From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934833AbeAKPxF (ORCPT + 1 other); Thu, 11 Jan 2018 10:53:05 -0500 Received: from mail-db5eur01on0135.outbound.protection.outlook.com ([104.47.2.135]:52815 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S934483AbeAKPwp (ORCPT ); Thu, 11 Jan 2018 10:52:45 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=ktkhai@virtuozzo.com; Subject: [PATCH 2/4] exec: Assign unshared files after there is no way back From: Kirill Tkhai To: linux-kernel@vger.kernel.org, gregkh@linuxfoundation.org, jslaby@suse.com, viro@zeniv.linux.org.uk, keescook@chromium.org, serge@hallyn.com, james.l.morris@oracle.com, luto@kernel.org, john.johansen@canonical.com, oleg@redhat.com, mingo@kernel.org, akpm@linux-foundation.org, mhocko@suse.com, peterz@infradead.org, ktkhai@virtuozzo.com Date: Thu, 11 Jan 2018 18:50:13 +0300 Message-ID: <151568581368.6090.5877434562731130496.stgit@localhost.localdomain> In-Reply-To: <151568564127.6090.3546718160925256054.stgit@localhost.localdomain> References: <151568564127.6090.3546718160925256054.stgit@localhost.localdomain> User-Agent: StGit/0.18 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: HE1PR0402CA0007.eurprd04.prod.outlook.com (2603:10a6:3:d0::17) To VI1PR0801MB1343.eurprd08.prod.outlook.com (2603:10a6:800:3b::7) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 161743ad-e499-4ff1-53da-08d5590b035b X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(4534020)(4602075)(7168020)(4627115)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020);SRVR:VI1PR0801MB1343; X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1343;3:m7KWWODQI+sNOznN6dGQ80IXfbKCVHMGyb7J9swG28NSS+4uAYYYMTSdkfooPuBV6rW5GyKQfBVtWEsTBlP2OrdMu1UEMrb+SUvAyMiO7QNQMU5M8qWBeMzhaMaO7kNY2q43wGqqeTvwm1auGJUZ3THQywG06pFqYa0zVisG09r2oM/ShnqWgFez3RGOMtIxNeQgSWqC6Bc1RKwUdKQHd5SOw7lsXxuqAx2vhoS0hIuzcSS0KRtYQ0gK1AO8LfOI;25:oCULRxBNX2NcLxrRL0T8YhUkdkWu4UeNjkL1sLzmPJqiVlyE44X3ha/M3uqmJaOHJgOgals/35vsvFu/rZV2vgoO4Eb7DBRrh7hZcziurM0dsD1QMIdJuXjyuehF88uXrPv/TjKw/aEI7RputrOS4vlWO0ZqKdZPsXZyzHOem9Wt0FTruuJNzmsNcrTWRdw6mtAHUoQnb10F5yLM/V+IWNr94R8sje85zF6BI7rwxOBMCYYF9Ub8WTuAU+UgPAatrIKuAvHZX+Ykskeq0QFsWX++ybQ1CiH1aGIFa5GY+dx9vkxv+5RttI1Wk+HL9d2QXRg6Cs6EuAMWlTD8FwPlNQ==;31:wC+bAcuOa5YnGIiaNf2skqGsdnxFWhF2dP6SyDaMHz0Zdk+pDWiavaWMpA/WMxtqV2DBn0rVj6uuUqFs0j91dA4gDYznFrMKSpPXOGaVPCj5375dUm/cy+/psah00lIIjNQAed3kIc8WePNuw5gOioJrZDs3t7OiKcGkjIEnjs0W2ej/pTKpMp30ZR3TV10Igmssac+ZVKS/zpYi/Mak/b/ntGEgpcLy7y1cIADgwmA= X-MS-TrafficTypeDiagnostic: VI1PR0801MB1343: