Re: [PATCH] pidfd: Stop taking cred_guard_mutex

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH] pidfd: Stop taking cred_guard_mutex
From: Kees Cook <keescook@xxxxxxxxxxxx>
Date: Wed, 11 Mar 2020 11:49:54 -0700
Cc: Jann Horn <jannh@xxxxxxxxxx>, Christian Brauner <christian.brauner@xxxxxxxxxx>, Bernd Edlinger <bernd.edlinger@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Alexey Dobriyan <adobriyan@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Frederic Weisbecker <frederic@xxxxxxxxxx>, Andrei Vagin <avagin@xxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, "Peter Zijlstra (Intel)" <peterz@xxxxxxxxxxxxx>, Yuyang Du <duyuyang@xxxxxxxxx>, David Hildenbrand <david@xxxxxxxxxx>, Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>, Anshuman Khandual <anshuman.khandual@xxxxxxx>, David Howells <dhowells@xxxxxxxxxx>, James Morris <jamorris@xxxxxxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Shakeel Butt <shakeelb@xxxxxxxxxx>, Jason Gunthorpe <jgg@xxxxxxxx>, Christian Kellner <christian@xxxxxxxxxx>, Andrea Arcangeli <aarcange@xxxxxxxxxx>, Aleksa Sarai <cyphar@xxxxxxxxxx>, "Dmitry V. Levin" <ldv@xxxxxxxxxxxx>, "linux-doc@xxxxxxxxxxxxxxx" <linux-doc@xxxxxxxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-fsdevel@xxxxxxxxxxxxxxx" <linux-fsdevel@xxxxxxxxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, "stable@xxxxxxxxxxxxxxx" <stable@xxxxxxxxxxxxxxx>, "linux-api@xxxxxxxxxxxxxxx" <linux-api@xxxxxxxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Sargun Dhillon <sargun@xxxxxxxxx>
In-reply-to: <87lfo8rkqo.fsf@x220.int.ebiederm.org>

On Tue, Mar 10, 2020 at 03:57:35PM -0500, Eric W. Biederman wrote:
> So ptrace_attach and seccomp use the cred_guard_mutex to guarantee
> a deadlock.

Well, that's the result, but seccomp uses it because it wants to
be certain that credentials and no_new_privs are changed together
"atomically".

-- 
Kees Cook

Follow-Ups:
- [PATCH] pidfd: Use new infrastructure to fix deadlocks in execve
  - From: Bernd Edlinger

References:
- Re: [PATCH v2 3/5] exec: Move cleanup of posix timers on exec out of de_thread
  - From: Eric W. Biederman
- Re: [PATCH v2 3/5] exec: Move cleanup of posix timers on exec out of de_thread
  - From: Christian Brauner
- Re: [PATCH v2 3/5] exec: Move cleanup of posix timers on exec out of de_thread
  - From: Eric W. Biederman
- Re: [PATCH v2 3/5] exec: Move cleanup of posix timers on exec out of de_thread
  - From: Christian Brauner
- [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Eric W. Biederman
- Re: [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Jann Horn
- Re: [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Eric W. Biederman
- Re: [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Jann Horn
- Re: [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Jann Horn
- Re: [PATCH] pidfd: Stop taking cred_guard_mutex
  - From: Eric W. Biederman

Prev by Date: Re: [PATCH] kmod: make request_module() return an error when autoloading is disabled
Next by Date: Re: [PATCH 3/4] mm: docs: Fix a comment in process_vm_rw_core
Previous by thread: Re: [PATCH] pidfd: Stop taking cred_guard_mutex
Next by thread: [PATCH] pidfd: Use new infrastructure to fix deadlocks in execve
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Kernel Development Newbies] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite Hiking] [Linux Kernel] [Linux SCSI]