From: ebiederm@xmission.com (Eric W. Biederman)
To: <linux-kernel@vger.kernel.org>
Cc: <linux-fsdevel@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>, Jann Horn <jannh@google.com>,
Kees Cook <keescook@chromium.org>,
Bernd Edlinger <bernd.edlinger@hotmail.de>
Subject: [PATCH v2 2/6] exec: Lock more defensively in exec
Date: Tue, 23 Jun 2020 16:54:07 -0500 [thread overview]
Message-ID: <87ftalla80.fsf_-_@x220.int.ebiederm.org> (raw)
In-Reply-To: <87r1u5laac.fsf@x220.int.ebiederm.org> (Eric W. Biederman's message of "Tue, 23 Jun 2020 16:52:43 -0500")
When taking the task_list_lock in de_thread also take the siglock. This
makes de_thread closer to fork the canonical place where these locks are
taken.
To complete the defensiveness always take siglock when clearing
group_exit_task and notify_count.
This gives now gives the guarantee that group_exit_task and notify_count
are now always changed under siglock. As anything multi-threaded in exec
is a rare and slow path I don't think we care if we take an extra lock in
practice.
The practical reason for doing this is to enable setting signal->flags along
with group_exit_task so that the function signal_group_exit can be simplified.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
fs/exec.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index e6e8a9a70327..33b5d9229c01 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1171,6 +1171,7 @@ static int de_thread(struct task_struct *tsk)
for (;;) {
cgroup_threadgroup_change_begin(tsk);
write_lock_irq(&tasklist_lock);
+ spin_lock(lock);
/*
* Do this under tasklist_lock to ensure that
* exit_notify() can't miss ->group_exit_task
@@ -1179,6 +1180,7 @@ static int de_thread(struct task_struct *tsk)
if (likely(leader->exit_state))
break;
__set_current_state(TASK_KILLABLE);
+ spin_unlock(lock);
write_unlock_irq(&tasklist_lock);
cgroup_threadgroup_change_end(tsk);
schedule();
@@ -1234,14 +1236,17 @@ static int de_thread(struct task_struct *tsk)
*/
if (unlikely(leader->ptrace))
__wake_up_parent(leader, leader->parent);
+ spin_unlock(lock);
write_unlock_irq(&tasklist_lock);
cgroup_threadgroup_change_end(tsk);
release_task(leader);
}
+ spin_lock_irq(lock);
sig->group_exit_task = NULL;
sig->notify_count = 0;
+ spin_unlock_irq(lock);
no_thread_group:
/* we have changed execution domain */
@@ -1252,10 +1257,12 @@ static int de_thread(struct task_struct *tsk)
killed:
/* protects against exit_notify() and __exit_signal() */
- read_lock(&tasklist_lock);
+ read_lock_irq(&tasklist_lock);
+ spin_lock(lock);
sig->group_exit_task = NULL;
sig->notify_count = 0;
- read_unlock(&tasklist_lock);
+ spin_unlock(lock);
+ read_unlock_irq(&tasklist_lock);
return -EAGAIN;
}
--
2.20.1
next prev parent reply other threads:[~2020-06-23 21:58 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-19 18:30 [PATCH 0/2] exec: s/group_exit_task/group_exec_task/ for clarity Eric W. Biederman
2020-06-19 18:32 ` [PATCH 1/2] exec: Don't set group_exit_task during a coredump Eric W. Biederman
2020-06-20 18:58 ` Linus Torvalds
2020-06-22 16:20 ` Eric W. Biederman
2020-06-22 16:32 ` Linus Torvalds
2020-06-22 11:25 ` Oleg Nesterov
2020-06-19 18:33 ` [PATCH 2/2] exec: Rename group_exit_task group_exec_task and correct the Documentation Eric W. Biederman
2020-06-23 21:52 ` [PATCH v2 0/6] exec: s/group_exit_task/group_exec_task/ for clarity Eric W. Biederman
2020-06-23 21:53 ` [PATCH v2 1/6] signal: Pretty up the SIGNAL_GROUP_FLAGS Eric W. Biederman
2020-06-23 21:54 ` Eric W. Biederman [this message]
2020-06-23 21:54 ` [PATCH v2 3/6] signal: Implement SIGNAL_GROUP_DETHREAD Eric W. Biederman
2020-06-23 21:55 ` [PATCH v2 4/6] signal: In signal_group_exit remove the group_exit_task test Eric W. Biederman
2020-06-23 21:55 ` [PATCH v2 5/6] coredump: Stop using group_exit_task Eric W. Biederman
2020-06-23 21:56 ` [PATCH v2 6/6] exec: Rename group_exit_task group_exec_task and correct the Documentation Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ftalla80.fsf_-_@x220.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=bernd.edlinger@hotmail.de \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.