Thread (2 messages) 2 messages, 2 authors, 2020-03-10

Re: [PATCH 1/4] kernel/kcmp.c: Use new infrastructure to fix deadlocks in execve

From: Bernd Edlinger <hidden>
Date: 2020-03-10 19:43:10
Also in: linux-doc, linux-fsdevel, linux-mm, lkml, stable

On 3/10/20 8:01 PM, Eric W. Biederman wrote:
Bernd Edlinger [off-list ref] writes:
quoted
This changes kcmp_epoll_target to use the new exec_update_mutex
instead of cred_guard_mutex.

This should be safe, as the credentials are only used for reading,
and furthermore ->mm and ->sighand are updated on execve,
but only under the new exec_update_mutex.
Can you add a comment that the exec_update_mutex is not needed for
KCMP_FILE?  As both sets of credentials during exec are valid
for accessing the files so exec_update_mutex does not matter.
some files are closed by do_close_on_exec,
so in theory this allows you to examine files that
were open in the old user but closed for the new user
with either credential.

It is not a race condition, but it may be a security
concern.
I don't think exec_update_mutex is needed for KCMP_SYSVSEM
or KCMP_EPOLL_TFD either.  As I don't think exec changes either
one of those.
KCMP_EPOLL_TFD is also accessing file pointers,
that is possible.

It might be that KCMP_SYSVSEM is a missed optimization, but
I may have overlooked something.
I'd rather err on the safe side.
Eric

quoted
Signed-off-by: Bernd Edlinger <redacted>
---
 kernel/kcmp.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/kernel/kcmp.c b/kernel/kcmp.c
index a0e3d7a..b3ff928 100644
--- a/kernel/kcmp.c
+++ b/kernel/kcmp.c
@@ -173,8 +173,8 @@ static int kcmp_epoll_target(struct task_struct *task1,
 	/*
 	 * One should have enough rights to inspect task details.
 	 */
-	ret = kcmp_lock(&task1->signal->cred_guard_mutex,
-			&task2->signal->cred_guard_mutex);
+	ret = kcmp_lock(&task1->signal->exec_update_mutex,
+			&task2->signal->exec_update_mutex);
 	if (ret)
 		goto err;
 	if (!ptrace_may_access(task1, PTRACE_MODE_READ_REALCREDS) ||
@@ -229,8 +229,8 @@ static int kcmp_epoll_target(struct task_struct *task1,
 	}
 
 err_unlock:
-	kcmp_unlock(&task1->signal->cred_guard_mutex,
-		    &task2->signal->cred_guard_mutex);
+	kcmp_unlock(&task1->signal->exec_update_mutex,
+		    &task2->signal->exec_update_mutex);
 err:
 	put_task_struct(task1);
 	put_task_struct(task2);
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help