lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1305682865-27111-1-git-send-email-john.stultz@linaro.org>
Date:	Tue, 17 May 2011 18:41:01 -0700
From:	John Stultz <john.stultz@...aro.org>
To:	LKML <linux-kernel@...r.kernel.org>
Cc:	John Stultz <john.stultz@...aro.org>,
	Joe Perches <joe@...ches.com>, Ingo Molnar <mingo@...e.hu>,
	Michal Nazarewicz <mina86@...a86.com>,
	Andy Whitcroft <apw@...onical.com>,
	Jiri Slaby <jirislaby@...il.com>,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	David Rientjes <rientjes@...gle.com>,
	Dave Hansen <dave@...ux.vnet.ibm.com>,
	Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org
Subject: [PATCH 0/4] v6 Improve task->comm locking situation

v6 tries to address the latest round of issues. Again, hopefully
this is getting close to something that can be queued for 2.6.40.

Since my commit 4614a696bd1c3a9af3a08f0e5874830a85b889d4, the
current->comm value could be changed by other threads.

This changed the comm locking rules, which previously allowed for
unlocked current->comm access, since only the thread itself could
change its comm.

While this was brought up at the time, it was not considered
problematic, as the comm writing was done in such a way that
only null or incomplete comms could be read. However, recently
folks have made it clear they want to see this issue resolved.

So fair enough, as I opened this can of worms, I should work
to resolve it and this patchset is my initial attempt.

The proposed solution here is to introduce a new spinlock that
exclusively protects the comm value. We use it to serialize
access via get_task_comm() and set_task_comm(). Since some 
comm access is open-coded using the task lock, we preserve
the task locking in set_task_comm for now. Once all comm 
access is converted to using get_task_comm, we can clean that
up as well.

I've also introduced a printk %ptc accessor, which makes the
conversion to locked access simpler (as most uses are for printks)
as well as a checkpatch rule to try to catch any new current->comm
users from being introduced.

New in this version: More tweaks to the checkpatch regex, and 
added a unlocked task->comm accessor for performance critical
code paths that can handle the potential null or incomplete comm.

Hopefully this will allow for a smooth transition, where we can
slowly fix up the unlocked current->comm access bit by bit,
reducing the race window with each patch, while not making the
situation any worse then it was yesterday.

Thanks for the comments and feedback so far. 
Any additional comments/feedback would still be appreciated.

thanks
-john

CC: Joe Perches <joe@...ches.com>
CC: Ingo Molnar <mingo@...e.hu>
CC: Michal Nazarewicz <mina86@...a86.com>
CC: Andy Whitcroft <apw@...onical.com>
CC: Jiri Slaby <jirislaby@...il.com>
CC: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>
CC: David Rientjes <rientjes@...gle.com>
CC: Dave Hansen <dave@...ux.vnet.ibm.com>
CC: Andrew Morton <akpm@...ux-foundation.org>
CC: linux-mm@...ck.org

John Stultz (4):
  comm: Introduce comm_lock spinlock to protect task->comm access
  comm: Add lock-free task->comm accessor
  printk: Add %ptc to safely print a task's comm
  checkpatch.pl: Add check for task comm references

 fs/exec.c                 |   32 +++++++++++++++++++++++++++++---
 include/linux/init_task.h |    1 +
 include/linux/sched.h     |    6 +++---
 kernel/fork.c             |    1 +
 lib/vsprintf.c            |   24 ++++++++++++++++++++++++
 scripts/checkpatch.pl     |    6 ++++++
 6 files changed, 64 insertions(+), 6 deletions(-)

-- 
1.7.3.2.146.gca209

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