ta
 
 		/* Only allow single threaded processes to change context */
 		error = -EPERM;
-		if (!is_single_threaded(p)) {
+		if (!current_is_single_threaded()) {
 			error = security_bounded_transition(tsec->sid, sid);
 			if (error)
 				goto abort_change;
--- WAIT/security/keys/process_keys.c~ISS_1_RENAME	2009-04-06 00:03:42.000000000 +0200
+++ WAIT/security/keys/process_keys.c	2009-07-09 22:18:31.000000000 +0200
@@ -702,7 +702,7 @@ long join_session_keyring(const char *na
 	/* only permit this if there's a single thread in the thread group -
 	 * this avoids us having to adjust the creds on all threads and risking
 	 * ENOMEM */
-	if (!is_single_threaded(current))
+	if (!current_is_single_threaded())
 		return -EMLINK;
 
 	new = prepare_creds();

[PATCH v2 -mm 2/2] current_is_single_threaded: don't use ->mmap_sem

[Oleg Nesterov]

current_is_single_threaded() can safely miss a freshly forked CLONE_VM
task, but in this case it must not miss its parent. That is why we take
mm->mmap_sem for writing to make sure a thread/task with the same ->mm
can't pass exit_mm() and disappear.

However we can avoid ->mmap_sem and rely on rcu/barriers:

	- if we do not see the exiting parent on thread/process list
	  we see the result of list_del_rcu(), in this case we must
	  also see the result of list_add_rcu() which does wmb().

	- if we do see the parent but its ->mm == NULL, we need rmb()
	  to make sure we can't miss the child.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---

 lib/is_single_threaded.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

--- WAIT/lib/is_single_threaded.c~ISS_2_RCU	2009-07-09 22:16:29.000000000 +0200
+++ WAIT/lib/is_single_threaded.c	2009-07-09 22:54:41.000000000 +0200
@@ -22,8 +22,6 @@ bool current_is_single_threaded(void)
 	struct task_struct *p, *t;
 	bool ret;
 
-	might_sleep();
-
 	if (atomic_read(&task->signal->live) != 1)
 		return false;
 
@@ -31,7 +29,6 @@ bool current_is_single_threaded(void)
 		return true;
 
 	ret = false;
-	down_write(&mm->mmap_sem);
 	rcu_read_lock();
 	for_each_process(p) {
 		if (unlikely(p->flags & PF_KTHREAD))
@@ -45,12 +42,17 @@ bool current_is_single_threaded(void)
 				goto found;
 			if (likely(t->mm))
 				break;
+			/*
+			 * t->mm == NULL. Make sure next_thread/next_task
+			 * will see other CLONE_VM tasks which might be
+			 * forked before exiting.
+			 */
+			smp_rmb();
 		} while_each_thread(p, t);
 	}
 	ret = true;
 found:
 	rcu_read_unlock();
-	up_write(&mm->mmap_sem);
 
 	return ret;
 }

Re: [PATCH v2 -mm 1/2] rename is_single_threaded(task) to current_is_single_threaded(void)

[David Howells]

Oleg Nesterov <oleg@redhat.com> wrote:

> - is_single_threaded(task) is not safe unless task == current,
>   we can't use task->signal or task->mm.
> 
> - it doesn't make sense unless task == current, the task can
>   fork right after the check.
> 
> Rename it to current_is_single_threaded() and kill the argument.
> 
> Signed-off-by: Oleg Nesterov <oleg@redhat.com>
> Acked-by: James Morris <jmorris@namei.org>

Acked-by: David Howells <dhowells@redhat.com>

Re: [PATCH v2 -mm 2/2] current_is_single_threaded: don't use ->mmap_sem

[David Howells]

Oleg Nesterov <oleg@redhat.com> wrote:

> current_is_single_threaded() can safely miss a freshly forked CLONE_VM
> task, but in this case it must not miss its parent. That is why we take
> mm->mmap_sem for writing to make sure a thread/task with the same ->mm
> can't pass exit_mm() and disappear.
> 
> However we can avoid ->mmap_sem and rely on rcu/barriers:
> 
> 	- if we do not see the exiting parent on thread/process list
> 	  we see the result of list_del_rcu(), in this case we must
> 	  also see the result of list_add_rcu() which does wmb().
> 
> 	- if we do see the parent but its ->mm == NULL, we need rmb()
> 	  to make sure we can't miss the child.
> 
> Signed-off-by: Oleg Nesterov <oleg@redhat.com>

Acked-by: David Howells <dhowells@redhat.com>

Re: [PATCH v2 -mm 2/2] current_is_single_threaded: don't use ->mmap_sem

[James Morris]

On Fri, 10 Jul 2009, David Howells wrote:

> > However we can avoid ->mmap_sem and rely on rcu/barriers:
> > 
> > 	- if we do not see the exiting parent on thread/process list
> > 	  we see the result of list_del_rcu(), in this case we must
> > 	  also see the result of list_add_rcu() which does wmb().
> > 
> > 	- if we do see the parent but its ->mm == NULL, we need rmb()
> > 	  to make sure we can't miss the child.
> > 
> > Signed-off-by: Oleg Nesterov <oleg@redhat.com>
> 
> Acked-by: David Howells <dhowells@redhat.com>

I gather this stuff is going into -mm ?

Can it be merged via security-testing#next?

-- 
James Morris
<jmorris@namei.org>

Re: [PATCH v2 -mm 2/2] current_is_single_threaded: don't use ->mmap_sem

[Oleg Nesterov]

On 07/13, James Morris wrote:
>
> On Fri, 10 Jul 2009, David Howells wrote:
>
> > > However we can avoid ->mmap_sem and rely on rcu/barriers:
> > >
> > > 	- if we do not see the exiting parent on thread/process list
> > > 	  we see the result of list_del_rcu(), in this case we must
> > > 	  also see the result of list_add_rcu() which does wmb().
> > >
> > > 	- if we do see the parent but its ->mm == NULL, we need rmb()
> > > 	  to make sure we can't miss the child.
> > >
> > > Signed-off-by: Oleg Nesterov <oleg@redhat.com>
> >
> > Acked-by: David Howells <dhowells@redhat.com>
>
> I gather this stuff is going into -mm ?

Yes, this is on top of rework-fix-is_single_threaded.patch

Given that David acked these changes, I guess they will go
to -mm soon.

> Can it be merged via security-testing#next?

Please do what you think right, I don't know what will be more
convenient to you and Andrew.

Oleg.

Re: [PATCH v2 -mm 2/2] current_is_single_threaded: don't use ->mmap_sem

[James Morris]

On Tue, 14 Jul 2009, Oleg Nesterov wrote:

> > I gather this stuff is going into -mm ?
> 
> Yes, this is on top of rework-fix-is_single_threaded.patch
> 
> Given that David acked these changes, I guess they will go
> to -mm soon.
> 
> > Can it be merged via security-testing#next?
> 
> Please do what you think right, I don't know what will be more
> convenient to you and Andrew.

I've applied all three patches to

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

Oleg, please verify that they're the correct versions.


-- 
James Morris
<jmorris@namei.org>