Re: [PATCH] exec: fix the racy usage of fs_struct->in_exec

From: Oleg Nesterov
Date: Tue Mar 25 2025 - 06:10:34 EST

Next message: nancyenos: "[PATCH] staging: octeon: Fix unused macro Argument 'x'"
Previous message: Ваторопин Андрей: "[PATCH] drm/amdkfd: Remove the redundant NULL check for the 'svms' object"
In reply to: Mateusz Guzik: "Re: [PATCH] exec: fix the racy usage of fs_struct->in_exec"
Next in thread: Mateusz Guzik: "Re: [PATCH] exec: fix the racy usage of fs_struct->in_exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/24, Mateusz Guzik wrote:
>
> On Mon, Mar 24, 2025 at 7:28 PM Oleg Nesterov <oleg@xxxxxxxxxx> wrote:
> >
> > So to me it would be better to have the trivial fix for stable,
> > exactly because it is trivially backportable. Then cleanup/simplify
> > this logic on top of it.
>
> So I got myself a crap testcase with a CLONE_FS'ed task which can
> execve and sanity-checked that suid is indeed not honored as expected.

So you mean my patch can't fix the problem?

> Anyhow, the plan would be to serialize on the bit, synchronized with
> the current spin lock. copy_fs would call a helper to wait for it to
> clear, would still bump ->users under the spin lock.
>
> This would decouple the handling from cred_mutex and avoid weirdness
> like clearing the ->in_exec flag when we never set it.

I don't really understand the idea, but as I said I won't argue with
another solution.

Oleg.

Next message: nancyenos: "[PATCH] staging: octeon: Fix unused macro Argument 'x'"
Previous message: Ваторопин Андрей: "[PATCH] drm/amdkfd: Remove the redundant NULL check for the 'svms' object"
In reply to: Mateusz Guzik: "Re: [PATCH] exec: fix the racy usage of fs_struct->in_exec"
Next in thread: Mateusz Guzik: "Re: [PATCH] exec: fix the racy usage of fs_struct->in_exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]