| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 May 2011 16:02:48 -0700 From: John Stultz <john.stultz@...aro.org> To: LKML <linux-kernel@...r.kernel.org> Cc: John Stultz <john.stultz@...aro.org>, "Ted Ts'o" <tytso@....edu>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, David Rientjes <rientjes@...gle.com>, Dave Hansen <dave@...ux.vnet.ibm.com>, Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org Subject: [PATCH 0/3] v3 Improve task->comm locking situation Since my commit 4614a696bd1c3a9af3a08f0e5874830a85b889d4, the current->comm value could be changed by other threads. This changed the comm locking rules, which previously allowed for unlocked current->comm access, since only the thread itself could change its comm. While this was brought up at the time, it was not considered problematic, as the comm writing was done in such a way that only null or incomplete comms could be read. However, recently folks have made it clear they want to see this issue resolved. So fair enough, as I opened this can of worms, I should work to resolve it and this patchset is my initial attempt. The proposed solution here is to introduce a new seqlock that exclusively protects the comm value. We use it to serialize access via get_task_comm() and set_task_comm(). Since some comm access is open-coded using the task lock, we preserve the task locking in set_task_comm for now. Once all comm access is converted to using get_task_comm, we can clean that up as well. I've also introduced a printk %ptc accessor, which makes the conversion to locked access simpler (as most uses are for printks). And new in this version: I've added a checkpatch rule to try to catch any new current->comm users from being introduced. Although I suspect the script will need some additional work. Hopefully this will allow for a smooth transition, where we can slowly fix up the unlocked current->comm access bit by bit, reducing the race window with each patch, while not making the situation any worse then it was yesterday. Thanks for the comments and feedback so far. Any additional comments/feedback would still be appreciated. thanks -john CC: Ted Ts'o <tytso@....edu> CC: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com> CC: David Rientjes <rientjes@...gle.com> CC: Dave Hansen <dave@...ux.vnet.ibm.com> CC: Andrew Morton <akpm@...ux-foundation.org> CC: linux-mm@...ck.org John Stultz (3): comm: Introduce comm_lock seqlock to protect task->comm access printk: Add %ptc to safely print a task's comm checkpatch.pl: Add check for current->comm references fs/exec.c | 25 ++++++++++++++++++++----- include/linux/init_task.h | 1 + include/linux/sched.h | 5 ++--- lib/vsprintf.c | 27 +++++++++++++++++++++++++++ scripts/checkpatch.pl | 4 ++++ 5 files changed, 54 insertions(+), 8 deletions(-) -- 1.7.3.2.146.gca209 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists