From: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
To: Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Cc: kosaki.motohiro@jp.fujitsu.com,
LKML <linux-kernel@vger.kernel.org>,
linux-mm <linux-mm@kvack.org>, Oleg Nesterov <oleg@redhat.com>,
Roland McGrath <roland@redhat.com>
Subject: [resend][PATCH 3/4] move cred_guard_mutex from task_struct to signal_struct
Date: Mon, 25 Oct 2010 12:28:40 +0900 (JST) [thread overview]
Message-ID: <20101025122801.9170.A69D9226@jp.fujitsu.com> (raw)
In-Reply-To: <20101025122538.9167.A69D9226@jp.fujitsu.com>
Changelog
o since v1
- function comment also change current->cred_guard_mutex to
current->signal->cred_guard_mutex.
---------------------------------------------------------------------------
Oleg Nesterov pointed out we have to prevent multiple-threads-inside-exec
itself and we can reuse ->cred_guard_mutex for it. Yes, concurrent
execve() has no worth.
Let's move ->cred_guard_mutex from task_struct to signal_struct. It
naturally prevent multiple-threads-inside-exec.
Cc: stable@kernel.org
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
---
fs/exec.c | 10 +++++-----
fs/proc/base.c | 8 ++++----
include/linux/init_task.h | 4 ++--
include/linux/sched.h | 7 ++++---
include/linux/tracehook.h | 2 +-
kernel/cred.c | 4 +---
kernel/fork.c | 2 ++
kernel/ptrace.c | 4 ++--
8 files changed, 21 insertions(+), 20 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index 6d2b6f9..94dabd2 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1078,14 +1078,14 @@ EXPORT_SYMBOL(setup_new_exec);
*/
int prepare_bprm_creds(struct linux_binprm *bprm)
{
- if (mutex_lock_interruptible(¤t->cred_guard_mutex))
+ if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex))
return -ERESTARTNOINTR;
bprm->cred = prepare_exec_creds();
if (likely(bprm->cred))
return 0;
- mutex_unlock(¤t->cred_guard_mutex);
+ mutex_unlock(¤t->signal->cred_guard_mutex);
return -ENOMEM;
}
@@ -1093,7 +1093,7 @@ void free_bprm(struct linux_binprm *bprm)
{
free_arg_pages(bprm);
if (bprm->cred) {
- mutex_unlock(¤t->cred_guard_mutex);
+ mutex_unlock(¤t->signal->cred_guard_mutex);
abort_creds(bprm->cred);
}
kfree(bprm);
@@ -1114,13 +1114,13 @@ void install_exec_creds(struct linux_binprm *bprm)
* credentials; any time after this it may be unlocked.
*/
security_bprm_committed_creds(bprm);
- mutex_unlock(¤t->cred_guard_mutex);
+ mutex_unlock(¤t->signal->cred_guard_mutex);
}
EXPORT_SYMBOL(install_exec_creds);
/*
* determine how safe it is to execute the proposed program
- * - the caller must hold current->cred_guard_mutex to protect against
+ * - the caller must hold ->cred_guard_mutex to protect against
* PTRACE_ATTACH
*/
int check_unsafe_exec(struct linux_binprm *bprm)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 0d2ce21..d3ea8b0 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -226,7 +226,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
{
struct mm_struct *mm;
- if (mutex_lock_killable(&task->cred_guard_mutex))
+ if (mutex_lock_killable(&task->signal->cred_guard_mutex))
return NULL;
mm = get_task_mm(task);
@@ -235,7 +235,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
mmput(mm);
mm = NULL;
}
- mutex_unlock(&task->cred_guard_mutex);
+ mutex_unlock(&task->signal->cred_guard_mutex);
return mm;
}
@@ -2277,14 +2277,14 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
goto out_free;
/* Guard against adverse ptrace interaction */
- length = mutex_lock_interruptible(&task->cred_guard_mutex);
+ length = mutex_lock_interruptible(&task->signal->cred_guard_mutex);
