Bernd, everyone
This is how I think the infrastructure change should look that makes way
for fixing this issue.
- Cleanup and reorder the code so code that can potentially wait
indefinitely for userspace comes at the beginning for flush_old_exec.
- Add a new mutex and take it after we have passed any potential
indefinite waits for userspace.
Then I think it is just going through the existing users of
cred_guard_mutex and fixing them to use the new one.
There really aren't that many users of cred_guard_mutex so we should be
able to get through the easy ones fairly quickly. And anything that
isn't easy we can wait until we have a good fix.
The users of cred_guard_mutex that I saw were:
fs/proc/base.c:
proc_pid_attr_write
do_io_accounting
proc_pid_stack
proc_pid_syscall
proc_pid_personality
perf_event_open
mm_access
kcmp
pidfd_fget
seccomp_set_mode_filter
Bernd I think I have addressed the issues you pointed out in v1.
Please let me know if you see anything else.
Eric W. Biederman (5):
exec: Only compute current once in flush_old_exec
exec: Factor unshare_sighand out of de_thread and call it separately
exec: Move cleanup of posix timers on exec out of de_thread
exec: Move exec_mmap right after de_thread in flush_old_exec
exec: Add a exec_update_mutex to replace cred_guard_mutex
fs/exec.c | 65 ++++++++++++++++++++++++++++++--------------
include/linux/sched/signal.h | 9 +++++-
init/init_task.c | 1 +
kernel/fork.c | 1 +
4 files changed, 54 insertions(+), 22 deletions(-)
