Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp708072ybi; Thu, 30 May 2019 05:36:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqxKuF6odIMr6X0kbbB5dVtbSW1qTa1K+tRT2TiuuaNlcIa4smxrSfaVsfFAyPvRzbbtnHbj X-Received: by 2002:a63:eb55:: with SMTP id b21mr3444155pgk.67.1559219798657; Thu, 30 May 2019 05:36:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559219798; cv=none; d=google.com; s=arc-20160816; b=nlbhbJEqw+Jw9kpk63U3noFypLM7Ra9EUPrQ5I9C4WOqfbdRBlpTbYmNcQjMloiscV 4md7+S6PiVQdh1UVFDu/MchTlaO2Mk56B5vV0WCBw+gaxOQgKCVBQAXJR4jdgeUxrUWX Zgg6RwV4sjmjtL1hSW/hmTZ9El4kL1/YCWNnx8+3DX/1j5uqpe/3qKMhjIDIokG4fPCD iGkTwaagHdEQmnjZx39FAwVK3KNC1trUH+SEXbPwX0LSuTd4FQbc4VZf/WCLHwrl5b5o iJxDjbRfKlFSpy0gcNTLWrdokA5mN8B/R8qdwDmLZiTaPGM1jxsgLn2MKmQmBcW99+nK Q8FA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=x/hiBnPwz8n9vVuL4GbEmhkty+PFeIqVmF6u/AoaVi8=; b=X8mMges01m5TQoBukJnCF+JoAI+54oCujE3J1OTuYdB1gEsRhBse12KC4MFNsuIRUL 7BAsEyxwnDcnD2JYl4256Sd1RajT4ozqW2vX9b6LgiSFPBVSoi2BUIUZJcRB1fjCb6OF ujec52Uu8D12GfBeU+Y5iusx6QCSUm4HflolhplXRtI0HbIxhAeCGalqBJIbw59CwZqQ rL8DRwOAE0q9v3wh52ClZCYpcgi85fTFz53x/83WqXVHCGwg/tQ2CT+aV1vVacxj2qZo ovQXk1m14WZtP0PBZYqru3bIGCXQgWpW+6bEBsJWDx6D/X2f6d0NH4EfoQhfTs1K5U9S MFng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e20si2893253pgi.547.2019.05.30.05.36.21; Thu, 30 May 2019 05:36:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726583AbfE3Me7 (ORCPT + 99 others); Thu, 30 May 2019 08:34:59 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50286 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725919AbfE3Me6 (ORCPT ); Thu, 30 May 2019 08:34:58 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C61D5308A968; Thu, 30 May 2019 12:34:56 +0000 (UTC) Received: from dhcp-27-174.brq.redhat.com (unknown [10.43.17.159]) by smtp.corp.redhat.com (Postfix) with SMTP id 7778319748; Thu, 30 May 2019 12:34:54 +0000 (UTC) Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000 oleg@redhat.com; Thu, 30 May 2019 14:34:56 +0200 (CEST) Date: Thu, 30 May 2019 14:34:53 +0200 From: Oleg Nesterov To: Jann Horn Cc: "Eric W . Biederman" , Andrew Morton , Kees Cook , David Howells , linux-kernel@vger.kernel.org Subject: Re: [PATCH] ptrace: restore smp_rmb() in __ptrace_may_access() Message-ID: <20190530123452.GF22536@redhat.com> References: <20190529113157.227380-1-jannh@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190529113157.227380-1-jannh@google.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Thu, 30 May 2019 12:34:58 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/29, Jann Horn wrote: > > --- a/kernel/cred.c > +++ b/kernel/cred.c > @@ -450,6 +450,15 @@ int commit_creds(struct cred *new) > if (task->mm) > set_dumpable(task->mm, suid_dumpable); > task->pdeath_signal = 0; > + /* > + * If a task drops privileges and becomes nondumpable, > + * the dumpability change must become visible before > + * the credential change; otherwise, a __ptrace_may_access() > + * racing with this change may be able to attach to a task it > + * shouldn't be able to attach to (as if the task had dropped > + * privileges without becoming nondumpable). > + * Pairs with a read barrier in __ptrace_may_access(). > + */ > smp_wmb(); Hmm. Now that I tried to actually read this patch I do not understand this wmb(). commit_creds() does rcu_assign_pointer(real_cred) which implies smp_store_release(), the dumpability change must be visible before ->real_cred is updated without any additional barriers? Oleg.