Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp8652333imu; Tue, 4 Dec 2018 11:51:11 -0800 (PST) X-Google-Smtp-Source: AFSGD/VWUbhy9zlvXnURJMohhvbgi72et0xTQ1PTdXBiyPfpyCzxRhwijGvWpxbGZbGDwjI3j4hq X-Received: by 2002:a63:1904:: with SMTP id z4mr17253476pgl.135.1543953071598; Tue, 04 Dec 2018 11:51:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543953071; cv=none; d=google.com; s=arc-20160816; b=nZHKYY39heNh+cYzGNSc5MUMi/ljvGrmGG70i1X5OT/ZTaG8B47dwy+Nj8zfxusXXm xh9p/8rnTIPF5Q4kY39Q2zS121sNGqd6uaWa70XU5ngPgyO0Vw0WYZXELYw5ArGVrJna y+JOQ5MsnTVNo45TlU0XHou2vu0TLR9axS+v93Wuxoxd8qdpUA0U/brIxRvWMiJkki6K DKShG8j840tLEje+8wXc9fYnQw6mcqifPFdmpz0ycYJh4U3KtNZ20FpfK3R9XLxUfAMz /3w1KT0ByhKw0QFPHawRUiqykhcVmXjUep440fS5/UYxGhCzyG/f5rtJ/fT7t7nX54/m WhDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=WQarueTlVUuW6OTlUCByy80MaUVV6YeH2V65um6rXUQ=; b=MSpoSv2AhGaZNFHLAZMVw7HQdvkMQ33Sx+J2HVh/O0e1pMI5O+vyKsDEXziV98YHtp AzjK3qjiXQFNEyibYIP3KyqFc542HrU8c55tVU99kkZsE3gCzIE3paUL+mHFv0K0TeAO knsqMBufjmV922R8RoOMT6VhnNYFNVtRDET1P7Bl37mrIcLlGWWdKYgxznSvszOnhllI mHP63ojMjvSYJNDwyuTnCSCxsegJ6M0pgLger1/N+wZ50lD6YovTkxtwasYIA+69VvUH SqPFky2+MIIc42u3HSvqU7dmC8Ud7NgISlRAicntLc5Y9NswbzgnS/G59SnPtck+JeGu d+5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=KnLBUc5N; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h5si16107712pgc.237.2018.12.04.11.50.56; Tue, 04 Dec 2018 11:51:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=KnLBUc5N; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726337AbeLDTuH (ORCPT + 99 others); Tue, 4 Dec 2018 14:50:07 -0500 Received: from mail-lf1-f67.google.com ([209.85.167.67]:42523 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726293AbeLDTuE (ORCPT ); Tue, 4 Dec 2018 14:50:04 -0500 Received: by mail-lf1-f67.google.com with SMTP id l10so12884371lfh.9 for ; Tue, 04 Dec 2018 11:50:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WQarueTlVUuW6OTlUCByy80MaUVV6YeH2V65um6rXUQ=; b=KnLBUc5NlRQ18Ct4f5OxvzhNHe4P+iP9UvlGsmP05rRlmnlEXnvSr3TGEVnT8imPNG Zr8jqPF5DWHWftbG1dI/pAppTnCPlrsTfSw5dHMpqSoSQ5+I26RiU7WXYjH+oWYJVhif EHxoTKoXvZNsd7ehosZ+GdJqSRIz1jEVyuj+s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WQarueTlVUuW6OTlUCByy80MaUVV6YeH2V65um6rXUQ=; b=kdXtslVcN6YkRsuEAyIguqTCfkrQcslfivU6rsIC1E60dSovMEdOCandXW6rvzzMc8 hE3I2bTR21hQVtjsFqfV+zYrSQGK0Adp1spqu+5lvPiy1Fg+gU3oyzsg/jM4pPMVTNro Xsr8sONOk3+sSlt5vefEC8g3frY6uMoeZGkwGIncwbbGrRB4FpSdnIYR1+4v8plFNYfY k98XYSOc7SpRGfVKGzjfrEOWdrJ2pJG8FKvXySQiZp8GngYd5+/GbSm2GlMgQctTgxz2 RlZMjrRQs8OG9ZlyZx2nug5Gmfj4y7ksFtT/RLARmc9HnwNRvP82wheC+IVhZqgkGZeh BDyw== X-Gm-Message-State: AA+aEWbzq2fkxwixXu4Cqh+xBc3VUZeCzZQd2+SXvUX3aWl1vA+VKJiz KKmQ7FIFNW9gP03Zm1fDNotQgvCziu8= X-Received: by 2002:a19:920a:: with SMTP id u10mr12317051lfd.122.1543953002335; Tue, 04 Dec 2018 11:50:02 -0800 (PST) Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com. [209.85.167.45]) by smtp.gmail.com with ESMTPSA id m77sm3165582lfg.3.2018.12.04.11.50.01 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Dec 2018 11:50:01 -0800 (PST) Received: by mail-lf1-f45.google.com with SMTP id i26so12923839lfc.0 for ; Tue, 04 Dec 2018 11:50:01 -0800 (PST) X-Received: by 2002:a19:6e0b:: with SMTP id j11mr13308242lfc.124.1543953000774; Tue, 04 Dec 2018 11:50:00 -0800 (PST) MIME-Version: 1.0 References: <20181203123857.GS31738@dhcp22.suse.cz> <20181203131006.GA10054@amd> <20181203135351.GU31738@dhcp22.suse.cz> <20181203141459.GA14789@amd> <20181203141737.GY31738@dhcp22.suse.cz> <20181204090228.GC73770@gmail.com> <20181204091020.GD1286@dhcp22.suse.cz> <20181204093310.GE73770@gmail.com> <20181204095802.GF1286@dhcp22.suse.cz> <20181204181714.GR1286@dhcp22.suse.cz> In-Reply-To: From: Linus Torvalds Date: Tue, 4 Dec 2018 11:49:44 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] Revert "exec: make de_thread() freezable (was: Re: Linux 4.20-rc4) To: mhocko@kernel.org Cc: Ingo Molnar , pavel@ucw.cz, Oleg Nesterov , Linux List Kernel Mailing , rafael.j.wysocki@intel.com, chanho.min@lge.com, Thomas Gleixner , Peter Zijlstra Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 4, 2018 at 11:33 AM Linus Torvalds wrote: > > Looking at this, I'm agreeing that ot would be better to just try to > narrow down the cred_guard_mutex use a lot. Ho humm. This is a crazy idea, but I don't see why it wouldn't work. How about we: - stop holding on to cred_guard_mutex entirely in the exec path and instead just do: - prepare_bprm_creds takes a ref to our old creds, and saves it off in the bprm - security_bprm_{committing,committed}_creds() can do it's "is this a valid transition" using the saved-off old creds instead of the current creds because honestly, the *only* reason we hold on to that lock is for the insane and not really interesting case of "somebody tried to use ptrace to change the creds in-flight during the exec". Or maybe we could just add a task state flag that says "in exec, you can't modify the creds in this window, because we're about to switch to new creds". Again, no *normal* situation will even notice or care, I think. We hold the cred lock purely to make sure that the sequence from prepare_exec_creds -> install_exec_creds is "atomic" wrt credentials, and it already is for all the normal cases since this is all inside a single execve system call. Linus