Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp430551imm;
        Sat, 22 Sep 2018 03:20:59 -0700 (PDT)
X-Google-Smtp-Source: ACcGV62Q1393QCh3OSPOIpnlJr2pHwRFUb/kFTPuvsOt4vdNIuASEnUstFqEE5arCG4SCl99UXM/
X-Received: by 2002:a17:902:4e:: with SMTP id 72-v6mr2024488pla.318.1537611659450;
        Sat, 22 Sep 2018 03:20:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1537611659; cv=none;
        d=google.com; s=arc-20160816;
        b=i9PNGwZ8Z0zY8bky9nGBBlsb/F7crgiMrpGJ6uWIqJLxeXm7YFiEqKNA/LBMNYRmvN
         LiglIVitZJqjdy9PfjVXBpGuG6R2eU6AGK5AkC6ohBDHrNIyUWsCVuZQjOXJQHjNE4vj
         yHmZbtTC9bx2Z8OkvY+qH4wnO1lKAgxvCTi7+5lV/I3gWEtSkCyVaTVKpNM1A0Ky+UyD
         CTFLWBpqfydv8wBlsNGTZDPp+TIAJyVXN/d6a9RshT4MLXCizqXGkOrh+RlntU25Qlek
         KfBpVoZT8k5KJUH+JOXM7fwyB25v0O5GA0Vw+LCCqc6ebj226qcqigG/ZbFqNHjJZu7A
         781g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=1bNhqFpd+/d6m4CxLiz9FXUYWUZNpxNbSe5s88iOrO4=;
        b=g/im07N0VqHAadpyqig4/5jdBb1XA1X81o9kC2Bql7LDAYNhCYX1m1b6zwmDuPrM3C
         NMqpjpRDb1uKdWjOBOmrxJ/7mPfEA9BqFZ+KTpST+FMW2mkqsRg75YCRAwJuWpyW68HC
         cH8QoJlOvSbbSbRDDh8a9nt8ASUAlcis5+kol9B+Udlmq+Hv7iVx69Re1yJmzJ2jfHHL
         8vr7hyvnGGFncAjFSIgXvUyM6bX0ancSK5Pr9AgnqjjDM+B8mb4ZeTmPanj+KyoX8Vox
         wBSoh4jaLLFShGgsznSjnF3vVP2uTEXWq3rsgylsjZ9YwSoPIMwxP7P86wkmQZIq0LsR
         bTAg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=ufkh0eZM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p14-v6si29517119pgg.67.2018.09.22.03.20.40;
        Sat, 22 Sep 2018 03:20:59 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=ufkh0eZM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728320AbeIVQMF (ORCPT <rfc822;uzarths@gmail.com> + 99 others);
        Sat, 22 Sep 2018 12:12:05 -0400
Received: from merlin.infradead.org ([205.233.59.134]:49924 "EHLO
        merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727324AbeIVQME (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 22 Sep 2018 12:12:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version:
        References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:
        Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
        Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
        List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
         bh=1bNhqFpd+/d6m4CxLiz9FXUYWUZNpxNbSe5s88iOrO4=; b=ufkh0eZMNlfjPKRCKJOyCnEAS
        +R+JP48Y5oaRDzHLuDi4G0unQvB20kqkyYHyIKVPUZA6/XlBYEDQ+BfvvBmuhI028ME6wd3sV55YR
        EgPGlLhielvTpiU30hW658iOIjsa1J3enXkx+LOrWIFsVWafz8jo5oWMcpgaTF9NtLRgtEruRFOiY
        gv1ezIa1Wb/xl3RgAC243BHQRXwvBIOanT26HzlHx3tg40N0eZacXJrUZpjZajsnM5H8XbNe6rns7
        rZUOc5ppieW8TgvYq+9UZlhucXKPOM85d921GuEfX6oc9hro3hrAUUS+d3OZJYv/1OU3gMoYQcYS8
        srguGPsiw==;
Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=hirez.programming.kicks-ass.net)
        by merlin.infradead.org with esmtpsa (Exim 4.90_1 #2 (Red Hat Linux))
        id 1g3ezv-0004Zb-5e; Sat, 22 Sep 2018 10:18:48 +0000
Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000)
        id 149412024E449; Sat, 22 Sep 2018 12:18:44 +0200 (CEST)
Date:   Sat, 22 Sep 2018 12:18:44 +0200
From:   Peter Zijlstra <peterz@infradead.org>
To:     Thomas Gleixner <tglx@linutronix.de>
Cc:     Jiri Kosina <jikos@kernel.org>,
        "Schaufler, Casey" <casey.schaufler@intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        "Woodhouse, David" <dwmw@amazon.co.uk>,
        Andi Kleen <ak@linux.intel.com>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "x86@kernel.org" <x86@kernel.org>
Subject: Re: [PATCH v6 0/3] Harden spectrev2 userspace-userspace protection
Message-ID: <20180922101844.GF24124@hirez.programming.kicks-ass.net>
References: <nycvar.YFH.7.76.1809101119280.15880@cbobk.fhfr.pm>
 <nycvar.YFH.7.76.1809121055070.15880@cbobk.fhfr.pm>
 <99FC4B6EFCEFD44486C35F4C281DC6732144EA58@ORSMSX107.amr.corp.intel.com>
 <20180919154828.GJ24124@hirez.programming.kicks-ass.net>
 <nycvar.YFH.7.76.1809220936520.15880@cbobk.fhfr.pm>
 <alpine.DEB.2.21.1809221022250.1391@nanos.tec.linutronix.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.DEB.2.21.1809221022250.1391@nanos.tec.linutronix.de>
User-Agent: Mutt/1.10.0 (2018-05-17)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, Sep 22, 2018 at 11:53:14AM +0200, Thomas Gleixner wrote:
> @@ -86,6 +88,7 @@ extern void exit_ptrace(struct task_stru
>   * process_vm_writev or ptrace (and should use the real credentials).
>   */
>  extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
> +extern bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode);

