From: Peter Zijlstra <peterz@infradead.org>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Jiri Kosina <jikos@kernel.org>,
"Schaufler, Casey" <casey.schaufler@intel.com>,
Ingo Molnar <mingo@redhat.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Andrea Arcangeli <aarcange@redhat.com>,
"Woodhouse, David" <dwmw@amazon.co.uk>,
Andi Kleen <ak@linux.intel.com>,
Tim Chen <tim.c.chen@linux.intel.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>
Subject: Re: [PATCH v6 0/3] Harden spectrev2 userspace-userspace protection
Date: Sat, 22 Sep 2018 12:18:44 +0200 [thread overview]
Message-ID: <20180922101844.GF24124@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <alpine.DEB.2.21.1809221022250.1391@nanos.tec.linutronix.de>
On Sat, Sep 22, 2018 at 11:53:14AM +0200, Thomas Gleixner wrote:
> @@ -86,6 +88,7 @@ extern void exit_ptrace(struct task_stru
> * process_vm_writev or ptrace (and should use the real credentials).
> */
> extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
> +extern bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode);
I like that..
> static inline int ptrace_reparented(struct task_struct *child)
> {
> --- a/kernel/ptrace.c
> +++ b/kernel/ptrace.c
> +bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode)
> +{
> + struct mm_struct *mm;
> + int res;
> +
> + res = __ptrace_may_access_basic(task, mode);
> + if (res <= 0)
> + return !res;
> +
> + rcu_read_lock();
> + res = __ptrace_may_access_cred(__task_cred(task), mode);
> rcu_read_unlock();
> + if (res)
> + return false;
> +
> + mm = task->mm;
> + if (mm && get_dumpable(mm) != SUID_DUMP_USER)
> + return false;
> + return true;
> +}
> +
> +/* Returns 0 on success, -errno on denial. */
> +static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
> +{
> + const struct cred *tcred;
> + struct mm_struct *mm;
> + int res;
> +
> + res = __ptrace_may_access_basic(task, mode);
> + if (res <= 0)
> + return res;
> +
> + rcu_read_lock();
> + tcred = __task_cred(task);
> + res = __ptrace_may_access_cred(tcred, mode);
> + if (res > 0)
> + res = ptrace_has_cap(tcred->user_ns, mode) ? 0 : -EPERM;
> rcu_read_unlock();
> + if (res < 0)
> + return res;
> +
> mm = task->mm;
> + if (mm && (get_dumpable(mm) != SUID_DUMP_USER &&
> + !ptrace_has_cap(mm->user_ns, mode)))
> + return -EPERM;
>
> return security_ptrace_access_check(task, mode);
> }
This has some unfortunate duplication.
Lets go with it for now, but I'll see if I can do something about that
later.
next prev parent reply other threads:[~2018-09-22 10:19 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-10 9:22 [PATCH v5 0/2] Harden spectrev2 userspace-userspace protection Jiri Kosina
2018-09-10 9:23 ` [PATCH v5 1/2] x86/speculation: apply IBPB more strictly to avoid cross-process data leak Jiri Kosina
2018-09-10 18:26 ` Schaufler, Casey
2018-09-10 19:14 ` Jiri Kosina
2018-09-10 19:26 ` Schaufler, Casey
2018-09-10 19:36 ` Jiri Kosina
2018-09-10 20:27 ` Schaufler, Casey
2018-09-10 20:42 ` Jiri Kosina
2018-09-10 21:29 ` Schaufler, Casey
2018-09-10 21:36 ` Jiri Kosina
2018-09-11 21:15 ` Thomas Gleixner
2018-09-11 22:25 ` Schaufler, Casey
2018-09-12 12:01 ` Thomas Gleixner
2018-10-21 19:38 ` Pavel Machek
2018-10-21 23:32 ` Jiri Kosina
2018-09-10 9:24 ` [PATCH v5 2/2] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation Jiri Kosina
2018-09-10 10:04 ` Thomas Gleixner
2018-09-10 11:01 ` Jiri Kosina
2018-09-10 11:46 ` Jiri Kosina
2018-09-11 17:32 ` Tim Chen
2018-09-11 21:16 ` Thomas Gleixner
2018-09-11 21:46 ` Thomas Gleixner
2018-09-12 17:16 ` Tom Lendacky
2018-09-12 21:26 ` Tim Chen
2018-09-12 21:45 ` Jiri Kosina
2018-09-12 22:56 ` Tim Chen
2018-09-13 14:53 ` Tom Lendacky
2018-09-12 9:05 ` [PATCH v6 0/3] Harden spectrev2 userspace-userspace protection Jiri Kosina
2018-09-12 9:06 ` [PATCH v6 1/3] x86/speculation: apply IBPB more strictly to avoid cross-process data leak Jiri Kosina
2018-09-13 0:04 ` Schaufler, Casey
2018-09-14 11:00 ` Jiri Kosina
2018-09-14 11:05 ` Thomas Gleixner
2018-09-12 9:07 ` [PATCH v6 2/3] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation Jiri Kosina
2018-09-12 19:14 ` Thomas Gleixner
2018-09-12 19:16 ` Jiri Kosina
2018-09-12 9:08 ` [PATCH v6 3/3] x86/speculation: Propagate information about RSB filling mitigation to sysfs Jiri Kosina
2018-09-17 16:09 ` [PATCH v6 0/3] Harden spectrev2 userspace-userspace protection Schaufler, Casey
2018-09-19 15:48 ` Peter Zijlstra
2018-09-22 7:38 ` Jiri Kosina
2018-09-22 9:53 ` Thomas Gleixner
2018-09-22 10:18 ` Peter Zijlstra [this message]
2018-09-22 10:20 ` Thomas Gleixner
2018-09-22 13:30 ` Thomas Gleixner
2018-09-22 14:31 ` Peter Zijlstra
2018-09-24 8:43 ` Jiri Kosina
2018-09-24 12:38 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180922101844.GF24124@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=casey.schaufler@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=jikos@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=tim.c.chen@linux.intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).