signals: move cred_guard_mutex from task_struct to signal_struct

Oleg Nesterov pointed out we have to prevent multiple-threads-inside-exec
itself and we can reuse ->cred_guard_mutex for it.  Yes, concurrent
execve() has no worth.

Let's move ->cred_guard_mutex from task_struct to signal_struct.  It
naturally prevent multiple-threads-inside-exec.

Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Roland McGrath <roland@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
KOSAKI Motohiro 2010-10-27 15:34:08 -07:00 committed by Linus Torvalds
parent b840115083
commit 9b1bf12d5d
8 changed files with 21 additions and 20 deletions

View file

@ -1083,14 +1083,14 @@ EXPORT_SYMBOL(setup_new_exec);
*/ */
int prepare_bprm_creds(struct linux_binprm *bprm) int prepare_bprm_creds(struct linux_binprm *bprm)
{ {
if (mutex_lock_interruptible(&current->cred_guard_mutex)) if (mutex_lock_interruptible(&current->signal->cred_guard_mutex))
return -ERESTARTNOINTR; return -ERESTARTNOINTR;
bprm->cred = prepare_exec_creds(); bprm->cred = prepare_exec_creds();
if (likely(bprm->cred)) if (likely(bprm->cred))
return 0; return 0;
mutex_unlock(&current->cred_guard_mutex); mutex_unlock(&current->signal->cred_guard_mutex);
return -ENOMEM; return -ENOMEM;
} }
@ -1098,7 +1098,7 @@ void free_bprm(struct linux_binprm *bprm)
{ {
free_arg_pages(bprm); free_arg_pages(bprm);
if (bprm->cred) { if (bprm->cred) {
mutex_unlock(&current->cred_guard_mutex); mutex_unlock(&current->signal->cred_guard_mutex);
abort_creds(bprm->cred); abort_creds(bprm->cred);
} }
kfree(bprm); kfree(bprm);
@ -1119,13 +1119,13 @@ void install_exec_creds(struct linux_binprm *bprm)
* credentials; any time after this it may be unlocked. * credentials; any time after this it may be unlocked.
*/ */
security_bprm_committed_creds(bprm); security_bprm_committed_creds(bprm);
mutex_unlock(&current->cred_guard_mutex); mutex_unlock(&current->signal->cred_guard_mutex);
} }
EXPORT_SYMBOL(install_exec_creds); EXPORT_SYMBOL(install_exec_creds);
/* /*
* determine how safe it is to execute the proposed program * determine how safe it is to execute the proposed program
* - the caller must hold current->cred_guard_mutex to protect against * - the caller must hold ->cred_guard_mutex to protect against
* PTRACE_ATTACH * PTRACE_ATTACH
*/ */
int check_unsafe_exec(struct linux_binprm *bprm) int check_unsafe_exec(struct linux_binprm *bprm)

View file

@ -226,7 +226,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
{ {
struct mm_struct *mm; struct mm_struct *mm;
if (mutex_lock_killable(&task->cred_guard_mutex)) if (mutex_lock_killable(&task->signal->cred_guard_mutex))
return NULL; return NULL;
mm = get_task_mm(task); mm = get_task_mm(task);
@ -235,7 +235,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
mmput(mm); mmput(mm);
mm = NULL; mm = NULL;
} }
mutex_unlock(&task->cred_guard_mutex); mutex_unlock(&task->signal->cred_guard_mutex);
return mm; return mm;
} }
@ -2354,14 +2354,14 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
goto out_free; goto out_free;
/* Guard against adverse ptrace interaction */ /* Guard against adverse ptrace interaction */
length = mutex_lock_interruptible(&task->cred_guard_mutex); length = mutex_lock_interruptible(&task->signal->cred_guard_mutex);
if (length < 0) if (length < 0)
goto out_free; goto out_free;
length = security_setprocattr(task, length = security_setprocattr(task,
(char*)file->f_path.dentry->d_name.name, (char*)file->f_path.dentry->d_name.name,
(void*)page, count); (void*)page, count);
mutex_unlock(&task->cred_guard_mutex); mutex_unlock(&task->signal->cred_guard_mutex);
out_free: out_free:
free_page((unsigned long) page); free_page((unsigned long) page);
out: out:

