lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220219115050.3635237-1-brauner@kernel.org>
Date:   Sat, 19 Feb 2022 12:50:50 +0100
From:   Christian Brauner <brauner@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org
Subject: [GIT PULL] pidfd for v5.17-rc4

Hi Linus,

/* Summary */
This fixes a problem reported by lockdep when installing a pidfd via
fd_install() with siglock and the tasklisk write lock held in copy_process()
when calling clone()/clone3() with CLONE_PIDFD.
Originally a pidfd was created prior to holding any of these locks but this
required a call to ksys_close(). So quite some time ago in 6fd2fe494b17
("copy_process(): don't use ksys_close() on cleanups") we switched to a
get_unused_fd_flags() + fd_install() model. As part of that we moved
fd_install() as late as possible. This was done for two main reasons. First,
because we needed to ensure that we call fd_install() past the point of no
return as once that's called the fd is live in the task's file table. Second,
because we tried to ensure that the fd is visible in /proc/<pid>/fd/<pidfd>
right when the task is visible.

This fix moves the fd_install() to an even later point which means that a task
will be visible in proc while the pidfd isn't yet under /proc/<pid>/fd/<pidfd>.
While this is a user visible change it's very unlikely that this will have any
impact. Nobody should be relying on that and if they do we need to come up with
something better but again, it's doubtful this is relevant.

/* Testing */
All patches are based on v5.17-rc3 and have been sitting in linux-next. No
build failures or warnings were observed.

/* Conflicts */
At the time of creating this PR no merge conflicts showed up doing a test-merge
with current mainline.

The following changes since commit dfd42facf1e4ada021b939b4e19c935dcdd55566:

  Linux 5.17-rc3 (2022-02-06 12:20:50 -0800)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/brauner/linux tags/pidfd.v5.17-rc4

for you to fetch changes up to ddc204b517e60ae64db34f9832dc41dafa77c751:

  copy_process(): Move fd_install() out of sighand->siglock critical section (2022-02-11 09:28:32 +0100)

Please consider pulling these changes from the signed pidfd.v5.17-rc4 tag.

Thanks!
Christian

----------------------------------------------------------------
pidfd.v5.17-rc4

----------------------------------------------------------------
Waiman Long (1):
      copy_process(): Move fd_install() out of sighand->siglock critical section

 kernel/fork.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