Re: [PATCH] pidfd: Stop taking cred_guard_mutex

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Subject: Re: [PATCH] pidfd: Stop taking cred_guard_mutex
From: Kees Cook <keescook@xxxxxxxxxxxx>
Date: Wed, 11 Mar 2020 11:49:54 -0700
Cc: Jann Horn <jannh@xxxxxxxxxx>, Christian Brauner <christian.brauner@xxxxxxxxxx>, Bernd Edlinger <bernd.edlinger@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Alexey Dobriyan <adobriyan@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Frederic Weisbecker <frederic@xxxxxxxxxx>, Andrei Vagin <avagin@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, "Peter Zijlstra (Intel)" <peterz@xxxxxxxxxxxxx>, Yuyang Du <duyuyang@xxxxxxxxx>, David Hildenbrand <david@xxxxxxxxxx>, Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>, Anshuman Khandual <anshuman.khandual@xxxxxxx>, David Howells <dhowells@xxxxxxxxxx>, James Morris <jamorris@xxxxxxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Shakeel Butt <shakeelb@xxxxxxxxxx>, Jason Gunthorpe <jgg@xxxxxxxx>, Christian Kellner <christian@xxxxxxxxxx>, Andrea Arcangeli <aarcange@xxxxxxxxxx>, Aleksa Sarai <cyphar@xxxxxxxxxx>, "Dmitry V. Levin" <ldv@xxxxxxxxxxxx>, "linux-doc@xxxxxxxxxxxxxxx" <linux-doc@xxxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-fsdevel@xxxxxxxxxxxxxxx" <linux-fsdevel@xxxxxxxxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, "stable@xxxxxxxxxxxxxxx" <stable@xxxxxxxxxxxxxxx>, "linux-api@xxxxxxxxxxxxxxx" <linux-api@xxxxxxxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Sargun Dhillon <sargun@xxxxxxxxx>
In-reply-to: <87lfo8rkqo.fsf@x220.int.ebiederm.org>
References: <877dztz415.fsf@x220.int.ebiederm.org> <20200309201729.yk5sd26v4bz4gtou@wittgenstein> <87k13txnig.fsf@x220.int.ebiederm.org> <20200310085540.pztaty2mj62xt2nm@wittgenstein> <87wo7svy96.fsf_-_@x220.int.ebiederm.org> <CAG48ez2cUZMVOAXfHPNjKjYsMSaWkjUjOCHo0KYZ+oXQUW4viA@mail.gmail.com> <87k13sui1p.fsf@x220.int.ebiederm.org> <CAG48ez2vRgaEVJ=Rs8gn6HkGO6syL8MpSOUq7BNN+OUE1uYxCA@mail.gmail.com> <CAG48ez1LjW1xAGe-5tNtstCWxG2bkiHaQUMOcJNjx=z-2Wc2Jw@mail.gmail.com> <87lfo8rkqo.fsf@x220.int.ebiederm.org>

On Tue, Mar 10, 2020 at 03:57:35PM -0500, Eric W. Biederman wrote:
> So ptrace_attach and seccomp use the cred_guard_mutex to guarantee
> a deadlock.

Well, that's the result, but seccomp uses it because it wants to
be certain that credentials and no_new_privs are changed together
"atomically".

-- 
Kees Cook

Follow-Ups:
- [PATCH] pidfd: Use new infrastructure to fix deadlocks in execve
  - From: Bernd Edlinger

References:
- Re: [PATCH v2 3/5] exec: Move cleanup of posix timers on exec out of de_thread
  - From: Eric W. Biederman
- Re: [PATCH v2 3/5] exec: Move cleanup of posix timers on exec out of de_thread
  - From: Christian Brauner
- Re: [PATCH v2 3/5] exec: Move cleanup of posix timers on exec out of de_thread
  - From: Eric W. Biederman
- Re: [PATCH v2 3/5] exec: Move cleanup of posix timers on exec out of de_thread
  - From: Christian Brauner
- [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Eric W. Biederman
- Re: [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Jann Horn
- Re: [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Eric W. Biederman
- Re: [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Jann Horn
- Re: [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Jann Horn
- Re: [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Eric W. Biederman

Prev by Date: [PATCH] mm/vmscan: add vm_swappiness configuration knobs
Next by Date: Re: [PATCH 3/4] mm: docs: Fix a comment in process_vm_rw_core
Previous by thread: Re: [PATCH] pidfd: Stop taking cred_guard_mutex
Next by thread: [PATCH] pidfd: Use new infrastructure to fix deadlocks in execve
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Linux FS] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper] [Linux Resources]