From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.7 required=3.0 tests=FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C0C7C4332B for ; Sat, 21 Mar 2020 02:46:44 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 2AF2A2072D for ; Sat, 21 Mar 2020 02:46:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2AF2A2072D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=hotmail.de Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 7F6C46B0005; Fri, 20 Mar 2020 22:46:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7A6B66B0007; Fri, 20 Mar 2020 22:46:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 695566B0008; Fri, 20 Mar 2020 22:46:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0043.hostedemail.com [216.40.44.43]) by kanga.kvack.org (Postfix) with ESMTP id 4E3316B0005 for ; Fri, 20 Mar 2020 22:46:43 -0400 (EDT) Received: from smtpin24.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 0903E181AC9CB for ; Sat, 21 Mar 2020 02:46:43 +0000 (UTC) X-FDA: 76617831486.24.fuel66_74bf4ec077a19 X-HE-Tag: fuel66_74bf4ec077a19 X-Filterd-Recvd-Size: 20323 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05olkn2022.outbound.protection.outlook.com [40.92.89.22]) by imf42.hostedemail.com (Postfix) with ESMTP for ; Sat, 21 Mar 2020 02:46:42 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GkcjTtZyC725zHA5Er8F7OgVXCGjm+84rgygVAzoMErbM9DGm8Z8zexf2yf5hbrkvZFlelZoMKykiQDsKUVPgU47sJsl3XUmUB6YKNNFvAOddxhD/7RZm8RUMeiJFNyXMNTeuXO8fpT2iQLvdoIz1jPKI7Hdw6cyJ7ks8IEjA63u07fu07Ayq9oDC7CSwXUyvmrG3+46uNkcblbm11MdiGUG0UMhgcsF5HlRQLSQ5kqjknA0qZ9NeTV8QmuQVTynzm++2I50+iUXeaAfKjuP7lqSO9OoBsVrQeQil4nNK4g/dWIcyuRSlv8as2OS+/4Bwib2kcZPzbI8qMoyHI8NeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HrAGETUOOR00oWkTH1jVZj3wNsKFfXHc2eWH+SBowEY=; b=YDrHQ5NZfzHrzhGDDDMv6jqqviaz4ccgpXwvncunyqLNVgXc4pqt2jaEOXOG0JEX8/9iq619hr0UItKqd1TTrSCJ1XBlfclW3yZlotDgx9acBQDNngERVfyqFvVRNRebCALqrc7w3gdy+ZvXKJJSq+fHNAqlHDoY6uzUajHD+X0962W0GJq67EgwoV42A9tCCVL5s/YA2RBxprfrImPQ+QHLkvOLVAwCfr3PNKXshNfGawhrEVjfBFbPMerjsynWZqm7Parw3NM7pXh+B4tARIhFMUC6mPVPrI/G+eNCTaspAdbVIabhvbSorVh11BNQ2wzw4TJOLtNXBFgv3f9Nhw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from VI1EUR05FT062.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc12::3a) by VI1EUR05HT017.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc12::128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.13; Sat, 21 Mar 2020 02:46:39 +0000 Received: from AM6PR03MB5170.eurprd03.prod.outlook.com (10.233.242.53) by VI1EUR05FT062.mail.protection.outlook.com (10.233.243.189) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.13 via Frontend Transport; Sat, 21 Mar 2020 02:46:39 +0000 Received: from AM6PR03MB5170.eurprd03.prod.outlook.com ([fe80::1956:d274:cab3:b4dd]) by AM6PR03MB5170.eurprd03.prod.outlook.com ([fe80::1956:d274:cab3:b4dd%6]) with mapi id 15.20.2835.017; Sat, 21 Mar 2020 02:46:39 +0000 From: Bernd Edlinger To: "gregkh@linuxfoundation.org" , Kirill Tkhai , "Eric W. Biederman" , Christian Brauner , Kees Cook , "jannh@google.com" , Jonathan Corbet , Alexander Viro , Andrew Morton , "adobriyan@gmail.com" , Thomas Gleixner , Oleg Nesterov , Frederic Weisbecker , "avagin@gmail.com" , Ingo Molnar , "Peter Zijlstra (Intel)" , "duyuyang@gmail.com" , David Hildenbrand , Sebastian Andrzej Siewior , Anshuman Khandual , David Howells , James Morris , Shakeel Butt , Jason Gunthorpe , "christian@kellner.me" , Andrea Arcangeli , Aleksa Sarai , "Dmitry V. Levin" , "linux-doc@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "linux-mm@kvack.org" , "stable@vger.kernel.org" , "linux-api@vger.kernel.org" Subject: [PATCH v6 15/16] exec: Fix dead-lock in de_thread with ptrace_attach Thread-Topic: [PATCH v6 15/16] exec: Fix dead-lock in de_thread with ptrace_attach Thread-Index: AQHV/vVBkMzNaks2Z02xBb/IaJAhLA== Date: Sat, 21 Mar 2020 02:46:39 +0000 Message-ID: References: <077b63b7-6f5e-aa8e-bf96-a586b481cc46@hotmail.de> In-Reply-To: <077b63b7-6f5e-aa8e-bf96-a586b481cc46@hotmail.de> Accept-Language: en-US, en-GB, de-DE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-imapappendstamp: AM6PR03MB5170.eurprd03.prod.outlook.com (15.20.2835.016) x-incomingtopheadermarker: OriginalChecksum:489F560D31A1C03A99AF43DDB9F7AC0F40B81002AF4B969270706C8F2B0A34EA;UpperCasedChecksum:71D2817F1CE3405C3F7E3BE2D36765A7F89AA81C1164C162EB5CA1AE362A08F4;SizeAsReceived:8494;Count:46 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [8lfxNVI790QoilAR3tkzuvxYtUCcE/vl] x-ms-publictraffictype: Email x-incomingheadercount: 46 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: 860235a6-2396-4787-2d80-08d7cd4214bf x-ms-traffictypediagnostic: VI1EUR05HT017: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: XvY6Ur0KiRHbEoS08p5oa/K5trBg8Lv8svneO6lKgIKSl0weqxGhiyutGsMtn7FsGT2mt+3q85wDmWKHr+XGavNyGrgdIopDSz1oP0BXOJiGDeGI20naiFAr5iFjFssRb9zt38XQlSTWSjtd+WEyZys9xQ5lHW7V12xDC2zUkbSLOT4OWHrD4dCnM4NyfNsB x-ms-exchange-antispam-messagedata: rGLddUF8Lm8FlsKEBeWCHAcUcyCGsLRU/puBpeKF5om/44q7+N9KfRx89qquxPNvgSZIedeRs8sgMJGGzDjWI5PM5py8uKOvGz33jhhJKoyjmYFWS3MuNlLCDVOICuoGCLYHhyBJuO774fYny62YHw== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-ID: <5BDE9C7CED3FA9408FFFAFF6E15DC696@sct-15-20-2387-20-msonline-outlook-45755.templateTenant> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 860235a6-2396-4787-2d80-08d7cd4214bf X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Mar 2020 02:46:39.4444 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1EUR05HT017 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This removes the last users of cred_guard_mutex=0A= and replaces it with a new mutex exec_guard_mutex,=0A= and a boolean unsafe_execve_in_progress.=0A= =0A= This addresses the case when at least one of the=0A= sibling threads is traced, and therefore the trace=0A= process may dead-lock in ptrace_attach, but de_thread=0A= will need to wait for the tracer to continue execution.=0A= =0A= The solution is to detect this situation and make=0A= ptrace_attach and similar functions return -EAGAIN,=0A= but only in a situation where a dead-lock is imminent.=0A= =0A= This means this is an API change, but only when the=0A= process is traced while execve happens in a=0A= multi-threaded application.