Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2037750ybz;
        Thu, 30 Apr 2020 09:45:06 -0700 (PDT)
X-Google-Smtp-Source: APiQypIRftIh99qGKZEV/R93DWEIghc+x50ZqN/2E5w/gT2HXewvqz9QlQKeWiKKG+YIBLESZBlk
X-Received: by 2002:aa7:db41:: with SMTP id n1mr3609347edt.314.1588265105859;
        Thu, 30 Apr 2020 09:45:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1588265105; cv=none;
        d=google.com; s=arc-20160816;
        b=EGRkSGYN75+X3A/FRudAv6S4lr5L2MrHRUP5aZSFsiI+aJqSH8jHeRubKx4Z1/WtbC
         aX1oyMO9h6Ox/n/IXmmpZCvj+q84rKmBcr0/z9Pstff5qfQroX5uOFV/ogzX8wHQbuUz
         HUKnUaZaBY0YGhuoiijroM3vbu+6lPreuXlVrNeJToxRRlfNPz/PqTn70cXzp3MDmFft
         BaywVS2XPNwyXLaecVjZ+8P/Sd6KlkyZA309ifm/PcLP5oPlV+4juaTDRlJwg7k/x7Fr
         Zl5y92umxNABC6EG+qljy6z/vJ+SacIu/DtB+7xgbsdk0NbohDOjKlwk3QIDzhw4Xb9n
         VaCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=vnljVOaHYUquEixFmEii2Y5v/oewWMeOHc8temc1Ulk=;
        b=vLGMTCJ+BvLpM0RNkXXTwmRDAOdVnVEB63VXnY5T+65COomwKO6iZ/y/46tFHxgT6P
         cBqsgKDejFoC5blMmQE6KpqjMaPvPZwS1N/78eiiEjpbcgnJh/qgc4ekB6flq82GH3CI
         t1rYLrUD19KeOBBIgjHdR4PcyUKdpIGm9k5ysZSZBAu/r1mRYf++HNZqrrCMt/IhQ57l
         k9H9q3t+YAWdIIGJ4RorTqLrdHoo7LVMLTjR2583gZ7aZB/0MNdOeoaJ6/JMtvCKFVYp
         LlrBoxCVxHUI2HsNcBlVGaXclIs9UwThbDQjxDvKnfazvJuZJklHGZVqxLCA+s+N9mGm
         +bTw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=UuW8h6k5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l22si42732ejg.362.2020.04.30.09.44.42;
        Thu, 30 Apr 2020 09:45:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=UuW8h6k5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726415AbgD3QlF (ORCPT <rfc822;jaysonjohndmello@gmail.com>
        + 99 others); Thu, 30 Apr 2020 12:41:05 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53242 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL)
        by vger.kernel.org with ESMTP id S1726130AbgD3QlF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 30 Apr 2020 12:41:05 -0400
Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1DF5C035494
        for <linux-kernel@vger.kernel.org>; Thu, 30 Apr 2020 09:41:04 -0700 (PDT)
Received: by mail-lj1-x242.google.com with SMTP id j3so13630ljg.8
        for <linux-kernel@vger.kernel.org>; Thu, 30 Apr 2020 09:41:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=vnljVOaHYUquEixFmEii2Y5v/oewWMeOHc8temc1Ulk=;
        b=UuW8h6k5QG+STHncG4KPXUW+GCZ++u/mvP89xOPdTvhV2ev5G/ottNTcq1gJGPZZrm
         dZ0tWyBWwzm1CllG3jRSytf59dGIY1pHXI35E2Wm08EYYqw0giIVdPPtRyP7pZaHTFy8
         FBzoxdFEIm1NIrwWYwzd/qyWAbgfhpEil4RxM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=vnljVOaHYUquEixFmEii2Y5v/oewWMeOHc8temc1Ulk=;
        b=B5wu5TiAsNzB/nQqHRgXsE5AbcwJdiiZxIssnkvePRwTxHjLULaGwkgbOLAfzwGAaW
         0YI8RwAQiR1YUNbGs+2HoJBWU8xJ3iyzW2X7d4P6W84D6KbipV8XAt0gl7u2hStSjJGT
         Qeh+qByz/jfYdRsabda5m0BeSgw5z7mfni13T6+QeeWrMzBzF6Urd8aNmePJG6hcIJvH
         KNMk1Xp7rpMVTbUcSIWUXZRaWAa90Rgz4ApM3FcKPW1c1UB4T2snCtpWdmONysX0nEJl
         u2tu1LW9Yx5pYBvhFQ+v0lKCKGCzxUxAt5MLdKYdS3GNFjE9P18oMDSr3kC0QA2Q9WwA
         Fl5A==
X-Gm-Message-State: AGi0PuaQvKHRRhM+1gLesEQ1yYgK9SVc1xOZ0yVHpugISwEqVuNMnEry
        oeo2sgIhkqBggSKYmiRP00TNXbbpURM=
X-Received: by 2002:a2e:87d0:: with SMTP id v16mr87024ljj.137.1588264862590;
        Thu, 30 Apr 2020 09:41:02 -0700 (PDT)
Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com. [209.85.167.43])
        by smtp.gmail.com with ESMTPSA id a26sm210181ljm.45.2020.04.30.09.41.01
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 30 Apr 2020 09:41:01 -0700 (PDT)
Received: by mail-lf1-f43.google.com with SMTP id b20so1505419lff.2
        for <linux-kernel@vger.kernel.org>; Thu, 30 Apr 2020 09:41:01 -0700 (PDT)
X-Received: by 2002:ac2:4da1:: with SMTP id h1mr2734479lfe.152.1588264860980;
 Thu, 30 Apr 2020 09:41:00 -0700 (PDT)
MIME-Version: 1.0
References: <CAHk-=whJttTNFQn1fMYp91LZ90iHE7B2THZ8NjQ7fBwmWX9k6w@mail.gmail.com>
 <CAHk-=wjTLnMuZmBO2foeHhsLAoUTpUi7oBVJ67F4XKB+tdEDbQ@mail.gmail.com>
 <CAG48ez3EQOvdbzu9aO-cEAJwF_=fJzn1Cg0LMs3ruc=5r1ie5w@mail.gmail.com>
 <CAHk-=whTgFbjGTP=CqMWs_LOkY7bWvLQGYKwKx86amdbMovAkw@mail.gmail.com>
 <CAG48ez2-Nu2ALN6VEUZL-prtR_Kk8QYBHcnvuh0aU2e4zf37RA@mail.gmail.com>
 <CAHk-=wh=G47oD2F1CgOrvGFbEPh2ddMKLV4_wV_bs6S=98aZ5A@mail.gmail.com>
 <AM6PR03MB5170A6AA240D2E8F5E88B911E4AD0@AM6PR03MB5170.eurprd03.prod.outlook.com>
 <CAHk-=wguiKq8yf11WJjgSL4ADKZ5sLe_Qbd7vHEqAkTvZJ+d+Q@mail.gmail.com>
 <CAHk-=wjUZLybZBJgOtD2gng=FS7USrbQQ1-tn5M+UP5DbCWdzw@mail.gmail.com>
 <CAG48ez0FL3i4eGFYryOwG2nnS+JigfKYAVSV9ogVHjmjOWzsrA@mail.gmail.com>
 <CAHk-=wgcvn1_1kCkyourNCKeH+KrzSMRvc-ai_NLU4RGZT_XBg@mail.gmail.com>
 <AM6PR03MB5170CCB8D9D41904066DAFD5E4AA0@AM6PR03MB5170.eurprd03.prod.outlook.com>
 <CAHk-=wiOdXfMa35bwCNfCNSsAndO-hFmsSNRWEEDziA1iDYGjg@mail.gmail.com> <AM6PR03MB5170BC4A276D72EA54398C58E4AA0@AM6PR03MB5170.eurprd03.prod.outlook.com>
In-Reply-To: <AM6PR03MB5170BC4A276D72EA54398C58E4AA0@AM6PR03MB5170.eurprd03.prod.outlook.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu, 30 Apr 2020 09:40:44 -0700
X-Gmail-Original-Message-ID: <CAHk-=wjhZ4uS6XKxJdV0MZO1AN-vhvVmeSeGFSntk1GjpyPwjg@mail.gmail.com>
Message-ID: <CAHk-=wjhZ4uS6XKxJdV0MZO1AN-vhvVmeSeGFSntk1GjpyPwjg@mail.gmail.com>
Subject: Re: [GIT PULL] Please pull proc and exec work for 5.7-rc1
To:     Bernd Edlinger <bernd.edlinger@hotmail.de>
Cc:     Jann Horn <jannh@google.com>, Oleg Nesterov <oleg@redhat.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Waiman Long <longman@redhat.com>,
        Ingo Molnar <mingo@kernel.org>, Will Deacon <will@kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Alexey Gladkov <gladkov.alexey@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Apr 30, 2020 at 7:29 AM Bernd Edlinger
<bernd.edlinger@hotmail.de> wrote:
>
> Ah, now I see, that was of course not the intended effect,
> but that is not where the pseudo-deadlock happens at all,
> would returning -RESTARTNOINTR in this function make this
> patch acceptable, it will not have an effect on the test case?