X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1343;20:VqFfzfSh0TU7u5H6bPAf0fAU2HLhPWYErV3CDIoe7BQ264jv+1wzP3S+CGYdCd+zSReSokGWEkwifzh9CqDJzTNF7HIg4e/2TFb7mYiPCiJTF2Zx2CmBCX0cqo8dN3z4VOSs2rvBU+P4qM0Y79Uwm9UH2XIQdwCA/WW5v1wucVvDe8dOBemanvWNxtvhxPTSOtIHcoz3R/o/kw21wBnvxMcxh/l4+e9zhNXn+LQoaki8Yg6RKOrEFKpLKCUv9WeweLwJVsw2vvVKD4Lof+2zsZQZ63JZ/ESN7+mL2jc4l/zBNL0XIKfaSSBcQvZfEpQvM4fvsHkWymqvGIYu3PLoZh197gbbftgpLanzQdRgt8wYVhaDRHO5kF2bC1mWQWBTCd6p/ILnhPZkTS308uGhzLyON35VmYlJNpdaKaCzF+4=;4:CeUcBzDtKPGarIGpdoN6cIQfboJlrUnZ8q7lBsevz4sVT3QnBxSWv5oqak02QVTx2JzmSrUC8r/HeeVGzCvCr5rauxm5i6oPE+uRgB1AiEl3v8XLcsN8sBKBVB7+vE6ZtpBQaDh9ALLmlbnfdRIJLp+5Tk1b9ByOiJ1ZrqRFjz7vfxr1Pr/4AkoNHyQAS3PPTmVnfZexpFtlg9mGF86A5h9INgq5dfM5s8Y9vW14E5WBlxjLiCexYD64/mBhbOB3+CUZz7jUv62vGYhiYlv6cg== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040470)(2401047)(8121501046)(5005006)(3231023)(944501075)(3002001)(93006095)(93001095)(10201501046)(6041268)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(6072148)(201708071742011);SRVR:VI1PR0801MB1343;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:VI1PR0801MB1343; X-Forefront-PRVS: 0549E6FD50 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(6069001)(396003)(39850400004)(346002)(39380400002)(366004)(376002)(199004)(189003)(23676004)(9686003)(58126008)(230700001)(8936002)(7736002)(305945005)(8676002)(316002)(103116003)(3846002)(81156014)(81166006)(7416002)(6116002)(106356001)(105586002)(55016002)(53936002)(478600001)(61506002)(7696005)(6506007)(47776003)(2906002)(386003)(68736007)(55236004)(25786009)(52116002)(76176011)(5660300001)(2486003)(86362001)(59450400001)(66066001)(6666003)(83506002)(575784001)(2950100002)(16526018)(50466002)(97736004)(33896004)(921003)(1121003);DIR:OUT;SFP:1102;SCL:1;SRVR:VI1PR0801MB1343;H:localhost.localdomain;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtWSTFQUjA4MDFNQjEzNDM7MjM6RWtGU0hMWlkrVVJ5aUsxNU1OZ2o0eHNk?= =?utf-8?B?ZG1obmJUU3A2ZFNOVjFub2hpN2RNUXNidTdyblExNlBkTHFucldWeHVqZk1W?= =?utf-8?B?aVJsdCtPNkROOUdPeFNTbTM0NmNSaDB4R25qdXkvbllMQTZUYkVxUjJqblRj?= =?utf-8?B?TEEwS1pxejA5bG11aVl0eE5aUEViMzJVTHBkQ0hDWlMrMlBqTitYeFQ1STVS?= =?utf-8?B?SnFYN2dxNjBTeklwOWpSYXhiUE84dlE5SDB2OFJyR2ZhbzZPSThBNmI5NHdi?= =?utf-8?B?aGpDWGVYbVF4eGxHT0h1SGlrRkNuQUhTTkZuc2JxL2JqUGh3cDNCZ2RtR2Vk?= =?utf-8?B?czIzRGxVTmxzd3NJNUZsZGw5alNJOEw1MFBoM2g3K3AvMTBhZzZkNDZzQ08r?= =?utf-8?B?OHdpZlVqZnZ4OHdISHdyRldtcFBzNXdQTE5VN1docGJUdHJaaCtmeXNwZHds?= =?utf-8?B?TjRqOTJaQ2Z5a09jK1pSVTc5SGVmU2FyRHZaekFQMjdRWElUQVd4eTNjZXlY?= =?utf-8?B?eVFnRm9CR0Qvc3ZsVDY3WWVEOEVCcW5JTkNuSWdSVHpvU1BZZkJ2SWRWSkc5?= =?utf-8?B?RWNiTjBac2NWdm5YKzFEd3Q4Y2JvZ0Y2SjFhS0JYRG9pcWo1NnZFOHRNZEg2?= =?utf-8?B?N3hmbjEwL0F2cTYvWkpmRzRucTR3L3ErNnpCZ3ZYN1FacU9lQmU3OGQxWjc5?= =?utf-8?B?R3FPeUxpanp0azFOUmh5RHFUNmJVWE9mb0drTG9DTGpJSTNWZGE3RnpqajZ5?= =?utf-8?B?Z3dYZmJyQnhlemxYaHVVcHNLL1p5d3cxdlhqN1hxbWhKMjFMSjY3dmJ4YTda?= =?utf-8?B?d2tTc2h6WktsS24yRXhVeHI5emNBYlpzNnBBNWtwV2pIRWxPZzFUNmpNZDgw?= =?utf-8?B?SWsyTXBMYW9pNEIrL1pMQUxSYTViR2RVakxtVGQ4OXFuZm1yU2huTXpQems1?= =?utf-8?B?Y3FwSDcyZUxDWEZ4R2pIRnpUcnRFRFNmN09meGoyMkJ0dzZkRGxEN0VkM1k0?= =?utf-8?B?MGw0REVzdWtpUENtendGWFJYZit6TmJ0a2Z5STh1N1VFTmZsOWtXb3NYYnNL?= =?utf-8?B?WUxjRlo5TUNsTmd0RTJ5bFk4Q1hyRWhQbzFmb3JleXF3NGZycFFIazNWOUhR?= =?utf-8?B?VWRCS1BTMTB0YWNnVjIvNndTR3E0b1M3SGhBNGhiUkpJNElEeEQzNFJ6b3do?= =?utf-8?B?aFRaYzdVOVlLalFpbVlqM2llQzN3Z2F5aFN5aURCS2xsQThGQ1ZhNk0vcXMw?= =?utf-8?B?MkQ0d3ZvT3FMUVRKK1plMkw3YmJJZmlXNkphMG10RjRKeFBJcURpYjloeDQ2?= =?utf-8?B?VTN4UmFXZDVMWTIxaDJDOTNGK1Y4dk00ZzBFL3VveXJxdnF0NkRwakNNbkZM?= =?utf-8?B?a2ZGZW1RUGx6Zlg0ZU1rM251bTVocjlLN1p3amsxS0lGSGNISk4xTUExcDlC?= =?utf-8?B?YngzbEZqSzNOYUxZdUJiSTQzc0hnT3RXQmh6dkF2ajJLRFVYUitLbEFkZnlI?= =?utf-8?B?VVJCTnEvb1FjYkxCRVQvYnB2emlwakVGQ2V6RG4wZmJoSWJWOEh5Z0hqT1dy?= =?utf-8?B?VFB0Y0hZTWtpM1BLMmw5WVkyY1VHWC9DSzNQUlJLRE9RaFVsRDBCRkVmbGVa?= =?utf-8?B?anA4S2F1SktvR09yZjBpZVFrbUFpbHVUTWtXUWtwTkFlejRZenBZOG1WZ2o2?= =?utf-8?Q?GPzxroKLuAu0mXPiZYDMyvM2z399VWr6xHOPN9qwT?= X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1343;6:whjwzbppyKLpgG4cWlYkK6IO/VX/I5lCWbBXCULBD+72eiC2EBdvJa/4uKyPuCLkSGrL7ekUcfVC04bAGAFvxSlcW2p7XlbDXilJjTJ+xzdub+59cC6PixRwrPnZwwtBY0Hi7CkKfqhE2zCaIE6jAeIMc263atnzznXKaNUnKjSnkikpGa49o0d3aER4d00OTcShbRUA6Ugmo0nhfqYO73VYgI5/DBq6GFut90cnPVJHSsIObnmsCyt88lfgnO9Ths5AkyGLMQmX8FXnFjszFaLmW02OslC2tfhMOYT7Pcibo7okZRFkGoeJic1K4clRqK8lYSm1o4BOam+kEV6F7AAMw75socV/8NB2XszzHaU=;5:y4+EFg6Jzs3MOZchk5Epu/Fof5GwGhPu4q8iXpsdML0heEtJ4OEwXreKLRX03oem4EyxexyJ5MuBmSIC69VgFtz7oWiak4kqEOxTTpYKDgIqqQk4p79wH3Ln76C1gvks/0TdE7NdURkc2ht9edkyrUzB38jcpkDK8R/oNJk9b+s=;24:Zv07HOuUnuLUN7cVC30xDczvFegmkGkCEau66KY0M+i1DCEQXjKG6bz+Qk44GZcnZmFHsvGwI7yDo7nx8cuS7fI7SFTUCAaDRJcDIFtZRVQ=;7:bseiUoJmJCOtNE877ySAcqW/pJZugjz/WImhlC4Ez/wW3SYztLDxwGo0wQT88LmUU0FuITkt/+5uW7G/S4aY58RuPEt1TlUx1eMzXub6huKfw92lbGh5U2ocUZJwDm3e710uCHjb8Id41DKntm6m1lr2siTKDTrZ8fcJNeqxHB36O4rx1G8/z5tk2S+nKcBaK1veBLhDncoYClp5NH/EpL7hQ679aFcUeN/g0/2hkh5T+23fUBT8ygYHJy3zQsKr SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;VI1PR0801MB1343;20:jXlTy6juKa3kp78Sj0d3AaLoh1oFYXUZUu22VbWdJTTcQxx+wta3J55BnmRrqaxsWrMrQFY8mpHmbERjduLuJtp7WNAWDSiaDmrJCDHygPvD6iz0GorAWflib0/+5nzZ53xBllKF1BRplhpCXt0wBeyUBDQfxVP74PZAkh0HBLg= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2018 15:50:16.5497 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 161743ad-e499-4ff1-53da-08d5590b035b X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1343 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: The patch makes unshared files_struct to be assigned after exec or coredump are known to be successeful. Since previous patch converted all load_binary methods to use