if (length < 0)
goto out_free;
length = security_setprocattr(task,
(char*)file->f_path.dentry->d_name.name,
(void*)page, count);
- mutex_unlock(&task->cred_guard_mutex);
+ mutex_unlock(&task->signal->cred_guard_mutex);
out_free:
free_page((unsigned long) page);
out:
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index 2fea6c8..1f8c06c 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -29,6 +29,8 @@ extern struct fs_struct init_fs;
.running = 0, \
.lock = __SPIN_LOCK_UNLOCKED(sig.cputimer.lock), \
}, \
+ .cred_guard_mutex = \
+ __MUTEX_INITIALIZER(sig.cred_guard_mutex), \
}
extern struct nsproxy init_nsproxy;
@@ -145,8 +147,6 @@ extern struct cred init_cred;
.group_leader = &tsk, \
RCU_INIT_POINTER(.real_cred, &init_cred), \
RCU_INIT_POINTER(.cred, &init_cred), \
- .cred_guard_mutex = \
- __MUTEX_INITIALIZER(tsk.cred_guard_mutex), \
.comm = "swapper", \
.thread = INIT_THREAD, \
.fs = &init_fs, \
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 74ed859..ac65605 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -626,6 +626,10 @@ struct signal_struct {
int oom_adj; /* OOM kill score adjustment (bit shift) */
long oom_score_adj; /* OOM kill score adjustment */
+
+ struct mutex cred_guard_mutex; /* guard against foreign influences on
+ * credential calculations
+ * (notably. ptrace) */
};
/* Context switch must be unlocked if interrupts are to be enabled */
@@ -1305,9 +1309,6 @@ struct task_struct {
* credentials (COW) */
const struct cred __rcu *cred; /* effective (overridable) subjective task
* credentials (COW) */
- struct mutex cred_guard_mutex; /* guard against foreign influences on
- * credential calculations
- * (notably. ptrace) */
struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
char comm[TASK_COMM_LEN]; /* executable name excluding path
diff --git a/include/linux/tracehook.h b/include/linux/tracehook.h
index 10db010..3a2e66d 100644
--- a/include/linux/tracehook.h
+++ b/include/linux/tracehook.h
@@ -150,7 +150,7 @@ static inline void tracehook_report_syscall_exit(struct pt_regs *regs, int step)
*
* Return %LSM_UNSAFE_* bits applied to an exec because of tracing.
*
- * @task->cred_guard_mutex is held by the caller through the do_execve().
+ * @task->signal->cred_guard_mutex is held by the caller through the do_execve().
*/
static inline int tracehook_unsafe_exec(struct task_struct *task)
{
diff --git a/kernel/cred.c b/kernel/cred.c
index 9a3e226..6a1aa00 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
@@ -325,7 +325,7 @@ EXPORT_SYMBOL(prepare_creds);
/*
* Prepare credentials for current to perform an execve()
- * - The caller must hold current->cred_guard_mutex
+ * - The caller must hold ->cred_guard_mutex
*/
struct cred *prepare_exec_creds(void)
{
@@ -384,8 +384,6 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
struct cred *new;
int ret;
- mutex_init(&p->cred_guard_mutex);
-
if (
#ifdef CONFIG_KEYS
!p->cred->thread_keyring &&
diff --git a/kernel/fork.c b/kernel/fork.c
index c445f8c..8c09cf9 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -904,6 +904,8 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
sig->oom_adj = current->signal->oom_adj;
sig->oom_score_adj = current->signal->oom_score_adj;
+ mutex_init(&sig->cred_guard_mutex);
+
return 0;
}
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index f34d798..ac5013a 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -181,7 +181,7 @@ int ptrace_attach(struct task_struct *task)
* under ptrace.
*/
retval = -ERESTARTNOINTR;