I like that..

>  static inline int ptrace_reparented(struct task_struct *child)
>  {
> --- a/kernel/ptrace.c
> +++ b/kernel/ptrace.c

> +bool ptrace_may_access_sched(struct task_struct *task, unsigned int mode)
> +{
> +	struct mm_struct *mm;
> +	int res;
> +
> +	res = __ptrace_may_access_basic(task, mode);
> +	if (res <= 0)
> +		return !res;
> +
> +	rcu_read_lock();
> +	res = __ptrace_may_access_cred(__task_cred(task), mode);
>  	rcu_read_unlock();
> +	if (res)
> +		return false;
> +
> +	mm = task->mm;
> +	if (mm && get_dumpable(mm) != SUID_DUMP_USER)
> +		return false;
> +	return true;
> +}
> +
> +/* Returns 0 on success, -errno on denial. */
> +static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
> +{
> +	const struct cred *tcred;
> +	struct mm_struct *mm;
> +	int res;
> +
> +	res = __ptrace_may_access_basic(task, mode);
> +	if (res <= 0)
> +		return res;
> +
> +	rcu_read_lock();
> +	tcred = __task_cred(task);
> +	res = __ptrace_may_access_cred(tcred, mode);
> +	if (res > 0)
> +		res = ptrace_has_cap(tcred->user_ns, mode) ? 0 : -EPERM;
>  	rcu_read_unlock();
> +	if (res < 0)
> +		return res;
> +
>  	mm = task->mm;
> +	if (mm && (get_dumpable(mm) != SUID_DUMP_USER &&
> +		   !ptrace_has_cap(mm->user_ns, mode)))
> +		return -EPERM;
>  
>  	return security_ptrace_access_check(task, mode);
>  }

This has some unfortunate duplication.

Lets go with it for now, but I'll see if I can do something about that
later.