So that was why I suggested doing it all with a helper function, and
also doing that

        set_thread_flag(TIF_SIGPENDING);

because without going through the "check-for-signals" code at return
to user space, -ERESTARTNOINTR doesn't actually _do_ any restart.

However, the more I looked at it, the less I actually liked that hack.

Part of it is simply because it can cause the exact same problem that
ptrace() does (at least in theory). And even if you don't get the
livelock thing, you can get the "use 100% CPU time" thing, because if
that case ever triggers, and we re-try, it will generally just _keep_
on triggering (think "execve is waiting for a zombie, nobody is
reaping it").

IOW, restarting doesn't really fix the problem, or guarantee any
forward progress.

So I'd have been ok with your "unsafe_exec_flag" if

 (a) it had been done in one place with a helper function.

 (b) it would _only_ trigger for ptrace (and perhaps seccomp).

but I don't think it works for that write() case.

That said, I'm not 100% convinced that that write() case really even
needs that cred_guard_mutex (renamed or not).

Maybe we can introduce a new mutex just against concurrent ptrace
(which is what at least the _comment_ says_ that
security_setprocattr() wants - I didn't check the actual low-level
security code).

So maybe that proc_pid_attr_write() case could be done some other way entirely.

Th emore we go through all this, the more I really think that Oleg's
patch to just delay the waiting for things until after dropping the
mutex in execve() is the way to go.

Is it a "simple" and small patch? No. But it really addresses the core
issue, without introducing new odd rules or special cases, or making a
lock that doesn't reliably work as a lock.

                      Linus