Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4150513imm; Wed, 5 Sep 2018 11:31:23 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZE7Sy+5AKpqQwA2qfG2TMNfR91ph8SOoeXFZks5oVuTNMPgMJ8IQhoL22Qzu1iJIryAw+5 X-Received: by 2002:a17:902:528a:: with SMTP id a10-v6mr3134600pli.199.1536172283162; Wed, 05 Sep 2018 11:31:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536172283; cv=none; d=google.com; s=arc-20160816; b=B65KzNl+yu5YJ4ZplTECZdUpt2vLRw96APwKVc20w5OmFXPLIyVcdIzu9K6RgFkYqc EXlzrIOlh+KfYrB6+grnPLvi2HwUERoffEr4laS+wIxxJT57UK8fHfU4EUyAXQIsnMMS yNXuy6FPS7C7vEsZXg1Ng5PzdWiYXOC62mE2Pn/yEYgoHal2jPapvG0wYi0k0TbGdHc+ 0OU9AczKJpxy8Chwcxfso7Ol07mITRlzJjVnnsnmFVBUIE68ma+9nUUyXRobOHhEcgWI cEmxI3xeH6+41uB67iPpMWD7fsnyZloCr158DmG2X6UDg/Z6OdO3wORePwVJ49fgQgbP F/Wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=Dgw9+W5u1fbSqOpewR/9GNNfGYgJKuCPGF+BV7ZS+Gc=; b=UHGS1HY9apkWXadRfj9wRsrSTpuGwgnJB87gEZOTNuVz1GKP1m/52rWKBIKSGiMNfu wiQzlPiKGIdM7pFlX2MPaw6Yoq1Bw7ylMls1URy1LLtvWCGb3Lw+5EiqChmWXQjHq1x+ Wz6BH2BKuEbXtdaDdKOuHAYKCCakGAQoxcDIwPPzsmuSnKM7np3/183o7XA4/WCqBanj sKWct2KxJIuIhsfZnW8a0lIy8Z0vqJiGwsgQgmMc6msXPd3Y1ZYBbWuJGSFbo9W4WUby SkGpzhvv8zdtx2oDh9pV1vMphlV51sfQbe3JrbMZRFzdOEM80019usboZ+lRot0K0I8/ xBcg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j125-v6si2655462pfc.243.2018.09.05.11.31.06; Wed, 05 Sep 2018 11:31:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727635AbeIEXAc (ORCPT + 99 others); Wed, 5 Sep 2018 19:00:32 -0400 Received: from mx2.suse.de ([195.135.220.15]:49744 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727195AbeIEXAc (ORCPT ); Wed, 5 Sep 2018 19:00:32 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 4EBCBAF53; Wed, 5 Sep 2018 18:29:08 +0000 (UTC) Date: Wed, 5 Sep 2018 20:29:07 +0200 (CEST) From: Jiri Kosina To: Andrea Arcangeli cc: Andi Kleen , Tim Chen , "Schaufler, Casey" , Thomas Gleixner , Ingo Molnar , Peter Zijlstra , Josh Poimboeuf , "Woodhouse, David" , Oleg Nesterov , "linux-kernel@vger.kernel.org" , "x86@kernel.org" Subject: Re: [PATCH v3 1/3] ptrace: Provide ___ptrace_may_access() that can be applied on arbitrary tasks In-Reply-To: <20180905180459.GB11625@redhat.com> Message-ID: References: <31436186-88da-324e-88a0-8fdca7bf60ac@linux.intel.com> <99FC4B6EFCEFD44486C35F4C281DC67321447094@ORSMSX107.amr.corp.intel.com> <3f24e8c8-eab8-66c2-9a8d-957e30cac809@linux.intel.com> <20180905155823.GL27886@tassilo.jf.intel.com> <20180905180459.GB11625@redhat.com> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 5 Sep 2018, Andrea Arcangeli wrote: > ptrace_has_cap(tcred->user_ns, mode) is supposed to eventually lockup > hard if called from scheduler as it does some locking, and we fixed > that already half a year ago. > > Not sure how it's still unfixed in Jiri's codebase after so long, or > if it's an issue specific to 3.10 and upstream gets away without this. We haven't got any lockup reports in our kernels (and we do carry a variant of this patch), so it might be somehow specific to 3.10. > diff --git a/kernel/ptrace.c b/kernel/ptrace.c > index eb7862f185ff..4a8d0dd73c93 100644 > --- a/kernel/ptrace.c > +++ b/kernel/ptrace.c > @@ -285,7 +285,8 @@ int ___ptrace_may_access(struct task_struct *tracer, > gid_eq(caller_gid, tcred->sgid) && > gid_eq(caller_gid, tcred->gid)) > goto ok; > - if (ptrace_has_cap(tcred->user_ns, mode)) > + if (!(mode & PTRACE_MODE_NOACCESS_CHK) && > + ptrace_has_cap(tcred->user_ns, mode)) > goto ok; > rcu_read_unlock(); > return -EPERM; > @@ -296,7 +297,8 @@ ok: > dumpable = get_dumpable(task->mm); > rcu_read_lock(); > if (dumpable != SUID_DUMP_USER && > - !ptrace_has_cap(__task_cred(task)->user_ns, mode)) { > + ((mode & PTRACE_MODE_NOACCESS_CHK) || > + !ptrace_has_cap(__task_cred(task)->user_ns, mode))) { > rcu_read_unlock(); > return -EPERM; I will look into this whether it's still applicable or not, thanks a lot for the pointer. (and no, my testing of the patch I sent on current tree didn't produce any hangs -- was there a reliable way to trigger it on 3.10?). Thanks, -- Jiri Kosina SUSE Labs