On Wed, Nov 02, 2016 at 07:38:26PM +0100, Oleg Nesterov wrote: > On 11/01, Linus Torvalds wrote: > > > > Oleg, you're really the obvious maintainer choice at least for some of > > this, > > Well. I still disagree with 1/8, I think we need to fix and cleanup > the usage of cred_guard_mutex we already have. And to me the additional > complications added by, say, 4/8 make no sense, we can make a much more > simple change to avoid this leak "in practice". > > But. I never pretended I understand the security problems. So I won't > really argue with these changes. No, I think it's good that you make me think about this stuff properly. And I do sometimes get overzealous with trying to do thing "completely correctly". See the mail I sent earlier today for my opinion on the deadlocking potential related to 1/8. Basically, I think that my patch doesn't make things worse and makes subsequent cleanup work, which should fix most of the current deadlocking trouble, easier. I think that the remaining edcecase (concurrent PTRACE_ATTACH and execve) would be at least hard to fix, maybe even unfixable without API changes. If anyone has ideas on how we could completely prevent userspace from deadlocking itself there without changing the ABI, please speak up. Does that make sense? If so, do you want a cred_guard_mutex->cred_guard_light conversion in this series or afterwards? Regarding 4/8, see the other message I just sent.
Attachment:
signature.asc
Description: Digital signature
