From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=2lSW=4T=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=3.0 tests=FREEMAIL_FORGED_FROMDOMAIN,
	FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 132A7C3F2CD
	for <linux-mm@archiver.kernel.org>; Mon,  2 Mar 2020 16:06:05 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id C47E82173E
	for <linux-mm@archiver.kernel.org>; Mon,  2 Mar 2020 16:06:04 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C47E82173E
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=hotmail.de
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 5F7B16B0003; Mon,  2 Mar 2020 11:06:04 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 5A85A6B0005; Mon,  2 Mar 2020 11:06:04 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 496366B0006; Mon,  2 Mar 2020 11:06:04 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 2E8726B0003
	for <linux-mm@kvack.org>; Mon,  2 Mar 2020 11:06:04 -0500 (EST)
Received: from smtpin17.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id C14E43FA60
	for <linux-mm@kvack.org>; Mon,  2 Mar 2020 16:06:03 +0000 (UTC)
X-FDA: 76550898606.17.veil43_8d46f57448904
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin17.hostedemail.com (Postfix) with ESMTP id D7FF3180388FC
	for <linux-mm@kvack.org>; Mon,  2 Mar 2020 16:02:51 +0000 (UTC)
X-HE-Tag: veil43_8d46f57448904
X-Filterd-Recvd-Size: 8554
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-oln040092073012.outbound.protection.outlook.com [40.92.73.12])
	by imf39.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon,  2 Mar 2020 16:02:50 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=je2RXnG16y7NtkPWMF1zyTw5A33hyaZklCJPpq2ssSJno+cm3UGWwnoP4UWF8XLgHj0kc9Q2kidPh0ttod03kCAYm9L2umMtrvoGsVoUH+z+lifyTzUy6NHJYsp0hMrMuz5aRV3ghBrUDzh4nuveB2YSgkWGEubOHLYpadSpU9cKXpvI+LHob56TDaiVs3MyIUpqyVOGk94tq80p8rEIpLOhVTaPuk342FCdSqRg8mMR1s7PgERsiA4UJrQQF1BKR8TaUjDQX5derZeG5bCqEx8cWNnTNfFZ+uDCHywB8QQ2QpPrac21SnFvvAHbEnpL80fIhlf9QY948BLsaXMUBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ugYMYDjtDWGkDUB+qcm3BpyPM1qsEjY4td3FtEgCv5o=;
 b=KEdz1wAqCyGKNR6LMG8VWFYrUTImppcPYJMExRojR2pMQqWx6qN6d150pMyvf7JP1JFohfCD05GfFCtbih5qKtKt3BxRGyFxj/72MAMkzKO0yeH3BSc0W5lO/LmIWZSqkVG7fGwCqBG6zboB9kM1ExmuRMCbs0U+zwf/807q35+6p+nvZXGBoycVgbEM4qAcHukLa8ZCU8q+q9mmjqVVc4PRZbITk0MjC2/rAv9661whhfTtO+1mj1jedLYk9c4GgMhkhvw8cGajtK/R4kAof/7kHQpjPaePhg5WpVBgNgmLYhuH6RGWKJ0rkN7SGXaxv1dun17epIypmJuX9ddc2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
Received: from DB3EUR04FT028.eop-eur04.prod.protection.outlook.com
 (2a01:111:e400:7e0c::39) by
 DB3EUR04HT086.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0c::111)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.15; Mon, 2 Mar
 2020 16:02:46 +0000
Received: from AM6PR03MB5170.eurprd03.prod.outlook.com (10.152.24.58) by
 DB3EUR04FT028.mail.protection.outlook.com (10.152.24.200) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2772.15 via Frontend Transport; Mon, 2 Mar 2020 16:02:46 +0000
Received: from AM6PR03MB5170.eurprd03.prod.outlook.com
 ([fe80::1956:d274:cab3:b4dd]) by AM6PR03MB5170.eurprd03.prod.outlook.com
 ([fe80::1956:d274:cab3:b4dd%6]) with mapi id 15.20.2772.019; Mon, 2 Mar 2020
 16:02:46 +0000
Received: from [192.168.1.101] (92.77.140.102) by FRYP281CA0013.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.14 via Frontend Transport; Mon, 2 Mar 2020 16:02:45 +0000
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
To: "Eric W. Biederman" <ebiederm@xmission.com>
CC: Jann Horn <jannh@google.com>, Christian Brauner
	<christian.brauner@ubuntu.com>, Jonathan Corbet <corbet@lwn.net>, Alexander
 Viro <viro@zeniv.linux.org.uk>, Andrew Morton <akpm@linux-foundation.org>,
	Alexey Dobriyan <adobriyan@gmail.com>, Thomas Gleixner <tglx@linutronix.de>,
	Oleg Nesterov <oleg@redhat.com>, Frederic Weisbecker <frederic@kernel.org>,
	Andrei Vagin <avagin@gmail.com>, Ingo Molnar <mingo@kernel.org>, "Peter
 Zijlstra (Intel)" <peterz@infradead.org>, Yuyang Du <duyuyang@gmail.com>,
	David Hildenbrand <david@redhat.com>, Sebastian Andrzej Siewior
	<bigeasy@linutronix.de>, Anshuman Khandual <anshuman.khandual@arm.com>, David
 Howells <dhowells@redhat.com>, James Morris <jamorris@linux.microsoft.com>,
	Kees Cook <keescook@chromium.org>, Greg Kroah-Hartman
	<gregkh@linuxfoundation.org>, Shakeel Butt <shakeelb@google.com>, Jason
 Gunthorpe <jgg@ziepe.ca>, Christian Kellner <christian@kellner.me>, Andrea
 Arcangeli <aarcange@redhat.com>, Aleksa Sarai <cyphar@cyphar.com>, "Dmitry V.
 Levin" <ldv@altlinux.org>, "linux-doc@vger.kernel.org"
	<linux-doc@vger.kernel.org>, "linux-kernel@vger.kernel.org"
	<linux-kernel@vger.kernel.org>, "linux-fsdevel@vger.kernel.org"
	<linux-fsdevel@vger.kernel.org>, "linux-mm@kvack.org" <linux-mm@kvack.org>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [PATCHv2] exec: Fix a deadlock in ptrace
Thread-Topic: [PATCHv2] exec: Fix a deadlock in ptrace
Thread-Index: AQHV8AjGwZG4WijWc0+aQpdADP+q6qg02ufjgACXoYCAAASqH4AAAMAA
Date: Mon, 2 Mar 2020 16:02:46 +0000
Message-ID:
 <AM6PR03MB51704206634C009500A8080DE4E70@AM6PR03MB5170.eurprd03.prod.outlook.com>
References:
 <AM6PR03MB5170B06F3A2B75EFB98D071AE4E60@AM6PR03MB5170.eurprd03.prod.outlook.com>
 <CAG48ez3QHVpMJ9Rb_Q4LEE6uAqQJeS1Myu82U=fgvUfoeiscgw@mail.gmail.com>
 <20200301185244.zkofjus6xtgkx4s3@wittgenstein>
 <CAG48ez3mnYc84iFCA25-rbJdSBi3jh9hkp569XZTbFc_9WYbZw@mail.gmail.com>
 <AM6PR03MB5170EB4427BF5C67EE98FF09E4E60@AM6PR03MB5170.eurprd03.prod.outlook.com>
 <87a74zmfc9.fsf@x220.int.ebiederm.org>
 <AM6PR03MB517071DEF894C3D72D2B4AE2E4E70@AM6PR03MB5170.eurprd03.prod.outlook.com>
 <87k142lpfz.fsf@x220.int.ebiederm.org>
In-Reply-To: <87k142lpfz.fsf@x220.int.ebiederm.org>
Accept-Language: en-US, en-GB, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: FRYP281CA0013.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10::23)
 To AM6PR03MB5170.eurprd03.prod.outlook.com (2603:10a6:20b:ca::23)
x-incomingtopheadermarker:
 OriginalChecksum:EE7FB4A1F22E77C5C75377EF02B552EB133B89EE617356F5276311CEA1CF0AD8;UpperCasedChecksum:496B99C73651966DAA91F10A28864B699E97B29E8D02E46B5F5DE04D6DB6FF0D;SizeAsReceived:9310;Count:50
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [kSYEysC4SiccGesrCrUHP0/d1EvB53nl]
x-microsoft-original-message-id:
 <dd57f56a-436e-067b-66e5-d2b8d6465139@hotmail.de>
x-ms-publictraffictype: Email
x-incomingheadercount: 50
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: 616d6ef6-bc85-4308-8d3a-08d7bec32617
x-ms-traffictypediagnostic: DB3EUR04HT086:
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info:
 eEK+e5KAclWlOlAAn8XMCi95cq3q9/R7QdS9DM4ouOxM70qm4UKOk4cm+9tzQBoIW8rQbjKhc5hh6EVO9IRLzeM2YMN44TvQgPy7ge7MwSQoxh3/5voQCMWCMXOF9ZVOtu7Sfjx2UZiK+Xa67hEdgX0uxD98uddpwGxcCyP4qi37WwHzWT5r5dZmVDEuZXe+
x-ms-exchange-antispam-messagedata:
 ohDQMtYLuVYlPaKhrZLlFUvPCsox8rDD54wuxyD6Ka1bHs2ImLJaxG7p6YlusvReXllRwXlxHEwEKfaJCg1MNBUQJ3pWXEKTQYbEN01VDWz+662eMoMTCCzgFzIEDKse+sIzjsVuAsbuiLVRMcR7IA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <B4FA37A5D9EF064A8F106F1FF744B0E3@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 616d6ef6-bc85-4308-8d3a-08d7bec32617
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2020 16:02:46.6050
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3EUR04HT086
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>



