Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2962152pxj; Mon, 14 Jun 2021 11:05:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzCUmAoR1vDu7MuyMynKrQE7/sRFsvn/YMys2YO7TPp19arOBWjFWDc4g799UoaaNV59OpR X-Received: by 2002:a17:906:4e93:: with SMTP id v19mr3882602eju.335.1623693928914; Mon, 14 Jun 2021 11:05:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623693928; cv=none; d=google.com; s=arc-20160816; b=GJ1AuJuKMnBMqJBh3eNPmFghMUFebP7szIyERtgi5pRdBa2faCmm2ximqPgfbGPEva XrgtfdCCcVsTdFxKWPqfmypoipCBIOfYLpPb7JlLmuV7CM9g6HGSPBK2upgknE48vUH+ WrUwidLrsly+9wm6WumxlXT1+ndQjhg5Ft3Qt1CQeEaeztJidTClD9xN+/yC5e5gNWRr nonONZwPHTOkcGBSrdrxeajoQIKmY2D8EKotHP8BlrNnbSpU4s9kB6b4ElL4lKWOp2Fg YRx4wNVXRMdegDEAh16fcHHuzfCxd/r9DbKc6N/v5TRpMU+KNj3n9TD9Z4PQvTLI6dv+ W+4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Hth5OJx5DLnrqVkGsO9sFZaOxm24SUjgcf7q16vYO9k=; b=akOqzTj2H10RC74WZDPJcCzEubit6Lo7YfO79vnzAwr3+kyuIniao65DYOKWlpFVzd eFvH2J2FVbyNdCLRZV1lJ49Mn6X1ICOk9s+BA+LgZWQBfCDjO9cv6V2HEIvKTSqcnFSf O2RBOMZCdL7udN4RMEtxhQDShuU6nP/lGgFEWP8vTg/Dr0T/wps/WsvbmOXF5WlvMJ/f ujF98NVCRbFxzFq4XXPEC6F9paNLOdHEtNSZRkFPqeLG2+lrgVgf/zykOGfW+EMrnIBE +Z5NrImxseYCErFJI0DuBaC4XgKgQqNsga8cCSQAErG1czx6Hci7bYMk2OO71kGQhHcN OMYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=SYh2bWEU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id yc6si8737877ejb.450.2021.06.14.11.05.06; Mon, 14 Jun 2021 11:05:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=SYh2bWEU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234150AbhFNSGI (ORCPT + 99 others); Mon, 14 Jun 2021 14:06:08 -0400 Received: from mail-lj1-f181.google.com ([209.85.208.181]:43912 "EHLO mail-lj1-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232776AbhFNSGI (ORCPT ); Mon, 14 Jun 2021 14:06:08 -0400 Received: by mail-lj1-f181.google.com with SMTP id r14so21254547ljd.10 for ; Mon, 14 Jun 2021 11:04:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Hth5OJx5DLnrqVkGsO9sFZaOxm24SUjgcf7q16vYO9k=; b=SYh2bWEUABHXqRB6ouYLMnFXIxkuBj3g9OGoJcjymr/uDkZ0b2ocpQIxY7OD3aoqry y/WDysWKakiopu5mag8D+4V2VdjD01blp+N5edF/BQ0EXgzT8QLbBsWXILbf7+h84XUb ftZIOw1NIhwgxMzRUzmXKeXGQC6u8yO//bp98= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Hth5OJx5DLnrqVkGsO9sFZaOxm24SUjgcf7q16vYO9k=; b=RZvyqxrPut5Sxyjw1A8nLJYiiGv13A+0GPqooLo635FQ+Z+NgOUACYiwhUUEUJ3ZVw w9kMsU/0R7+jz8NfFWsMuvsHEIaGgF+GeU7w2UlGwm5XwTEoVRWx9EqhoiauWpYJsT5P owq6tOPUE1v0KRZYlKIytL1wBbhnul0ThNm9Vk51CTVYdglAbJ1Hun1GgO07JWkDPCmA tTmghAj9ATT+BXXYpRNxcjvL2KPWx2dglNQAwAhAFH89tJ221GarrM/XeP5FWFW3gRYy 2mOOQ+3VlX4dnTNbpLOHsfttwy3AQQrW+nTyw5UVB7XyPakdbYNd5t7LKFa+8vfCBn5/ ZyxQ== X-Gm-Message-State: AOAM532K/YAcw7G8G72jkUXlHrRM+lz5Iin3hH2NMruWvhkGgDWzOhFt 2MIeSPGIhXfqrdmnnP8RDT5m8GiYwSA2EilLutU= X-Received: by 2002:a2e:9e16:: with SMTP id e22mr13739144ljk.447.1623693783757; Mon, 14 Jun 2021 11:03:03 -0700 (PDT) Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com. [209.85.167.45]) by smtp.gmail.com with ESMTPSA id p9sm1547095lfo.276.2021.06.14.11.03.02 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Jun 2021 11:03:02 -0700 (PDT) Received: by mail-lf1-f45.google.com with SMTP id r198so22488707lff.11 for ; Mon, 14 Jun 2021 11:03:02 -0700 (PDT) X-Received: by 2002:a05:6512:3f82:: with SMTP id x2mr12358175lfa.421.1623693782157; Mon, 14 Jun 2021 11:03:02 -0700 (PDT) MIME-Version: 1.0 References: <20210608171221.276899-1-keescook@chromium.org> <20210614100234.12077-1-youling257@gmail.com> <202106140826.7912F27CD@keescook> <202106140941.7CE5AE64@keescook> In-Reply-To: <202106140941.7CE5AE64@keescook> From: Linus Torvalds Date: Mon, 14 Jun 2021 11:02:46 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] proc: Track /proc/$pid/attr/ opener mm_struct To: Kees Cook Cc: youling257 , Christian Brauner , Andrea Righi , Linux Kernel Mailing List , stable , regressions@lists.linux.dev, LSM List , Paul Moore , Stephen Smalley , SElinux list Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 14, 2021 at 9:45 AM Kees Cook wrote: > > /* A task may only write when it was the opener. */ > - if (file->private_data != current->mm) > + if (!file->private_data || file->private_data != current->mm) I don't think this is necessary. If file->private_data is NULL, then the old test for private_data != current->mm will still work just fine. Because if you can fool kernel threads to do the write for you, you have bigger security issues than that test. Linus