=0A= =0A= See tools/testing/selftests/ptrace/vmaccess.c=0A= for a test case that gets fixed by this change.=0A= =0A= Signed-off-by: Bernd Edlinger =0A= ---=0A= fs/exec.c | 44 +++++++++++++++++++++++++++++++++++-----= ----=0A= fs/proc/base.c | 13 ++++++++-----=0A= include/linux/sched/signal.h | 14 +++++++++-----=0A= init/init_task.c | 2 +-=0A= kernel/cred.c | 2 +-=0A= kernel/fork.c | 2 +-=0A= kernel/ptrace.c | 20 +++++++++++++++++---=0A= kernel/seccomp.c | 15 +++++++++------=0A= 8 files changed, 81 insertions(+), 31 deletions(-)=0A= =0A= diff --git a/fs/exec.c b/fs/exec.c=0A= index 0e46ec5..2056562 100644=0A= --- a/fs/exec.c=0A= +++ b/fs/exec.c=0A= @@ -1078,14 +1078,26 @@ static int de_thread(struct task_struct *tsk)=0A= struct signal_struct *sig =3D tsk->signal;=0A= struct sighand_struct *oldsighand =3D tsk->sighand;=0A= spinlock_t *lock =3D &oldsighand->siglock;=0A= + struct task_struct *t =3D tsk;=0A= =0A= if (thread_group_empty(tsk))=0A= goto no_thread_group;=0A= =0A= + spin_lock_irq(lock);=0A= + while_each_thread(tsk, t) {=0A= + if (unlikely(t->ptrace))=0A= + sig->unsafe_execve_in_progress =3D true;=0A= + }=0A= +=0A= + if (unlikely(sig->unsafe_execve_in_progress)) {=0A= + spin_unlock_irq(lock);=0A= + mutex_unlock(&sig->exec_guard_mutex);=0A= + spin_lock_irq(lock);=0A= + }=0A= +=0A= /*=0A= * Kill all other threads in the thread group.=0A= */=0A= - spin_lock_irq(lock);=0A= if (signal_group_exit(sig)) {=0A= /*=0A= * Another group action in progress, just=0A= @@ -1429,22 +1441,30 @@ void finalize_exec(struct linux_binprm *bprm)=0A= EXPORT_SYMBOL(finalize_exec);=0A= =0A= /*=0A= - * Prepare credentials and lock ->cred_guard_mutex.=0A= + * Prepare credentials and lock ->exec_guard_mutex.=0A= * install_exec_creds() commits the new creds and drops the lock.=0A= * Or, if exec fails before, free_bprm() should release ->cred and=0A= * and unlock.=0A= */=0A= static int prepare_bprm_creds(struct linux_binprm *bprm)=0A= {=0A= - if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex))=0A= + int ret;=0A= +=0A= + if (mutex_lock_interruptible(¤t->signal->exec_guard_mutex))=0A= return -ERESTARTNOINTR;=0A= =0A= + ret =3D -EAGAIN;=0A= + if (unlikely(current->signal->unsafe_execve_in_progress))=0A= + goto out;=0A= +=0A= bprm->cred =3D prepare_exec_creds();=0A= if (likely(bprm->cred))=0A= return 0;=0A= =0A= - mutex_unlock(¤t->signal->cred_guard_mutex);=0A= - return -ENOMEM;=0A= + ret =3D -ENOMEM;=0A= +out:=0A= + mutex_unlock(¤t->signal->exec_guard_mutex);=0A= + return ret;=0A= }=0A= =0A= static void free_bprm(struct linux_binprm *bprm)=0A= @@ -1453,7 +1473,10 @@ static void free_bprm(struct linux_binprm *bprm)=0A= if (bprm->cred) {=0A= if (bprm->called_exec_mmap)=0A= mutex_unlock(¤t->signal->exec_update_mutex);=0A= - mutex_unlock(¤t->signal->cred_guard_mutex);=0A= + if (unlikely(current->signal->unsafe_execve_in_progress))=0A= + mutex_lock(¤t->signal->exec_guard_mutex);=0A= + current->signal->unsafe_execve_in_progress =3D false;=0A= + mutex_unlock(¤t->signal->exec_guard_mutex);=0A= abort_creds(bprm->cred);=0A= }=0A= if (bprm->file) {=0A= @@ -1497,19 +1520,22 @@ void install_exec_creds(struct linux_binprm *bprm)= =0A= if (get_dumpable(current->mm) !