On Thu, Apr 6, 2017 at 8:55 AM, Oleg Nesterov <oleg@xxxxxxxxxx> wrote: > And this makes me think again that we need to restart this discusion with > more CC's. I'm a fan of that; I've not been able to follow this thread as it seems to have gone far from the original deadlock problem. :) I've seen issues with ptrace, zombies, and now exec. I'm lost. :P >> Partly I object because your understanding and my understanding of >> cred_guard_mutex are very different. >> >> As I read and understand the code the job of cred_guard_mutex is to keep >> ptrace (and other threads of the proccess) from interferring in >> exec and to ensure old resources are accessed with permission checks >> using our original credentials and that new and modified resources are >> accessed with permission checks using our new credentials. > > Yes, this is clear. Maybe stupid idea: can we get a patch that just adds this kind of documentation somewhere in the source? If we can agree on the purpose of cred_guard_mutex, and get it into the code, that seems like a good step in discussion... -Kees -- Kees Cook Pixel Security -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