- if (mutex_lock_interruptible(&task->cred_guard_mutex))
+ if (mutex_lock_interruptible(&task->signal->cred_guard_mutex))
goto out;
task_lock(task);
@@ -208,7 +208,7 @@ int ptrace_attach(struct task_struct *task)
unlock_tasklist:
write_unlock_irq(&tasklist_lock);
unlock_creds:
- mutex_unlock(&task->cred_guard_mutex);
+ mutex_unlock(&task->signal->cred_guard_mutex);
out:
return retval;
}
--
1.6.5.2
next prev parent reply other threads:[~2010-10-25 3:28 UTC|newest]
Thread overview: 109+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-25 3:26 [resend][PATCH 1/4] oom: remove totalpage normalization from oom_badness() KOSAKI Motohiro
2010-10-25 3:27 ` [resend][PATCH 2/4] Revert "oom: deprecate oom_adj tunable" KOSAKI Motohiro
2010-10-25 20:40 ` David Rientjes
2010-10-26 13:01 ` KOSAKI Motohiro
2010-10-26 19:37 ` David Rientjes
2010-11-01 7:06 ` KOSAKI Motohiro
2010-11-01 19:36 ` David Rientjes
2010-11-09 2:26 ` KOSAKI Motohiro
2010-11-09 3:28 ` KOSAKI Motohiro
2010-11-15 0:24 ` KOSAKI Motohiro
2010-11-15 9:59 ` David Rientjes
2010-11-09 23:33 ` David Rientjes
2010-11-09 23:35 ` Alan Cox
2010-11-09 23:48 ` David Rientjes
2010-11-09 23:55 ` [patch] oom: document obsolete oom_adj tunable David Rientjes
2010-11-15 0:22 ` KOSAKI Motohiro
2010-11-15 10:38 ` David Rientjes
2010-11-23 7:16 ` KOSAKI Motohiro
2010-11-14 5:07 ` [resend][PATCH 2/4] Revert "oom: deprecate oom_adj tunable" KOSAKI Motohiro
2010-11-14 21:39 ` David Rientjes
2010-11-23 7:16 ` KOSAKI Motohiro
2010-11-28 1:41 ` David Rientjes
2010-11-30 13:03 ` KOSAKI Motohiro
2010-11-30 20:07 ` David Rientjes
2010-10-25 3:28 ` KOSAKI Motohiro [this message]
2010-10-25 17:26 ` [resend][PATCH 3/4] move cred_guard_mutex from task_struct to signal_struct Roland McGrath
2010-10-25 17:42 ` Oleg Nesterov
2010-10-25 17:51 ` Roland McGrath
2010-10-26 13:04 ` KOSAKI Motohiro
2010-10-26 13:18 ` Roland McGrath
2010-10-25 3:29 ` [resend][PATCH 4/4] oom: don't ignore rss in nascent mm KOSAKI Motohiro
2010-10-25 11:28 ` pageexec
2010-10-26 7:25 ` KOSAKI Motohiro
2010-11-23 14:34 ` Oleg Nesterov
2010-11-24 0:24 ` KOSAKI Motohiro
2010-11-24 11:09 ` Oleg Nesterov
2010-11-25 11:06 ` KOSAKI Motohiro
2010-11-25 14:02 ` Oleg Nesterov
2010-11-25 19:36 ` Oleg Nesterov
2010-11-29 5:25 ` KOSAKI Motohiro
2010-11-29 11:33 ` Oleg Nesterov
2010-11-29 18:23 ` Oleg Nesterov
2010-11-30 19:54 ` [PATCH 0/2] exec: more excessive argument size fixes for 2.6.37/stable Oleg Nesterov
2010-11-30 19:55 ` [PATCH 1/2] exec: make argv/envp memory visible to oom-killer Oleg Nesterov
2010-12-01 0:12 ` KOSAKI Motohiro
2010-12-01 18:07 ` Oleg Nesterov
2010-11-30 19:56 ` [PATCH 2/2] exec: copy-and-paste the fixes into compat_do_execve() paths Oleg Nesterov
2010-12-01 3:04 ` KOSAKI Motohiro
2010-11-30 20:00 ` [PATCH 0/4] exec: unify compat/non-compat code Oleg Nesterov
2010-11-30 20:00 ` [PATCH 1/4] exec: introduce get_arg_ptr() helper Oleg Nesterov
2010-11-30 20:01 ` [PATCH 2/4] exec: introduce "bool compat" argument Oleg Nesterov
2010-11-30 20:01 ` [PATCH 3/4] exec: unify compat_do_execve() code Oleg Nesterov
2010-12-01 17:37 ` (No subject header) Milton Miller
2010-12-01 18:27 ` Oleg Nesterov
2011-02-25 17:52 ` [PATCH 0/4 RESEND] exec: unify compat/non-compat code Oleg Nesterov
2011-02-25 17:52 ` [PATCH 1/5] exec: introduce get_arg_ptr() helper Oleg Nesterov
2011-02-25 17:52 ` [PATCH 2/5] exec: introduce "bool compat" argument Oleg Nesterov
2011-02-25 18:57 ` Linus Torvalds
2011-02-26 12:37 ` Oleg Nesterov