View file

@ -29,6 +29,8 @@ extern struct fs_struct init_fs;
.running = 0, \ .running = 0, \
.lock = __SPIN_LOCK_UNLOCKED(sig.cputimer.lock), \ .lock = __SPIN_LOCK_UNLOCKED(sig.cputimer.lock), \
}, \ }, \
.cred_guard_mutex = \
__MUTEX_INITIALIZER(sig.cred_guard_mutex), \
} }
extern struct nsproxy init_nsproxy; extern struct nsproxy init_nsproxy;
@ -145,8 +147,6 @@ extern struct cred init_cred;
.group_leader = &tsk, \ .group_leader = &tsk, \
RCU_INIT_POINTER(.real_cred, &init_cred), \ RCU_INIT_POINTER(.real_cred, &init_cred), \
RCU_INIT_POINTER(.cred, &init_cred), \ RCU_INIT_POINTER(.cred, &init_cred), \
.cred_guard_mutex = \
__MUTEX_INITIALIZER(tsk.cred_guard_mutex), \
.comm = "swapper", \ .comm = "swapper", \
.thread = INIT_THREAD, \ .thread = INIT_THREAD, \
.fs = &init_fs, \ .fs = &init_fs, \

View file

@ -626,6 +626,10 @@ struct signal_struct {
int oom_adj; /* OOM kill score adjustment (bit shift) */ int oom_adj; /* OOM kill score adjustment (bit shift) */
int oom_score_adj; /* OOM kill score adjustment */ int oom_score_adj; /* OOM kill score adjustment */
struct mutex cred_guard_mutex; /* guard against foreign influences on
* credential calculations
* (notably. ptrace) */
}; };
/* Context switch must be unlocked if interrupts are to be enabled */ /* Context switch must be unlocked if interrupts are to be enabled */
@ -1305,9 +1309,6 @@ struct task_struct {
* credentials (COW) */ * credentials (COW) */
const struct cred __rcu *cred; /* effective (overridable) subjective task const struct cred __rcu *cred; /* effective (overridable) subjective task
* credentials (COW) */ * credentials (COW) */
struct mutex cred_guard_mutex; /* guard against foreign influences on
* credential calculations
* (notably. ptrace) */
struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */ struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
char comm[TASK_COMM_LEN]; /* executable name excluding path char comm[TASK_COMM_LEN]; /* executable name excluding path

View file

@ -150,7 +150,7 @@ static inline void tracehook_report_syscall_exit(struct pt_regs *regs, int step)
* *
* Return %LSM_UNSAFE_* bits applied to an exec because of tracing. * Return %LSM_UNSAFE_* bits applied to an exec because of tracing.
* *
* @task->cred_guard_mutex is held by the caller through the do_execve(). * @task->signal->cred_guard_mutex is held by the caller through the do_execve().
*/ */
static inline int tracehook_unsafe_exec(struct task_struct *task) static inline int tracehook_unsafe_exec(struct task_struct *task)
{ {

View file

@ -325,7 +325,7 @@ EXPORT_SYMBOL(prepare_creds);
/* /*
* Prepare credentials for current to perform an execve() * Prepare credentials for current to perform an execve()
* - The caller must hold current->cred_guard_mutex * - The caller must hold ->cred_guard_mutex
*/ */
struct cred *prepare_exec_creds(void) struct cred *prepare_exec_creds(void)
{ {
@ -384,8 +384,6 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
struct cred *new; struct cred *new;
int ret; int ret;
mutex_init(&p->cred_guard_mutex);
if ( if (
#ifdef CONFIG_KEYS #ifdef CONFIG_KEYS
!p->cred->thread_keyring && !p->cred->thread_keyring &&

View file

@ -908,6 +908,8 @@ static int copy_signal(unsigned long clone_flags, struct task_struct *tsk)
sig->oom_adj = current->signal->oom_adj; sig->oom_adj = current->signal->oom_adj;
sig->oom_score_adj = current->signal->oom_score_adj; sig->oom_score_adj = current->signal->oom_score_adj;
mutex_init(&sig->cred_guard_mutex);
return 0; return 0;
} }

View file

@ -181,7 +181,7 @@ int ptrace_attach(struct task_struct *task)
* under ptrace. * under ptrace.
*/ */
retval = -ERESTARTNOINTR; retval = -ERESTARTNOINTR;
if (mutex_lock_interruptible(&task->cred_guard_mutex)) if (mutex_lock_interruptible(&task->signal->cred_guard_mutex))
goto out; goto out;
task_lock(task); task_lock(task);
@ -208,7 +208,7 @@ int ptrace_attach(struct task_struct *task)
unlock_tasklist: unlock_tasklist:
write_unlock_irq(&tasklist_lock); write_unlock_irq(&tasklist_lock);
unlock_creds: unlock_creds:
mutex_unlock(&task->cred_guard_mutex); mutex_unlock(&task->signal->cred_guard_mutex);
out: out:
return retval; return retval;
} }