On 3/8/20 10:34 PM, Eric W. Biederman wrote: > > Bernd, everyone > > This is how I think the infrastructure change should look that makes way > for fixing this issue. > > - Cleanup and reorder the code so code that can potentially wait > indefinitely for userspace comes at the beginning for flush_old_exec. > - Add a new mutex and take it after we have passed any potential > indefinite waits for userspace. > > Then I think it is just going through the existing users of > cred_guard_mutex and fixing them to use the new one. > > There really aren't that many users of cred_guard_mutex so we should be > able to get through the easy ones fairly quickly. And anything that > isn't easy we can wait until we have a good fix. > > The users of cred_guard_mutex that I saw were: > fs/proc/base.c: > proc_pid_attr_write > do_io_accounting > proc_pid_stack > proc_pid_syscall > proc_pid_personality > > perf_event_open > mm_access > kcmp > pidfd_fget > seccomp_set_mode_filter > > Bernd I think I have addressed the issues you pointed out in v1. > Please let me know if you see anything else. > Yes, looks good, except some nits. Thanks Bernd.