2011-02-25 17:53 ` [PATCH 3/5] exec: unify compat_do_execve() code Oleg Nesterov
2011-02-25 19:10 ` Linus Torvalds
2011-02-26 12:37 ` Oleg Nesterov
2011-02-26 12:57 ` Oleg Nesterov
2011-02-26 15:55 ` Linus Torvalds
2011-02-26 17:44 ` Oleg Nesterov
2011-03-01 20:47 ` [PATCH v2 0/5] exec: unify native/compat code Oleg Nesterov
2011-03-01 20:48 ` [PATCH v2 1/5] exec: introduce get_arg_ptr() helper Oleg Nesterov
2011-03-01 20:48 ` [PATCH v2 2/5] exec: introduce "bool compat" argument Oleg Nesterov
2011-03-01 20:48 ` [PATCH v2 3/5] exec: introduce conditional_user_ptr_t Oleg Nesterov
2011-03-01 20:49 ` [PATCH v2 4/5] exec: unify do_execve/compat_do_execve code Oleg Nesterov
2011-03-01 20:49 ` [PATCH v2 5/5] exec: document acct_arg_size() Oleg Nesterov
2011-03-01 21:39 ` [PATCH v2 0/5] exec: unify native/compat code Linus Torvalds
2011-03-02 16:26 ` [PATCH v3 0/4] " Oleg Nesterov
2011-03-02 16:27 ` [PATCH v3 1/4] exec: introduce get_arg_ptr() helper Oleg Nesterov
2011-03-03 3:01 ` KOSAKI Motohiro
2011-03-03 15:47 ` Oleg Nesterov
2011-03-03 16:07 ` Linus Torvalds
2011-03-05 20:30 ` [PATCH v4 0/4] exec: unify native/compat code Oleg Nesterov
2011-03-05 20:31 ` [PATCH v4 1/4] exec: introduce get_user_arg_ptr() helper Oleg Nesterov
2011-03-05 20:31 ` [PATCH v4 2/4] exec: introduce struct user_arg_ptr Oleg Nesterov
2011-03-05 20:31 ` [PATCH v4 3/4] exec: unify do_execve/compat_do_execve code Oleg Nesterov
2011-03-05 20:52 ` Linus Torvalds
2011-03-05 21:20 ` Oleg Nesterov
2011-03-05 20:31 ` [PATCH v4 4/4] exec: document acct_arg_size() Oleg Nesterov
2011-03-06 12:04 ` [PATCH v4 0/4] exec: unify native/compat code KOSAKI Motohiro
2011-03-06 17:01 ` [PATCH v5 " Oleg Nesterov
2011-03-06 17:02 ` [PATCH v5 1/4] exec: introduce get_user_arg_ptr() helper Oleg Nesterov
2011-03-06 17:02 ` [PATCH v5 2/4] exec: introduce struct user_arg_ptr Oleg Nesterov
2011-03-06 17:02 ` [PATCH v5 3/4] exec: unify do_execve/compat_do_execve code Oleg Nesterov
2011-03-06 17:03 ` [PATCH v5 4/4] exec: document acct_arg_size() Oleg Nesterov
2011-03-02 16:27 ` [PATCH v3 2/4] exec: introduce struct conditional_ptr Oleg Nesterov
2011-03-03 3:08 ` KOSAKI Motohiro
2011-03-02 16:27 ` [PATCH v3 3/4] exec: unify do_execve/compat_do_execve code Oleg Nesterov
2011-03-03 3:13 ` KOSAKI Motohiro
2011-03-02 16:28 ` [PATCH v3 4/4] exec: document acct_arg_size() Oleg Nesterov
2011-03-03 3:09 ` KOSAKI Motohiro
2011-03-02 16:44 ` [PATCH v3 0/4] exec: unify native/compat code Oleg Nesterov
2011-03-02 18:00 ` Linus Torvalds
2011-03-02 19:40 ` David Miller
2011-03-02 19:48 ` Linus Torvalds
2011-03-02 19:54 ` David Miller
2011-02-25 17:53 ` [PATCH 4/5] exec: unexport acct_arg_size() and get_arg_page() Oleg Nesterov
2011-02-25 17:54 ` [PATCH 5/5] exec: document acct_arg_size() Oleg Nesterov
2011-02-25 18:54 ` [PATCH 0/4 RESEND] exec: unify compat/non-compat code Linus Torvalds
2011-02-26 12:35 ` Oleg Nesterov
2010-11-30 20:01 ` [PATCH 4/4] exec: unexport acct_arg_size() and get_arg_page() Oleg Nesterov
2010-12-01 3:09 ` [PATCH 0/4] exec: unify compat/non-compat code KOSAKI Motohiro
2010-11-30 0:06 ` [resend][PATCH 4/4] oom: don't ignore rss in nascent mm KOSAKI Motohiro
2010-10-25 20:37 ` [resend][PATCH 1/4] oom: remove totalpage normalization from oom_badness() David Rientjes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101025122801.9170.A69D9226@jp.fujitsu.com \
--to=kosaki.motohiro@jp.fujitsu.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=oleg@redhat.com \
--cc=roland@redhat.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).