Re: kernel BUG at kernel/cred.c:434!

From: Oleg Nesterov
Date: Mon Apr 15 2019 - 11:05:33 EST

Next message: OndÅej Jirman: "Re: [PATCH 1/4] dt-bindings: sound: sun4i-spdif: Add Allwinner H6 compatible"
Previous message: Johan Hovold: "Re: [PATCH] Staging: greybus: Cleanup in header file control.h"
In reply to: Paul Moore: "Re: kernel BUG at kernel/cred.c:434!"
Next in thread: Paul Moore: "Re: kernel BUG at kernel/cred.c:434!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/15, Paul Moore wrote:
>
> On Mon, Apr 15, 2019 at 9:43 AM Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> > Well, acct("/proc/self/attr/current") doesn't look like a good idea, but I do
> > not know where should we put the additional check... And probably
> > "echo /proc/self/attr/current > /proc/sys/kernel/core_pattern" can hit the
> > same problem, do_coredump() does override_creds() too.
> >
> > May be just add
> >
> > if (current->cred != current->real_cred)
> > return -EACCES;
> >
> > into proc_pid_attr_write(), I dunno.
>
> Is the problem that do_acct_process() is calling override_creds() and
> the returned/old credentials are being freed before do_acct_process()
> can reinstall the creds via revert_creds()? Presumably because the
> process accounting is causing the credentials to be replaced?

Afaics, the problem is that do_acct_process() does override_creds() and
then __kernel_write(). Which calls proc_pid_attr_write(), which in turn calls
selinux_setprocattr(), which does another prepare_creds() + commit_creds();
and commit_creds() hits

BUG_ON(task->cred != old);

Oleg.

Next message: OndÅej Jirman: "Re: [PATCH 1/4] dt-bindings: sound: sun4i-spdif: Add Allwinner H6 compatible"
Previous message: Johan Hovold: "Re: [PATCH] Staging: greybus: Cleanup in header file control.h"
In reply to: Paul Moore: "Re: kernel BUG at kernel/cred.c:434!"
Next in thread: Paul Moore: "Re: kernel BUG at kernel/cred.c:434!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]