From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965344AbdEWMrk convert rfc822-to-8bit (ORCPT ); Tue, 23 May 2017 08:47:40 -0400 Received: from out01.mta.xmission.com ([166.70.13.231]:36490 "EHLO out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965158AbdEWMri (ORCPT ); Tue, 23 May 2017 08:47:38 -0400 From: ebiederm@xmission.com (Eric W. Biederman) To: Takashi Iwai Cc: linux-kernel@vger.kernel.org References: <87r2zgtzbi.fsf@xmission.com> <877f18txfz.fsf_-_@xmission.com> Date: Tue, 23 May 2017 07:40:58 -0500 In-Reply-To: (Takashi Iwai's message of "Tue, 23 May 2017 11:16:30 +0200") Message-ID: <87vaorrbj9.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT X-XM-SPF: eid=1dD9Dm-0001ci-TT;;;mid=<87vaorrbj9.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=97.121.81.159;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX19KJyYv3EYe5YTd95yiP+wdnOpIOb6aggQ= X-SA-Exim-Connect-IP: 97.121.81.159 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.7 XMSubLong Long Subject * 1.5 TR_Symld_Words too many words that have symbols inside * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: **;Takashi Iwai X-Spam-Relay-Country: X-Spam-Timing: total 5681 ms - load_scoreonly_sql: 0.03 (0.0%), signal_user_changed: 2.8 (0.0%), b_tie_ro: 2.0 (0.0%), parse: 0.89 (0.0%), extract_message_metadata: 14 (0.3%), get_uri_detail_list: 1.91 (0.0%), tests_pri_-1000: 7 (0.1%), tests_pri_-950: 1.19 (0.0%), tests_pri_-900: 0.94 (0.0%), tests_pri_-400: 28 (0.5%), check_bayes: 27 (0.5%), b_tokenize: 8 (0.1%), b_tok_get_all: 11 (0.2%), b_comp_prob: 2.5 (0.0%), b_tok_touch_all: 3.5 (0.1%), b_finish: 0.57 (0.0%), tests_pri_0: 197 (3.5%), check_dkim_signature: 0.49 (0.0%), check_dkim_adsp: 3.1 (0.1%), tests_pri_500: 5426 (95.5%), poll_dns_idle: 5421 (95.4%), rewrite_mail: 0.00 (0.0%) Subject: Re: [CFT][PATCH] ptrace: Properly initialize ptracer_cred on fork X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Takashi Iwai writes: > On Tue, 23 May 2017 07:47:32 +0200, > Takashi Iwai wrote: >> >> On Mon, 22 May 2017 23:04:48 +0200, >> Eric W. Biederman wrote: >> > >> > >> > When I introduced ptracer_cred I failed to consider the weirdness of >> > fork where the task_struct copies the old value by default. This >> > winds up leaving ptracer_cred set even when a process forks and >> > the child process does not wind up being ptraced. >> > >> > Because ptracer_cred is not set on non-ptraced processes whose >> > parents were ptraced this has broken the ability of the enlightenment >> > window manager to start setuid children. >> > >> > Fix this by properly initializing ptracer_cred in ptrace_init_task >> > >> > This must be done with a little bit of care to preserve the current value >> > of ptracer_cred when ptrace carries through fork. Re-reading the >> > ptracer_cred from the ptracing process at this point is inconsistent >> > with how PT_PTRACE_CAP has been maintained all of these years. >> > >> > Fixes: 64b875f7ac8a ("ptrace: Capture the ptracer's creds not PT_PTRACE_CAP") >> > Signed-off-by: "Eric W. Biederman" >> > --- >> > >> > If I could get some folks to test and verify this fixes the >> > enlightenment issue I would really appreciate it. >> >> This seems giving a compile warning and it becomes error in the >> following: >> >> In file included from ./include/linux/mutex.h:13:0, >> from ./include/linux/kernfs.h:13, >> from ./include/linux/sysfs.h:15, >> from ./include/linux/kobject.h:21, >> from ./include/linux/device.h:17, >> from drivers/gpu/drm/i915/gvt/kvmgt.c:32: >> ./include/linux/ptrace.h: In function ‘ptrace_init_task’: >> ./arch/x86/include/asm/current.h:17:17: error: passing argument 3 of ‘__ptrace_link’ discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] >> #define current get_current() >> ^ >> ./include/linux/ptrace.h:210:41: note: in expansion of macro ‘current’ >> __ptrace_link(child, current->parent, current->ptracer_cred); >> ^~~~~~~ >> In file included from ./arch/x86/include/asm/stacktrace.h:10:0, >> from ./arch/x86/include/asm/perf_event.h:246, >> from ./include/linux/perf_event.h:24, >> from ./arch/x86/include/asm/kvm_host.h:24, >> from ./include/linux/kvm_host.h:37, >> from drivers/gpu/drm/i915/gvt/kvmgt.c:41: >> ./include/linux/ptrace.h:56:13: note: expected ‘struct cred *’ but argument is of type ‘const struct cred *’ >> extern void __ptrace_link(struct task_struct *child, >> ^~~~~~~~~~~~~ >> cc1: all warnings being treated as errors > > Through a quick test on VM (fixed patch by adding const to > __ptrace_link() argument), it seems working fine. Thank you. It seems when I fixed the const issue in my tree I forget commit --amend so the fix didn't make it into the patch I sent out. > Tested-by: Takashi Iwai Just to confirm. You were able to reproduce the enlightenment failure and this fixes it? Eric