| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Mar 2012 18:13:49 +0400 From: Cyrill Gorcunov <gorcunov@...nvz.org> To: Oleg Nesterov <oleg@...hat.com> Cc: Matt Helsley <matthltc@...ibm.com>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, Pavel Emelyanov <xemul@...allels.com>, Kees Cook <keescook@...omium.org>, Tejun Heo <tj@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [RFC] c/r: prctl: Add ability to set new mm_struct::exe_file v3 On Fri, Mar 09, 2012 at 02:47:32PM +0100, Oleg Nesterov wrote: > On 03/09, Cyrill Gorcunov wrote: > > > > On Fri, Mar 09, 2012 at 04:57:35PM +0400, Cyrill Gorcunov wrote: > > > > > > yeah, thanks, will update. > > > > > > > This one should fit all requirements I hope. > > Oh, sorry Cyrill, I simply can't resist... Hehe ;) No problem, please continue complaining, I don't wanna miss something and try to merge a patch with nit/error/or-whatever. > > + /* > > + * Setting new mm::exe_file is only allowed > > + * when no VM_EXECUTABLE vma's left. This is > > + * a special C/R case when a restored program > > + * need to change own /proc/$pid/exe symlink. > > + * After this call mm::num_exe_file_vmas become > > + * meaningless. If mm::num_exe_file_vmas will > > + * ever increase back from zero -- this code > > + * needs to be revised, thus WARN_ here, just > > + * to be sure. > > To be shure in what?? To be sure it's not increased somewhere else before down_write taken. > > > + */ > > + down_write(&mm->mmap_sem); > > + WARN_ON_ONCE(mm->num_exe_file_vmas); > > We already checked it is zero. Yes, it shouldn't grow. But why > do we need another check here? > > If it can grow, it can grow after we drop mmap_sem as well and > this would be wrong. So may be we need another WARN_ON() at the > end? > > I'd understand if you add something like > > WARN_ON(!mm->num_exe_file_vmas && !current->in_exec); > > into added_exe_file_vma(). > > Or > WARN_ON(mm->num_exe_file_vmas <= 0); > > into removed_exe_file_vma(). This one looks like a good idea for me -- it's cheap and not a hot path. > > But imho your WARN looks like "OK, I checked it lockless but I > am not sure this is correct". Oleg, I bet if someone will be changing num_exe_file_vmas overall idea -- this prctl code will be fixed at last moment (if ever) only because it's very specific, so I wanted to not miss such moment and add some check that the rest of the kernel is in a good state. This test is cheap but may prevent potential problem if one day mm::exe_file concept will be reworked. Sure I can simply drop this WARN_ON ;) Cyrill -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists