Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1018433imm; Fri, 11 May 2018 09:48:29 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpfS9k1VDMYqH+MxTjpbTfqu+BCVHlA6KMusy66yDYkjT/6IbFrmnnibFwyajt7lcqNqOUu X-Received: by 2002:a63:b742:: with SMTP id w2-v6mr4989209pgt.343.1526057309207; Fri, 11 May 2018 09:48:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526057309; cv=none; d=google.com; s=arc-20160816; b=vInOReH6bjdX4TUxlL/RigfzD3loPP1njDxQNNZ/MbYDwgwF3ifeKO1scityNcmTKa xN9R8CNobFAbGYcKSiwmgVdlb/FB0CFrKKETJRpBLc100IxTY/GOU1wRJ6vtMI3QpHcn oTboQ5az+g2IBPVpk6GI2GBSSlVPw5Qgeo5UYexp8Mks+oPdZYSA1aIJsJLPVeQYi6VS zInJoAaNreRQEHerVAULUNKqbiUl6tKkOHr/Heg3ZhA9Cgw6m46jcrkEJwCkbcqMKYNQ y47nnUFgFwdWIzlGVv+i7RLhJ9ae6hD7cGhxnLHY7w6h6wx/LCWRrZh2yAhDrGZONDbu qqhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=VyOq+qmWUUXzcy9P+mpK9A+eAhCnZWZ0pRoN9ni2rbk=; b=I9qEbzQuYIh/03zvmA6ZDwzbCmsA0TyGxFX/qu1Jb5kU9XVW3eC/WFbCCSED+AHjBS YXDzcnNA4P1tSWkUyrmr5Wz3KxFcSdJlH1QwX4YECoJIb1hdNkHrV1b0DS0xBZoobKxs lXz6DMHSpRlDeaFFroagGta2QccfIMaYYyA/Xt542g3nyXAB7OEUotWbpBWzzogOWtiC Pu90ETjnYqgSMh2gvGEyplOxnp+fPEyeUiqTs5rB0rwkiV9JGoSGsquLZ+kxf5wEBXFj bM7/qs1xByRzymoVrL3p0YBs3ldTDqFTlQ7pRDT0lMGzN118dRPImcALLvqzSwRyqJ2i UEUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=JDTMo7Jz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r2-v6si1239024pgd.517.2018.05.11.09.48.14; Fri, 11 May 2018 09:48:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=JDTMo7Jz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751907AbeEKQpr (ORCPT + 99 others); Fri, 11 May 2018 12:45:47 -0400 Received: from mail-io0-f176.google.com ([209.85.223.176]:42830 "EHLO mail-io0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750746AbeEKQpp (ORCPT ); Fri, 11 May 2018 12:45:45 -0400 Received: by mail-io0-f176.google.com with SMTP id a10-v6so7715806ioc.9; Fri, 11 May 2018 09:45:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VyOq+qmWUUXzcy9P+mpK9A+eAhCnZWZ0pRoN9ni2rbk=; b=JDTMo7JzM7JbfvR4nwhcLUKvHGwD7RBIyXdJL3bpEUGC6rIAU7D7aP3ZJhwdAa5Dcb cXK4DUCPYJPF2pE1sXlEmiGe0KQ5dy4szBGuoImSgIGslBuWhguGE8DSChgl3tAHB8T2 8LLyyXt/6f8MYec0DCrSLojHsdLNbG7CvSuyQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VyOq+qmWUUXzcy9P+mpK9A+eAhCnZWZ0pRoN9ni2rbk=; b=HxiCdFPC72nmnrh+NhwZoNZ2M7QI1RLnIastR7LaYD4zFyuu4NI5695IgdDK50fGDC 81VzTSbO2BeBUTEQzu5hTkCt0/3leHD6Y9cdiWJI9wlLEOWN+p/OFhUyXXiiyq7fSO4W 0665wsip3LIT1p6ATNrcnawslPYtNo9chooA5es6gpeROwfN5qnqnrRJMbIw2/x8MxM7 8qB4ATJz2POS32ISQEI4RI25qAdjA5eDRptQXzKwcbZavveFmn5m6k4ec6LZY0flZ3dB neolKRXLxoGcxnV6D3bcSRXXZXfNzFyw7oe6uet1w98+/gE0bOGgcvwPYHw7/y1NAv4z m2Nw== X-Gm-Message-State: ALKqPwcMaQgOiyKhE8LOGv8NgQKZ92WiYfiAYDHvvmejBuMn9JR01/1P zdP0wnPCHg1YvvEk/MhobZZASWbi8RlPOrrZWH0= X-Received: by 2002:a6b:8a26:: with SMTP id m38-v6mr6905392iod.259.1526057144787; Fri, 11 May 2018 09:45:44 -0700 (PDT) MIME-Version: 1.0 References: <20180511093613.GA1330@comp-core-i7-2640m-0182e6> In-Reply-To: <20180511093613.GA1330@comp-core-i7-2640m-0182e6> From: Linus Torvalds Date: Fri, 11 May 2018 09:45:33 -0700 Message-ID: Subject: Re: [PATCH v5 5/7] proc: instantiate only pids that we can ptrace on 'limit_pids=1' mount option To: gladkov.alexey@gmail.com Cc: Kees Cook , Andrew Lutomirski , Andrew Morton , linux-fsdevel , Linux Kernel Mailing List , Kernel Hardening , LSM List , Linux API , Greg Kroah-Hartman , Al Viro , Akinobu Mita , Oleg Nesterov , Jeff Layton , Ingo Molnar , Alexey Dobriyan , "Eric W. Biederman" , Daniel Micay , Jonathan Corbet , "J. Bruce Fields" , Stephen Rothwell , Solar Designer , "Dmitry V. Levin" , Djalal Harouni Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 11, 2018 at 2:46 AM Alexey Gladkov wrote: > + /* Limit procfs to only ptracable tasks */ > + if (limit_pids == PROC_LIMIT_PIDS_PTRACE) { > + cond_resched(); > + if (!has_pid_permissions(fs_info, task, HIDEPID_NO_ACCESS)) > + goto out_put_task; > + } Where did that "cond_resched()" come from? That doesn't seem to make a lot of sense. Linus