Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp3454393ybf; Tue, 3 Mar 2020 06:21:44 -0800 (PST) X-Google-Smtp-Source: ADFU+vv9DONS21G0xogLwDI2WcyIId4ym00pWdxnGwmq+fjqQ8OVhGD6ruccuCkNz1cSpo8DyVFa X-Received: by 2002:a05:6808:2c4:: with SMTP id a4mr2667708oid.176.1583245304665; Tue, 03 Mar 2020 06:21:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583245304; cv=none; d=google.com; s=arc-20160816; b=pPX1sJ96lk5PaoJAm1Sl9r86uGtU/DK+WjVrpdUDpbwIYaUM+CvGMZKjx3dCYzXpP5 6B0zmzhHXPETubxtKrT10r1kkCCFZ0DSL3tXoOUrhqgnXlNA3Qw+Py69+wd5GygFypHX eKzOqwzLMpBiSBrBmNGuo6suKJZCFdO15kSx3z+pFkrd94nY2voH0v+YI30je6zwwgPt SX7rwO6OGMNjqQw6NEIzyerWqtPGkniCXpxweV/wDYVJt5kx1Th/gdQLlO2jhQwiVwq1 9h8fH5h65rER39wXwUCzAXbRjLGy6QsQHohScGbdXFg+C5h+U9REp9q3FdLJjr2fL+Ur hesA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=jhHTbsqqJ6CzIJeXSzkuTWx+xbGNaxvtKP2fVl48tpg=; b=EavLR5dOyvdcHhM4UVeuEDfi45tpX7zck0UWqz2HHVvxk334+T7txz7e7EYrSOQyQF zP1Fgp5nK4d26wRP4ORtc7RCousHdQ3e1vWQr1F0wsqH+MGLxmzVR9DmQT7OFrMwujPt OoFR2zMexCC521Qd5UJamUHW0FnhK84CLE6Uz6JJtCqdGuiDq3FYeIwuYaXgOuYkxuRc O05lQRXGKwhG1SEMMGDqVt5W08jvNWhKsXINuGOzEPNCjtB59ld7g8mEs39v8cdz/01H Soqe1slLTF7n6ncFz+GejqHwrbJiA0WJ6tz/n7gjbpGltmbN8J7fvGR9vidcC8CqyYTb Fy7A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b6si5020983oic.250.2020.03.03.06.21.32; Tue, 03 Mar 2020 06:21:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728882AbgCCOVY (ORCPT + 99 others); Tue, 3 Mar 2020 09:21:24 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:44158 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728113AbgCCOVY (ORCPT ); Tue, 3 Mar 2020 09:21:24 -0500 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j98Pg-0002Id-SV; Tue, 03 Mar 2020 14:20:49 +0000 Date: Tue, 3 Mar 2020 15:20:47 +0100 From: Christian Brauner To: Bernd Edlinger Cc: Kees Cook , "Eric W. Biederman" , Jann Horn , Jonathan Corbet , Alexander Viro , Andrew Morton , Alexey Dobriyan , Thomas Gleixner , Oleg Nesterov , Frederic Weisbecker , Andrei Vagin , Ingo Molnar , "Peter Zijlstra (Intel)" , Yuyang Du , David Hildenbrand , Sebastian Andrzej Siewior , Anshuman Khandual , David Howells , James Morris , Greg Kroah-Hartman , Shakeel Butt , Jason Gunthorpe , Christian Kellner , Andrea Arcangeli , Aleksa Sarai , "Dmitry V. Levin" , "linux-doc@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "linux-mm@kvack.org" , "stable@vger.kernel.org" Subject: Re: [PATCHv4] exec: Fix a deadlock in ptrace Message-ID: <20200303142047.mrenhvhihe5sm5wv@wittgenstein> References: <87k142lpfz.fsf@x220.int.ebiederm.org> <875zfmloir.fsf@x220.int.ebiederm.org> <87v9nmjulm.fsf@x220.int.ebiederm.org> <202003021531.C77EF10@keescook> <20200303085802.eqn6jbhwxtmz4j2x@wittgenstein> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 03, 2020 at 11:23:31AM +0000, Bernd Edlinger wrote: > On 3/3/20 11:34 AM, Bernd Edlinger wrote: > > On 3/3/20 9:58 AM, Christian Brauner wrote: > >> So one issue I see with having to reacquire the cred_guard_mutex might > >> be that this would allow tasks holding the cred_guard_mutex to block a > >> killed exec'ing task from exiting, right? > >> > > > > Yes maybe, but I think it will not be worse than it is now. > > Since the second time the mutex is acquired it is done with > > mutex_lock_killable, so at least kill -9 should get it terminated. > > > > > > > static void free_bprm(struct linux_binprm *bprm) > > { > > free_arg_pages(bprm); > > if (bprm->cred) { > > + if (!bprm->called_flush_old_exec) > > + mutex_lock(¤t->signal->cred_guard_mutex); > > + current->signal->cred_locked_for_ptrace = false; > > mutex_unlock(¤t->signal->cred_guard_mutex); > > > Hmm, cough... > actually when the mutex_lock_killable fails, due to kill -9, in flush_old_exec > free_bprm locks the same mutex, this time unkillable, but I should better do > mutex_lock_killable here, and if that fails, I can leave cred_locked_for_ptrace, > it shouldn't matter, since this is a fatal signal anyway, right? I think so, yes.