signals: move cred_guard_mutex from task_struct to signal_struct
Oleg Nesterov pointed out we have to prevent multiple-threads-inside-exec itself and we can reuse ->cred_guard_mutex for it. Yes, concurrent execve() has no worth. Let's move ->cred_guard_mutex from task_struct to signal_struct. It naturally prevent multiple-threads-inside-exec. Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Roland McGrath <roland@redhat.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
b840115083
commit
9b1bf12d5d
8 changed files with 21 additions and 20 deletions
10
fs/exec.c
10
fs/exec.c
|
@ -1083,14 +1083,14 @@ EXPORT_SYMBOL(setup_new_exec);
|
||||||
*/
|
*/
|
||||||
int prepare_bprm_creds(struct linux_binprm *bprm)
|
int prepare_bprm_creds(struct linux_binprm *bprm)
|
||||||
{
|
{
|
||||||
if (mutex_lock_interruptible(¤t->cred_guard_mutex))
|
if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex))
|
||||||
return -ERESTARTNOINTR;
|
return -ERESTARTNOINTR;
|
||||||
|
|
||||||
bprm->cred = prepare_exec_creds();
|
bprm->cred = prepare_exec_creds();
|
||||||
if (likely(bprm->cred))
|
if (likely(bprm->cred))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
mutex_unlock(¤t->cred_guard_mutex);
|
mutex_unlock(¤t->signal->cred_guard_mutex);
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1098,7 +1098,7 @@ void free_bprm(struct linux_binprm *bprm)
|
||||||
{
|
{
|
||||||
free_arg_pages(bprm);
|
free_arg_pages(bprm);
|
||||||
if (bprm->cred) {
|
if (bprm->cred) {
|
||||||
mutex_unlock(¤t->cred_guard_mutex);
|
mutex_unlock(¤t->signal->cred_guard_mutex);
|
||||||
abort_creds(bprm->cred);
|
abort_creds(bprm->cred);
|
||||||
}
|
}
|
||||||
kfree(bprm);
|
kfree(bprm);
|
||||||
|
@ -1119,13 +1119,13 @@ void install_exec_creds(struct linux_binprm *bprm)
|
||||||
* credentials; any time after this it may be unlocked.
|
* credentials; any time after this it may be unlocked.
|
||||||
*/
|
*/
|
||||||
security_bprm_committed_creds(bprm);
|
security_bprm_committed_creds(bprm);
|
||||||
mutex_unlock(¤t->cred_guard_mutex);
|
mutex_unlock(¤t->signal->cred_guard_mutex);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(install_exec_creds);
|
EXPORT_SYMBOL(install_exec_creds);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* determine how safe it is to execute the proposed program
|
* determine how safe it is to execute the proposed program
|
||||||
* - the caller must hold current->cred_guard_mutex to protect against
|
* - the caller must hold ->cred_guard_mutex to protect against
|
||||||
* PTRACE_ATTACH
|
* PTRACE_ATTACH
|
||||||
*/
|
*/
|
||||||
int check_unsafe_exec(struct linux_binprm *bprm)
|
int check_unsafe_exec(struct linux_binprm *bprm)
|
||||||
|
|
|
@ -226,7 +226,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
|
||||||
{
|
{
|
||||||
struct mm_struct *mm;
|
struct mm_struct *mm;
|
||||||
|
|
||||||
if (mutex_lock_killable(&task->cred_guard_mutex))
|
if (mutex_lock_killable(&task->signal->cred_guard_mutex))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
mm = get_task_mm(task);
|
mm = get_task_mm(task);
|
||||||
|
@ -235,7 +235,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
|
||||||
mmput(mm);
|
mmput(mm);
|
||||||
mm = NULL;
|
mm = NULL;
|
||||||
}
|
}
|
||||||
mutex_unlock(&task->cred_guard_mutex);
|
mutex_unlock(&task->signal->cred_guard_mutex);
|
||||||
|
|
||||||
return mm;
|
return mm;
|
||||||
}
|
}
|
||||||
|
@ -2354,14 +2354,14 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
|
||||||
goto out_free;
|
goto out_free;
|
||||||
|
|
||||||
/* Guard against adverse ptrace interaction */
|
/* Guard against adverse ptrace interaction */
|
||||||
length = mutex_lock_interruptible(&task->cred_guard_mutex);
|
length = mutex_lock_interruptible(&task->signal->cred_guard_mutex);
|
||||||
if (length < 0)
|
if (length < 0)
|
||||||
goto out_free;
|
goto out_free;
|
||||||
|
|
||||||
length = security_setprocattr(task,
|
length = security_setprocattr(task,
|
||||||
(char*)file->f_path.dentry->d_name.name,
|
(char*)file->f_path.dentry->d_name.name,
|
||||||
(void*)page, count);
|
(void*)page, count);
|
||||||
mutex_unlock(&task->cred_guard_mutex);
|
mutex_unlock(&task->signal->cred_guard_mutex);
|
||||||
out_free:
|
out_free:
|
||||||
free_page((unsigned long) page);
|
free_page((unsigned long) page);
|
||||||
out:
|
out:
|
||||||
|
|
|
@ -29,6 +29,8 @@ extern struct fs_struct init_fs;
|
||||||
.running = 0, \
|
.running = 0, \
|
||||||
.lock = __SPIN_LOCK_UNLOCKED(sig.cputimer.lock), \
|
.lock = __SPIN_LOCK_UNLOCKED(sig.cputimer.lock), \
|
||||||
}, \
|
}, \
|
||||||
|
.cred_guard_mutex = \
|
||||||
|
__MUTEX_INITIALIZER(sig.cred_guard_mutex), \
|
||||||
}
|
}
|
||||||
|
|
||||||
