Signed-off-by: Stefan Metzmacher <metze@xxxxxxxxx>
---
fs/proc/base.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 6e04278de582..7177e92790c4 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1665,6 +1665,7 @@ static ssize_t comm_write(struct file *file, const char __user *buf,
size_t count, loff_t *offset)
{
struct inode *inode = file_inode(file);
+ bool is_same_tgroup = false;
struct task_struct *p;
char buffer[TASK_COMM_LEN];
const size_t maxlen = sizeof(buffer) - 1;
@@ -1677,7 +1678,10 @@ static ssize_t comm_write(struct file *file, const char __user *buf,
if (!p)
return -ESRCH;
- if (same_thread_group(current, p))
+ if (!(p->flags & PF_IO_WORKER))
+ is_same_tgroup = same_thread_group(current, p);
+
+ if (is_same_tgroup)
set_task_comm(p, buffer);
else
count = -EINVAL;
@@ -1822,7 +1826,7 @@ void task_dump_owner(struct task_struct *task, umode_t mode,
kuid_t uid;
kgid_t gid;
- if (unlikely(task->flags & PF_KTHREAD)) {
+ if (unlikely(task->flags & (PF_KTHREAD | PF_IO_WORKER))) {
*ruid = GLOBAL_ROOT_UID;
*rgid = GLOBAL_ROOT_GID;
return;
@@ -3478,19 +3482,22 @@ int proc_pid_readdir(struct file *file, struct dir_context *ctx)
static int proc_tid_comm_permission(struct user_namespace *mnt_userns,
struct inode *inode, int mask)
{
- bool is_same_tgroup;
+ bool is_same_tgroup = false;
struct task_struct *task;
task = get_proc_task(inode);
if (!task)
return -ESRCH;
- is_same_tgroup = same_thread_group(current, task);
+ if (!(task->flags & PF_IO_WORKER))
+ is_same_tgroup = same_thread_group(current, task);
put_task_struct(task);
if (likely(is_same_tgroup && !(mask & MAY_EXEC))) {
/* This file (/proc/<pid>/task/<tid>/comm) can always be
* read or written by the members of the corresponding
* thread group.
+ *
+ * But we exclude PF_IO_WORKER kernel threads.
*/
return 0;
}
--
2.25.1