On 3/2/20 4:57 PM, Eric W. Biederman wrote:
> Bernd Edlinger <bernd.edlinger@hotmail.de> writes:
>=20
>>
>> I tried this with s/EACCESS/EACCES/.
>>
>> The test case in this patch is not fixed, but strace does not freeze,
>> at least with my setup where it did freeze repeatable.
>=20
> Thanks, That is what I was aiming at.
>=20
> So we have one method we can pursue to fix this in practice.
>=20
>> That is
>> obviously because it bypasses the cred_guard_mutex.  But all other
>> process that access this file still freeze, and cannot be
>> interrupted except with kill -9.
>>
>> However that smells like a denial of service, that this
>> simple test case which can be executed by guest, creates a /proc/$pid/me=
m
>> that freezes any process, even root, when it looks at it.
>> I mean: "ln -s README /proc/$pid/mem" would be a nice bomb.
>=20
> Yes.  Your the test case in your patch a variant of the original
> problem.
>=20
>=20
> I have been staring at this trying to understand the fundamentals of the
> original deeper problem.
>=20
> The current scope of cred_guard_mutex in exec is because being ptraced
> causes suid exec to act differently.  So we need to know early if we are
> ptraced.
>=20

It has a second use, that it prevents two threads entering execve,
which would probably result in disaster.

> If that case did not exist we could reduce the scope of the
> cred_guard_mutex in exec to where your patch puts the cred_change_mutex.
>=20
> I am starting to think reworking how we deal with ptrace and exec is the
> way to solve this problem.
>=20
> Eric
>=20