extern struct nsproxy init_nsproxy;
|
extern struct nsproxy init_nsproxy;
|
||||||
|
@ -145,8 +147,6 @@ extern struct cred init_cred;
|
||||||
.group_leader = &tsk, \
|
.group_leader = &tsk, \
|
||||||
RCU_INIT_POINTER(.real_cred, &init_cred), \
|
RCU_INIT_POINTER(.real_cred, &init_cred), \
|
||||||
RCU_INIT_POINTER(.cred, &init_cred), \
|
RCU_INIT_POINTER(.cred, &init_cred), \
|
||||||
.cred_guard_mutex = \
|
|
||||||
__MUTEX_INITIALIZER(tsk.cred_guard_mutex), \
|
|
||||||
.comm = "swapper", \
|
.comm = "swapper", \
|
||||||
.thread = INIT_THREAD, \
|
.thread = INIT_THREAD, \
|
||||||
.fs = &init_fs, \
|
.fs = &init_fs, \
|
||||||
|
|
|
@ -626,6 +626,10 @@ struct signal_struct {
|
||||||
|
|
||||||
int oom_adj; /* OOM kill score adjustment (bit shift) */
|
int oom_adj; /* OOM kill score adjustment (bit shift) */
|
||||||
int oom_score_adj; /* OOM kill score adjustment */
|
int oom_score_adj; /* OOM kill score adjustment */
|
||||||
|
|
||||||
|
struct mutex cred_guard_mutex; /* guard against foreign influences on
|
||||||
|
* credential calculations
|
||||||
|
* (notably. ptrace) */
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Context switch must be unlocked if interrupts are to be enabled */
|
/* Context switch must be unlocked if interrupts are to be enabled */
|
||||||
|
@ -1305,9 +1309,6 @@ struct task_struct {
|
||||||
* credentials (COW) */
|
* credentials (COW) */
|
||||||
const struct cred __rcu *cred; /* effective (overridable) subjective task
|
const struct cred __rcu *cred; /* effective (overridable) subjective task
|
||||||
* credentials (COW) */
|
* credentials (COW) */
|
||||||
struct mutex cred_guard_mutex; /* guard against foreign influences on
|
|
||||||
* credential calculations
|
|
||||||
* (notably. ptrace) */
|
|
||||||
struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
|
struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
|
||||||
|
|
||||||
char comm[TASK_COMM_LEN]; /* executable name excluding path
|
char comm[TASK_COMM_LEN]; /* executable name excluding path
|
||||||
|
|
|
@ -150,7 +150,7 @@ static inline void tracehook_report_syscall_exit(struct pt_regs *regs, int step)
|
||||||
*
|
*
|
||||||
* Return %LSM_UNSAFE_* bits applied to an exec because of tracing.
|
* Return %LSM_UNSAFE_* bits applied to an exec because of tracing.
|
||||||
*
|
*
|
||||||
* @task->cred_guard_mutex is held by the caller through the do_execve().
|
* @task->signal->cred_guard_mutex is held by the caller through the do_execve().
|
||||||
*/
|
*/
|
||||||
static inline int tracehook_unsafe_exec(struct task_struct *task)
|
static inline int tracehook_unsafe_exec(struct task_struct *task)
|
||||||
{
|
{
|
||||||
|
|
|
@ -325,7 +325,7 @@ EXPORT_SYMBOL(prepare_creds);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Prepare credentials for current to perform an execve()
|
* Prepare credentials for current to perform an execve()
|
||||||
* - The caller must hold current->cred_guard_mutex
|
* - The caller must hold ->cred_guard_mutex
|
||||||
*/
|
*/
|
||||||
struct cred *prepare_exec_creds(void)
|
struct cred *prepare_exec_creds(void)
|
||||||
{
|
{
|
||||||
|
@ -384,8 +384,6 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
|
||||||
struct cred *new;
|
struct cred *new;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
mutex_init(&p->cred_guard_mutex);
|
|
||||||
|
|
||||||
if (
|
if (
|
||||||
#ifdef CONFIG_KEYS
|
#ifdef CONFIG_KEYS
|
||||||
!p->cred->thread_keyring &&
|
!p->cred->thread_keyring &&
|
||||||
|
|
|
@ -908,6 +908,8 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
|
||||||
sig->oom_adj = current->signal->oom_adj;
|
sig->oom_adj = current->signal->oom_adj;
|
||||||
sig->oom_score_adj = current->signal->oom_score_adj;
|
sig->oom_score_adj = current->signal->oom_score_adj;
|
||||||
|
|
||||||
|
mutex_init(&sig->cred_guard_mutex);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -181,7 +181,7 @@ int ptrace_attach(struct task_struct *task)
|
||||||
* under ptrace.
|
* under ptrace.
|
||||||
*/
|
*/
|
||||||
retval = -ERESTARTNOINTR;
|
retval = -ERESTARTNOINTR;
|
||||||
if (mutex_lock_interruptible(&task->cred_guard_mutex))
|
if (mutex_lock_interruptible(&task->signal->cred_guard_mutex))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
task_lock(task);
|
task_lock(task);
|
||||||
|
@ -208,7 +208,7 @@ int ptrace_attach(struct task_struct *task)
|
||||||
unlock_tasklist:
|
unlock_tasklist:
|
||||||
write_unlock_irq(&tasklist_lock);
|
write_unlock_irq(&tasklist_lock);
|
||||||
unlock_creds:
|
unlock_creds:
|
||||||
mutex_unlock(&task->cred_guard_mutex);
|
mutex_unlock(&task->signal->cred_guard_mutex);
|
||||||
out:
|
out:
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue