Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753548AbbBBPNn (ORCPT <rfc822;w@1wt.eu>);
	Mon, 2 Feb 2015 10:13:43 -0500
Received: from casper.infradead.org ([85.118.1.10]:60216 "EHLO
	casper.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752740AbbBBPNl (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 2 Feb 2015 10:13:41 -0500
Date: Mon, 2 Feb 2015 16:13:38 +0100
From: Peter Zijlstra <peterz@infradead.org>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Darren Hart <darren@dvhart.com>, Thomas Gleixner <tglx@linutronix.de>,
        Jerome Marchand <jmarchan@redhat.com>,
        Larry Woodman <lwoodman@redhat.com>, Mateusz Guzik <mguzik@redhat.com>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/1] futex: check PF_KTHREAD rather than !p->mm to filter
 out kthreads
Message-ID: <20150202151338.GE24151@twins.programming.kicks-ass.net>
References: <20150202140515.GA26398@redhat.com>
 <20150202151159.GE26304@twins.programming.kicks-ass.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150202151159.GE26304@twins.programming.kicks-ass.net>
User-Agent: Mutt/1.5.21 (2012-12-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1306
Lines: 30

(private noaw)

On Mon, Feb 02, 2015 at 04:11:59PM +0100, Peter Zijlstra wrote:
> On Mon, Feb 02, 2015 at 03:05:15PM +0100, Oleg Nesterov wrote:
> 
> > First of all, why exactly do we need this mm/PF_KTHREAD check added by
> > f0d71b3dcb8332f7971 ? Of course, it is simply wrong to declare a random
> > kernel thread to be the owner as the changelog says. But why kthread is
> > worse than a random user-space task, say, /sbin/init?
> 
> As the changelog says, we _should_ equally disallow other userspace
> tasks that do not share the futex value with us, its just that at the
> time we could not come up with a sensible (and cheap) way of testing for
> this.
> 
> > IIUC, the fact that we can abuse ->pi_state_list is not that bad, no matter
> > if this (k)thread will exit or not. AFAICS, the only problem is that we can
> > boost the prio of this thread. Or I missed another problem?
> 
> No that's it.

Prio leaks allow (local) DoS attacks. It allows an unpriv user to gain
FIFO and burn silly amounts of cycles.

We should really plug that hole entirely.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/