linux_binprm::new_files instead of current->files, now we are able to assign unshared_files after load_binary call. This change makes task->files more predictable and since that we may analyse the only thread's files pointer to determ either the task contains a fd or not, and not be afraid of race with failing exec. Next patch will use this feature to skip thread group iteration in __do_SAK(), and also this predictability may be useful for something else. Also note, that without the patch we skip failing exec, when we are doing the iterations in __do_SAK(), and these tasks remain alive. The patch also fixes this rare issue. Signed-off-by: Kirill Tkhai --- fs/binfmt_misc.c | 2 -- fs/coredump.c | 9 +++++---- fs/exec.c | 15 ++++++++------- fs/file.c | 2 +- include/linux/fdtable.h | 4 ++-- kernel/fork.c | 19 +++++++------------ 6 files changed, 23 insertions(+), 28 deletions(-) diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 13c1fae45717..7568456895c7 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -242,8 +242,6 @@ static int load_misc_binary(struct linux_binprm *bprm) dput(fmt->dentry); return retval; error: - if (fd_binary > 0) - sys_close(fd_binary); bprm->interp_flags = 0; bprm->interp_data = 0; goto ret; diff --git a/fs/coredump.c b/fs/coredump.c index 1e2c87acac9b..fe5a4504d975 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -546,7 +546,7 @@ void do_coredump(const siginfo_t *siginfo) struct cred *cred; int retval = 0; int ispipe; - struct files_struct *displaced; + struct files_struct *files; /* require nonrelative corefile path and be extra careful */ bool need_suid_safe = false; bool core_dumped = false; @@ -747,11 +747,12 @@ void do_coredump(const siginfo_t *siginfo) } /* get us an unshared descriptor table; almost always a no-op */ - retval = unshare_files(&displaced); + files = unshare_files(); + retval = PTR_ERR_OR_ZERO(files); if (retval) goto close_fail; - if (displaced) - put_files_struct(displaced); + if (files != current->files) + assign_files_struct(files); if (!dump_interrupted()) { file_start_write(cprm.file); core_dumped = binfmt->core_dump(&cprm); diff --git a/fs/exec.c b/fs/exec.c index 4c3b924ae103..ced4dc09444a 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1699,7 +1699,7 @@ static int do_execveat_common(int fd, struct filename *filename, char *pathbuf = NULL; struct linux_binprm *bprm; struct file *file; - struct files_struct *displaced; + struct files_struct *files; int retval; if (IS_ERR(filename)) @@ -1721,7 +1721,8 @@ static int do_execveat_common(int fd, struct filename *filename, * further execve() calls fail. */ current->flags &= ~PF_NPROC_EXCEEDED; - retval = unshare_files(&displaced); + files = unshare_files(); + retval = PTR_ERR_OR_ZERO(files); if (retval) goto out_ret; @@ -1729,7 +1730,7 @@ static int do_execveat_common(int fd, struct filename *filename, bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); if (!bprm) goto out_files; - bprm->new_files = current->files; + bprm->new_files = files; retval = prepare_bprm_creds(bprm); if (retval) @@ -1813,8 +1814,8 @@ static int do_execveat_common(int fd, struct filename *filename, free_bprm(bprm); kfree(pathbuf); putname(filename); - if (displaced) - put_files_struct(displaced); + if (files != current->files) + assign_files_struct(files); return retval; out: @@ -1832,8 +1833,8 @@ static int do_execveat_common(int fd, struct filename *filename, kfree(pathbuf); out_files: - if (displaced) - reset_files_struct(displaced); + if (files != current->files) + put_files_struct(files); out_ret: putname(filename); return retval; diff --git a/fs/file.c b/fs/file.c index e578e5537c32..7ed519c65d0b 100644 --- a/fs/file.c +++ b/fs/file.c @@ -427,7 +427,7 @@ void put_files_struct(struct files_struct *files) } } -void reset_files_struct(struct files_struct *files) +void assign_files_struct(struct files_struct *files) { struct task_struct *tsk = current; struct files_struct *old; diff --git a/include/linux/fdtable.h b/include/linux/fdtable.h index 1c65817673db..00db7eadf895 100644 --- a/include/linux/fdtable.h +++ b/include/linux/fdtable.h @@ -104,8 +104,8 @@ struct task_struct; struct files_struct *get_files_struct(struct task_struct *); void put_files_struct(struct files_struct *fs); -void reset_files_struct(struct files_struct *); -int unshare_files(struct files_struct **); +void assign_files_struct(struct files_struct *); +struct files_struct *unshare_files(void); struct files_struct *dup_fd(struct files_struct *, int *) __latent_entropy; void do_close_on_exec(struct files_struct *); int iterate_fd(struct files_struct *, unsigned, diff --git a/kernel/fork.c b/kernel/fork.c index 2295fc69717f..7690734eb354 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2434,22 +2434,17 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) * the exec layer of the kernel. */ -int unshare_files(struct files_struct **displaced) +struct files_struct *unshare_files(void) { struct task_struct *task = current; - struct files_struct *copy = NULL; + struct files_struct *files = task->files; int error; - error = unshare_fd(CLONE_FILES, ©); - if (error || !copy) { - *displaced = NULL; - return error; - } - *displaced = task->files; - task_lock(task); - task->files = copy; - task_unlock(task); - return 0; + error = unshare_fd(CLONE_FILES, &files); + if (error) + return ERR_PTR(error); + + return files; } int sysctl_max_threads(struct ctl_table *table, int write,