Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2258720yba; Mon, 15 Apr 2019 08:06:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqyz420p/be3GMK7jceax2kQmrGKROZGCiOGqLyBxrSOSr0IHqQiHuSoeW8tV3lmvGzDcH1G X-Received: by 2002:a17:902:2862:: with SMTP id e89mr57160553plb.203.1555340792684; Mon, 15 Apr 2019 08:06:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555340792; cv=none; d=google.com; s=arc-20160816; b=XgdYVev4yTsIK31lY1Uo2yrH9a1XxE15FnwsQ7NWoyLT+9kIBJXIcF8CXd0G49zFSf 3m40Wy1sdByujG/ZfQXu8YTPVC8k+zR7kbdRmxmaF3cBQ2e5TNjhII08CPuLeSJXMhtZ 62lqHSlZtAlfDMSJAeEHgYdNfavGI+Uuqxm/7NLbJRyeNLAYkr3SdnqK1gCzhJrTIgBW Ln3MdvEZnQSq2s4W4A1vD6zbRM57zYaURo9bxym8Qs67oP1BBJ2CT2oIUq3PQwioXzIR kHd7HjPLb2Ov/lJRKl8TYnSk5DlSzVu800uDjcI+Q0MXEgnMOwE29yQopA6c8pZc8FnN PjqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=MWpPrUPvi4SjULcesQMDBYcLikAKu11tHq6m4aieEKE=; b=Q4/VoupfAGL6DKRXK9threwP04eKC983XMSlP6P+AH/W0tqXJ5LnkLRnUaDJR9QPe+ mUgrEmW+f467ohLPjCaAo3GAPjGR2WYTB8NzUWv4HaCR8O3NQ9uk9oiFdfVUGgQxmw+a kwxOboiAQTOuc7zkgf/dbVvxb0BCDejWZo9Y86OrFFUjgzdI3WPt6rB7wrVO72rx7XJf Ud83p9vkr5A9gKFrC7Hz1SiL7VzuEVOZN47J+bb5N1qUbTr+JJEr+oCmDTi4YeCdgw23 KKMdh3+16qsUyXSq2DPZFqMEDMeKGwGmdHWiNsUl2VS10El7w00EIWihGhK0iZbi/Bg6 sv5Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n129si40392949pgn.580.2019.04.15.08.06.16; Mon, 15 Apr 2019 08:06:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727447AbfDOPFc (ORCPT + 99 others); Mon, 15 Apr 2019 11:05:32 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50202 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726147AbfDOPFb (ORCPT ); Mon, 15 Apr 2019 11:05:31 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1DC1788AAE; Mon, 15 Apr 2019 15:05:27 +0000 (UTC) Received: from dhcp-27-174.brq.redhat.com (unknown [10.43.17.38]) by smtp.corp.redhat.com (Postfix) with SMTP id D1F9D19C57; Mon, 15 Apr 2019 15:05:21 +0000 (UTC) Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000 oleg@redhat.com; Mon, 15 Apr 2019 17:05:26 +0200 (CEST) Date: Mon, 15 Apr 2019 17:05:21 +0200 From: Oleg Nesterov To: Paul Moore Cc: Casey Schaufler , "chengjian (D)" , neilb@suse.com, Anna.Schumaker@netapp.com, keescook@chromium.org, "linux-kernel@vger.kernel.org" , viro@zeniv.linux.org.uk, "Xiexiuqi (Xie XiuQi)" , Li Bin , yanaijie@huawei.com, peterz@infradead.org, mingo@redhat.com, Linux Security Module list , selinux@vger.kernel.org Subject: Re: kernel BUG at kernel/cred.c:434! Message-ID: <20190415150520.GA13257@redhat.com> References: <6e4428ca-3da1-a033-08f7-a51e57503989@huawei.com> <20190415134331.GC22204@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 15 Apr 2019 15:05:31 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/15, Paul Moore wrote: > > On Mon, Apr 15, 2019 at 9:43 AM Oleg Nesterov wrote: > > Well, acct("/proc/self/attr/current") doesn't look like a good idea, but I do > > not know where should we put the additional check... And probably > > "echo /proc/self/attr/current > /proc/sys/kernel/core_pattern" can hit the > > same problem, do_coredump() does override_creds() too. > > > > May be just add > > > > if (current->cred != current->real_cred) > > return -EACCES; > > > > into proc_pid_attr_write(), I dunno. > > Is the problem that do_acct_process() is calling override_creds() and > the returned/old credentials are being freed before do_acct_process() > can reinstall the creds via revert_creds()? Presumably because the > process accounting is causing the credentials to be replaced? Afaics, the problem is that do_acct_process() does override_creds() and then __kernel_write(). Which calls proc_pid_attr_write(), which in turn calls selinux_setprocattr(), which does another prepare_creds() + commit_creds(); and commit_creds() hits BUG_ON(task->cred != old); Oleg.