Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp4209891imm; Wed, 5 Sep 2018 12:30:19 -0700 (PDT) X-Google-Smtp-Source: ANB0VdalaVU/lrXmTm1CfYJ+m6ZXviavqJxYMq1nCr3CSWIJ62E6vs0x4qdHobsqfDtA3cxJbQt3 X-Received: by 2002:a17:902:b492:: with SMTP id y18-v6mr36223487plr.208.1536175819093; Wed, 05 Sep 2018 12:30:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536175819; cv=none; d=google.com; s=arc-20160816; b=eFpEILSrBDCZHW32fwYwfUdcnIZpDab1A74LRQ4esJLmmspznsBD1kpdDERZnU6mHA 2hNn46gy3q6igyR5WCZKpLfaEJyqmhJFF3KIJxsEVpzC/stv6Uvp0C/ojWlBpg7OJzpD h+glJnOSK7vQ2iHClG0d3ROh/6eoCWDrp44/dA4fr8C8e82QtzUSc4q/UwPfiTgn3Nfu FO10Zaf8zbJ2+jxh0Y5ZkOx8igAkKHa672+VtGiQRAjyECQ0QdMINLnwJCs493qTx0Qh 5dye8lBcRzeKiSKthX2juEAXztgfDAUuWeqIJKhme6qfE46A16kr6R7r3CLUDvIVqykM t4dQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :dlp-reaction:dlp-version:dlp-product:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from; bh=ipo24hqWEKvGhKAX5Rhm2mslAtZvW3mdUZcsiZU8unM=; b=Qz17yz8K5VXAKTzUXWQ9X1LtOEgBzjaD60xqlkpHikueXdVnqfk0Y/IpYoySY1uekc G3i65zr43VDz4q+cdrDN/KODgmuGCcSxR4dRNl71zVxYKy5HgWnRmkJWquqGJkvLDS21 4dMKI3jC7JQwl+zrh/GMesY6LKoW1yt+cBH/VLnqBI6ia0ZPt5HFwuv1AQSLXBsMskd+ cJG2Zgjl8XTQJpNR8eVVav0PyGEMJtOsJgcf14CJTBA+7QpJigwPK3gdAKM3fh7VYJDM 2qoZmGb1bEzIGO4m6MrxHUTL5O8KCgUNaYWs03leAFuTmwYQ0K27Y7yai7cRt7orDgFT O/fw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p3-v6si2605048pld.329.2018.09.05.12.30.02; Wed, 05 Sep 2018 12:30:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727795AbeIEX7s convert rfc822-to-8bit (ORCPT + 99 others); Wed, 5 Sep 2018 19:59:48 -0400 Received: from mga07.intel.com ([134.134.136.100]:27282 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727397AbeIEX7r (ORCPT ); Wed, 5 Sep 2018 19:59:47 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Sep 2018 12:28:12 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,334,1531810800"; d="scan'208";a="78250213" Received: from orsmsx109.amr.corp.intel.com ([10.22.240.7]) by FMSMGA003.fm.intel.com with ESMTP; 05 Sep 2018 12:27:59 -0700 Received: from orsmsx114.amr.corp.intel.com (10.22.240.10) by ORSMSX109.amr.corp.intel.com (10.22.240.7) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 5 Sep 2018 12:27:39 -0700 Received: from orsmsx107.amr.corp.intel.com ([169.254.1.245]) by ORSMSX114.amr.corp.intel.com ([169.254.8.8]) with mapi id 14.03.0319.002; Wed, 5 Sep 2018 12:27:39 -0700 From: "Schaufler, Casey" To: Peter Zijlstra , Andrea Arcangeli CC: Jiri Kosina , Andi Kleen , Tim Chen , Thomas Gleixner , "Ingo Molnar" , Josh Poimboeuf , "Woodhouse, David" , Oleg Nesterov , "linux-kernel@vger.kernel.org" , "x86@kernel.org" , "Schaufler, Casey" Subject: RE: [PATCH v3 1/3] ptrace: Provide ___ptrace_may_access() that can be applied on arbitrary tasks Thread-Topic: [PATCH v3 1/3] ptrace: Provide ___ptrace_may_access() that can be applied on arbitrary tasks Thread-Index: AQHURHR5V11JrRcNJkuXhYQimpS2TqTg18iA//+QVJCAAIQJAIAATdIAgAB0AQCAAKEDgIAAI1+AgAAGvoCAAAMgAIAABmIA//+QKGA= Date: Wed, 5 Sep 2018 19:27:38 +0000 Message-ID: <99FC4B6EFCEFD44486C35F4C281DC67321447823@ORSMSX107.amr.corp.intel.com> References: <31436186-88da-324e-88a0-8fdca7bf60ac@linux.intel.com> <99FC4B6EFCEFD44486C35F4C281DC67321447094@ORSMSX107.amr.corp.intel.com> <3f24e8c8-eab8-66c2-9a8d-957e30cac809@linux.intel.com> <20180905155823.GL27886@tassilo.jf.intel.com> <20180905180459.GB11625@redhat.com> <20180905184018.GC11625@redhat.com> <20180905190308.GD24082@hirez.programming.kicks-ass.net> In-Reply-To: <20180905190308.GD24082@hirez.programming.kicks-ass.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMDUyN2ZmODEtYzhiNi00M2UyLTg5MzQtNDhmOTZjMmVhZDE2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoidGU4eko2ZFF5SE5EeEFZVlVwWElBM09uUmh6UmZXcjJzdTRyWXNPa3B3bkdYVk1makFFMjRXdWVWNWEyVytuZyJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.22.254.138] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > -----Original Message----- > From: Peter Zijlstra [mailto:peterz@infradead.org] > Sent: Wednesday, September 05, 2018 12:03 PM > To: Andrea Arcangeli > Cc: Jiri Kosina ; Andi Kleen ; Tim Chen > ; Schaufler, Casey ; > Thomas Gleixner ; Ingo Molnar ; > Josh Poimboeuf ; Woodhouse, David > ; Oleg Nesterov ; linux- > kernel@vger.kernel.org; x86@kernel.org > Subject: Re: [PATCH v3 1/3] ptrace: Provide ___ptrace_may_access() that can > be applied on arbitrary tasks > > On Wed, Sep 05, 2018 at 02:40:18PM -0400, Andrea Arcangeli wrote: > > [ 1838.769917] <> [] > avc_compute_av+0x126/0x1b5 > > That does read_lock(), which is not allowed from scheduler context. > > > [ 1838.777125] [] ? walk_tg_tree_from+0xbe/0x110 > > [ 1838.783828] [] avc_has_perm_noaudit+0xc4/0x110 > > In current code this can end up in avc_update_node() which uses > spin_lock(), which is a bug from scheduler context.o > > > [ 1838.790628] [] cred_has_capability+0x6b/0x120 > > [ 1838.797331] [] ? ktime_get+0x4c/0xd0 > > [ 1838.803160] [] ? > clockevents_program_event+0x6b/0xf0 > > [ 1838.810532] [] selinux_capable+0x2e/0x40 > > [ 1838.816748] [] security_capable_noaudit+0x15/0x20 > > [ 1838.823829] [] has_ns_capability_noaudit+0x15/0x20 > > [ 1838.831014] [] ptrace_has_cap+0x35/0x40 > > [ 1838.837126] [] ___ptrace_may_access+0xa7/0x1e0 > > [ 1838.843925] [] __schedule+0x26e/0xa00 > > [ 1838.849855] [] schedule_preempt_disabled+0x29/0x70 > > [ 1838.857041] [] cpu_startup_entry+0x184/0x290 > > [ 1838.863637] [] start_secondary+0x1da/0x250 > > So yes, looks like all that security LSM nonsense isn't going to work > here. What won't work is using the ptrace code. That is one of the reasons why you can't just blindly use it. Look at the patch set I submitted and you'll see that the SELinux selinux_task_safe_sidechannel() hook does not do the things that cause the lockup.