Re: [PATCH 1/4] kernel/kcmp.c: Use new infrastructure to fix deadlocks in execve

From: Eric W. Biederman
Date: Tue Mar 10 2020 - 15:03:46 EST


Bernd Edlinger <bernd.edlinger@xxxxxxxxxx> writes:

> This changes kcmp_epoll_target to use the new exec_update_mutex
> instead of cred_guard_mutex.
>
> This should be safe, as the credentials are only used for reading,
> and furthermore ->mm and ->sighand are updated on execve,
> but only under the new exec_update_mutex.
>

Can you add a comment that the exec_update_mutex is not needed for
KCMP_FILE? As both sets of credentials during exec are valid
for accessing the files so exec_update_mutex does not matter.

I don't think exec_update_mutex is needed for KCMP_SYSVSEM
or KCMP_EPOLL_TFD either. As I don't think exec changes either
one of those.

Eric


> Signed-off-by: Bernd Edlinger <bernd.edlinger@xxxxxxxxxx>
> ---
> kernel/kcmp.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/kcmp.c b/kernel/kcmp.c
> index a0e3d7a..b3ff928 100644
> --- a/kernel/kcmp.c
> +++ b/kernel/kcmp.c
> @@ -173,8 +173,8 @@ static int kcmp_epoll_target(struct task_struct *task1,
> /*
> * One should have enough rights to inspect task details.
> */
> - ret = kcmp_lock(&task1->signal->cred_guard_mutex,
> - &task2->signal->cred_guard_mutex);
> + ret = kcmp_lock(&task1->signal->exec_update_mutex,
> + &task2->signal->exec_update_mutex);
> if (ret)
> goto err;
> if (!ptrace_may_access(task1, PTRACE_MODE_READ_REALCREDS) ||
> @@ -229,8 +229,8 @@ static int kcmp_epoll_target(struct task_struct *task1,
> }
>
> err_unlock:
> - kcmp_unlock(&task1->signal->cred_guard_mutex,
> - &task2->signal->cred_guard_mutex);
> + kcmp_unlock(&task1->signal->exec_update_mutex,
> + &task2->signal->exec_update_mutex);
> err:
> put_task_struct(task1);
> put_task_struct(task2);