=3D SUID_DUMP_USER)=0A= perf_event_exit_task(current);=0A= /*=0A= - * cred_guard_mutex must be held at least to this point to prevent=0A= + * exec_guard_mutex must be held at least to this point to prevent=0A= * ptrace_attach() from altering our determination of the task's=0A= * credentials; any time after this it may be unlocked.=0A= */=0A= security_bprm_committed_creds(bprm);=0A= mutex_unlock(¤t->signal->exec_update_mutex);=0A= - mutex_unlock(¤t->signal->cred_guard_mutex);=0A= + if (unlikely(current->signal->unsafe_execve_in_progress))=0A= + mutex_lock(¤t->signal->exec_guard_mutex);=0A= + current->signal->unsafe_execve_in_progress =3D false;=0A= + mutex_unlock(¤t->signal->exec_guard_mutex);=0A= }=0A= EXPORT_SYMBOL(install_exec_creds);=0A= =0A= /*=0A= * determine how safe it is to execute the proposed program=0A= - * - the caller must hold ->cred_guard_mutex to protect against=0A= + * - the caller must hold ->exec_guard_mutex to protect against=0A= * PTRACE_ATTACH or seccomp thread-sync=0A= */=0A= static void check_unsafe_exec(struct linux_binprm *bprm)=0A= diff --git a/fs/proc/base.c b/fs/proc/base.c=0A= index 6b13fc4..a428536 100644=0A= --- a/fs/proc/base.c=0A= +++ b/fs/proc/base.c=0A= @@ -2680,14 +2680,17 @@ static ssize_t proc_pid_attr_write(struct file * fi= le, const char __user * buf,=0A= }=0A= =0A= /* Guard against adverse ptrace interaction */=0A= - rv =3D mutex_lock_interruptible(¤t->signal->cred_guard_mutex);=0A= + rv =3D mutex_lock_interruptible(¤t->signal->exec_guard_mutex);=0A= if (rv < 0)=0A= goto out_free;=0A= =0A= - rv =3D security_setprocattr(PROC_I(inode)->op.lsm,=0A= - file->f_path.dentry->d_name.name, page,=0A= - count);=0A= - mutex_unlock(¤t->signal->cred_guard_mutex);=0A= + if (unlikely(current->signal->unsafe_execve_in_progress))=0A= + rv =3D -EAGAIN;=0A= + else=0A= + rv =3D security_setprocattr(PROC_I(inode)->op.lsm,=0A= + file->f_path.dentry->d_name.name,=0A= + page, count);=0A= + mutex_unlock(¤t->signal->exec_guard_mutex);=0A= out_free:=0A= kfree(page);=0A= out:=0A= diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h=0A= index a29df79..e83cef2 100644=0A= --- a/include/linux/sched/signal.h=0A= +++ b/include/linux/sched/signal.h=0A= @@ -212,6 +212,13 @@ struct signal_struct {=0A= #endif=0A= =0A= /*=0A= + * Set while execve is executing but is *not* holding=0A= + * exec_guard_mutex to avoid possible dead-locks.=0A= + * Only valid when exec_guard_mutex is held.=0A= + */=0A= + bool unsafe_execve_in_progress;=0A= +=0A= + /*=0A= * Thread is the potential origin of an oom condition; kill first on=0A= * oom=0A= */=0A= @@ -222,11 +229,8 @@ struct signal_struct {=0A= struct mm_struct *oom_mm; /* recorded mm when the thread group got=0A= * killed by the oom killer */=0A= =0A= - struct mutex cred_guard_mutex; /* guard against foreign influences on=0A= - * credential calculations=0A= - * (notably. ptrace)=0A= - * Deprecated do not use in new code.=0A= - * Use exec_update_mutex instead.=0A= + struct mutex exec_guard_mutex; /* Held while execve runs, except when=0A= + * a sibling thread is being traced.=0A= */=0A= struct mutex exec_update_mutex; /* Held while task_struct is being=0A= * updated during exec, and may have=0A= diff --git a/init/init_task.c b/init/init_task.c=0A= index bd403ed..6f96327 100644=0A= --- a/init/init_task.c=0A= +++ b/init/init_task.c=0A= @@ -25,7 +25,7 @@=0A= },=0A= .multiprocess =3D HLIST_HEAD_INIT,=0A= .rlim =3D INIT_RLIMITS,=0A= - .cred_guard_mutex =3D __MUTEX_INITIALIZER(init_signals.cred_guard_mutex),= =0A= + .exec_guard_mutex =3D __MUTEX_INITIALIZER(init_signals.exec_guard_mutex),= =0A= .exec_update_mutex =3D __MUTEX_INITIALIZER(init_signals.exec_update_mutex= ),=0A= #ifdef CONFIG_POSIX_TIMERS=0A= .posix_timers =3D LIST_HEAD_INIT(init_signals.posix_timers),=0A= diff --git a/kernel/cred.c b/kernel/cred.c=0A= index 71a7926..341ca59 100644=0A= --- a/kernel/cred.c=0A= +++ b/kernel/cred.c=0A= @@ -295,7 +295,7 @@ struct cred *prepare_creds(void)=0A= =0A= /*=0A= * Prepare credentials for current to perform an execve()=0A= - * - The caller must hold ->cred_guard_mutex=0A= + * - The caller must hold ->exec_guard_mutex=0A= */=0A= struct cred *prepare_exec_creds(void)=0A= {=0A= diff --git a/kernel/fork.c b/kernel/fork.c=0A= index e23ccac..98012f7 100644=0A= --- a/kernel/fork.c=0A= +++ b/kernel/fork.c=0A= @@ -1593,7 +1593,7 @@ static int copy_signal(unsigned long clone_flags, str= uct task_struct *tsk)=0A= sig->oom_score_adj =3D current->signal->oom_score_adj;=0A= sig->oom_score_adj_min =3D current->signal->oom_score_adj_min;=0A= =0A= - mutex_init(&sig->cred_guard_mutex);=0A= + mutex_init(&sig->exec_guard_mutex);=0A= mutex_init(&sig->exec_update_mutex);=0A= =0A= return 0;=0A= diff --git a/kernel/ptrace.c b/kernel/ptrace.c=0A= index 43d6179..221759e 100644=0A= --- a/kernel/ptrace.c=0A= +++ b/kernel/ptrace.c=0A= @@ -392,9 +392,13 @@ static int ptrace_attach(struct task_struct *task, lon= g request,=0A= * under ptrace.=0A= */=0A= retval =3D -ERESTARTNOINTR;=0A= - if (mutex_lock_interruptible(&task->signal->cred_guard_mutex))=0A= + if (mutex_lock_interruptible(&task->signal->exec_guard_mutex))=0A= goto out;=0A= =0A= + retval =3D -EAGAIN;=0A= + if (unlikely(task->signal->unsafe_execve_in_progress))=0A= + goto unlock_creds;=0A= +=0A= task_lock(task);=0A= retval =3D __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS);=0A= task_unlock(task);=0A= @@ -447,7 +451,7 @@ static int ptrace_attach(struct task_struct *task, long= request,=0A= unlock_tasklist:=0A= write_unlock_irq(&tasklist_lock);=0A= unlock_creds:=0A= - mutex_unlock(&task->signal->cred_guard_mutex);=0A= + mutex_unlock(&task->signal->exec_guard_mutex);=0A= out:=0A= if (!retval) {=0A= /*=0A= @@ -472,10 +476,18 @@ static int ptrace_attach(struct task_struct *task, lo= ng request,=0A= */=0A= static int ptrace_traceme(void)=0A= {=0A= - int ret =3D -EPERM;=0A= + int ret;=0A= +=0A= + if (mutex_lock_interruptible(¤t->signal->exec_guard_mutex))=0A= + return -ERESTARTNOINTR;=0A= +=0A= + ret =3D -EAGAIN;=0A= + if (unlikely(current->signal->unsafe_execve_in_progress))=0A= + goto unlock_creds;=0A= =0A= write_lock_irq(&tasklist_lock);=0A= /* Are we already being traced? */=0A= + ret =3D -EPERM;=0A= if (!current->ptrace) {=0A= ret =3D security_ptrace_traceme(current->parent);=0A= /*=0A= @@ -490,6 +502,8 @@ static int ptrace_traceme(void)=0A= }=0A= write_unlock_irq(&tasklist_lock);=0A= =0A= +unlock_creds:=0A= + mutex_unlock(¤t->signal->exec_guard_mutex);=0A= return ret;=0A= }=0A= =0A= diff --git a/kernel/seccomp.c b/kernel/seccomp.c=0A= index b6ea3dc..acd6960 100644=0A= --- a/kernel/seccomp.c=0A= +++ b/kernel/seccomp.c=0A= @@ -329,7 +329,7 @@ static int is_ancestor(struct seccomp_filter *parent,= =0A= /**=0A= * seccomp_can_sync_threads: checks if all threads can be synchronized=0A= *=0A= - * Expects sighand and cred_guard_mutex locks to be held.=0A= + * Expects sighand and exec_guard_mutex locks to be held.=0A= *=0A= * Returns 0 on success, -ve on error, or the pid of a thread which was=0A= * either not in the correct seccomp mode or did not have an ancestral=0A= @@ -339,9 +339,12 @@ static inline pid_t seccomp_can_sync_threads(void)=0A= {=0A= struct task_struct *thread, *caller;=0A= =0A= - BUG_ON(!mutex_is_locked(¤t->signal->cred_guard_mutex));=0A= + BUG_ON(!mutex_is_locked(¤t->signal->exec_guard_mutex));=0A= assert_spin_locked(¤t->sighand->siglock);=0A= =0A= + if (unlikely(current->signal->unsafe_execve_in_progress))=0A= + return -EAGAIN;=0A= +=0A= /* Validate all threads being eligible for synchronization. */=0A= caller =3D current;=0A= for_each_thread(caller, thread) {=0A= @@ -371,7 +374,7 @@ static inline pid_t seccomp_can_sync_threads(void)=0A= /**=0A= * seccomp_sync_threads: sets all threads to use current's filter=0A= *=0A= - * Expects sighand and cred_guard_mutex locks to be held, and for=0A= + * Expects sighand and exec_guard_mutex locks to be held, and for=0A= * seccomp_can_sync_threads() to have returned success already=0A= * without dropping the locks.=0A= *=0A= @@ -380,7 +383,7 @@ static inline void seccomp_sync_threads(unsigned long f= lags)=0A= {=0A= struct task_struct *thread, *caller;=0A= =0A= - BUG_ON(!mutex_is_locked(¤t->signal->cred_guard_mutex));=0A= + BUG_ON(!mutex_is_locked(¤t->signal->exec_guard_mutex));=0A= assert_spin_locked(¤t->sighand->siglock);=0A= =0A= /* Synchronize all threads. */=0A= @@ -1319,7 +1322,7 @@ static long seccomp_set_mode_filter(unsigned int flag= s,=0A= * while another thread is in the middle of calling exec.=0A= */=0A= if (flags & SECCOMP_FILTER_FLAG_TSYNC &&=0A= - mutex_lock_killable(¤t->signal->cred_guard_mutex))=0A= + mutex_lock_killable(¤t->signal->exec_guard_mutex))=0A= goto out_put_fd;=0A= =0A= spin_lock_irq(¤t->sighand->siglock);=0A= @@ -1337,7 +1340,7 @@ static long seccomp_set_mode_filter(unsigned int flag= s,=0A= out:=0A= spin_unlock_irq(¤t->sighand->siglock);=0A= if (flags & SECCOMP_FILTER_FLAG_TSYNC)=0A= - mutex_unlock(¤t->signal->cred_guard_mutex);=0A= + mutex_unlock(¤t->signal->exec_guard_mutex);=0A= out_put_fd:=0A= if (flags & SECCOMP_FILTER_FLAG_NEW_LISTENER) {=0A= if (ret) {=0A= -- =0A= 1.9.1=0A=