diff options
author | Oleg Nesterov <oleg@redhat.com> | 2009-09-05 14:17:13 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-09-05 14:30:42 -0400 |
commit | a2a8474c3fff88d8dd52d05cb450563fb26fd26c (patch) | |
tree | 455415da039a77627f47ed19318bb9c8aa17de4d /fs | |
parent | dd5d241ea955006122d76af88af87de73fec25b4 (diff) |
exec: do not sleep in TASK_TRACED under ->cred_guard_mutex
Tom Horsley reports that his debugger hangs when it tries to read
/proc/pid_of_tracee/maps, this happens since
"mm_for_maps: take ->cred_guard_mutex to fix the race with exec"
04b836cbf19e885f8366bccb2e4b0474346c02d
commit in 2.6.31.
But the root of the problem lies in the fact that do_execve() path calls
tracehook_report_exec() which can stop if the tracer sets PT_TRACE_EXEC.
The tracee must not sleep in TASK_TRACED holding this mutex. Even if we
remove ->cred_guard_mutex from mm_for_maps() and proc_pid_attr_write(),
another task doing PTRACE_ATTACH should not hang until it is killed or the
tracee resumes.
With this patch do_execve() does not use ->cred_guard_mutex directly and
we do not hold it throughout, instead:
- introduce prepare_bprm_creds() helper, it locks the mutex
and calls prepare_exec_creds() to initialize bprm->cred.
- install_exec_creds() drops the mutex after commit_creds(),
and thus before tracehook_report_exec()->ptrace_stop().
or, if exec fails,
free_bprm() drops this mutex when bprm->cred != NULL which
indicates install_exec_creds() was not called.
Reported-by: Tom Horsley <tom.horsley@att.net>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: David Howells <dhowells@redhat.com>
Cc: Roland McGrath <roland@redhat.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/compat.c | 17 | ||||
-rw-r--r-- | fs/exec.c | 63 |
2 files changed, 42 insertions, 38 deletions
diff --git a/fs/compat.c b/fs/compat.c index 94502dab972a..6d6f98fe64a0 100644 --- a/fs/compat.c +++ b/fs/compat.c | |||
@@ -1485,20 +1485,15 @@ int compat_do_execve(char * filename, | |||
1485 | if (!bprm) | 1485 | if (!bprm) |
1486 | goto out_files; | 1486 | goto out_files; |
1487 | 1487 | ||
1488 | retval = -ERESTARTNOINTR; | 1488 | retval = prepare_bprm_creds(bprm); |
1489 | if (mutex_lock_interruptible(¤t->cred_guard_mutex)) | 1489 | if (retval) |
1490 | goto out_free; | 1490 | goto out_free; |
1491 | current->in_execve = 1; | ||
1492 | |||
1493 | retval = -ENOMEM; | ||
1494 | bprm->cred = prepare_exec_creds(); | ||
1495 | if (!bprm->cred) | ||
1496 | goto out_unlock; | ||
1497 | 1491 | ||
1498 | retval = check_unsafe_exec(bprm); | 1492 | retval = check_unsafe_exec(bprm); |
1499 | if (retval < 0) | 1493 | if (retval < 0) |
1500 | goto out_unlock; | 1494 | goto out_free; |
1501 | clear_in_exec = retval; | 1495 | clear_in_exec = retval; |
1496 | current->in_execve = 1; | ||
1502 | 1497 | ||
1503 | file = open_exec(filename); | 1498 | file = open_exec(filename); |
1504 | retval = PTR_ERR(file); | 1499 | retval = PTR_ERR(file); |
@@ -1547,7 +1542,6 @@ int compat_do_execve(char * filename, | |||
1547 | /* execve succeeded */ | 1542 | /* execve succeeded */ |
1548 | current->fs->in_exec = 0; | 1543 | current->fs->in_exec = 0; |
1549 | current->in_execve = 0; | 1544 | current->in_execve = 0; |
1550 | mutex_unlock(¤t->cred_guard_mutex); | ||
1551 | acct_update_integrals(current); | 1545 | acct_update_integrals(current); |
1552 | free_bprm(bprm); | 1546 | free_bprm(bprm); |
1553 | if (displaced) | 1547 | if (displaced) |
@@ -1567,10 +1561,7 @@ out_file: | |||
1567 | out_unmark: | 1561 | out_unmark: |
1568 | if (clear_in_exec) | 1562 | if (clear_in_exec) |
1569 | current->fs->in_exec = 0; | 1563 | current->fs->in_exec = 0; |
1570 | |||
1571 | out_unlock: | ||
1572 | current->in_execve = 0; | 1564 | current->in_execve = 0; |
1573 | mutex_unlock(¤t->cred_guard_mutex); | ||
1574 | 1565 | ||
1575 | out_free: | 1566 | out_free: |
1576 | free_bprm(bprm); | 1567 | free_bprm(bprm); |
@@ -1016,6 +1016,35 @@ out: | |||
1016 | EXPORT_SYMBOL(flush_old_exec); | 1016 | EXPORT_SYMBOL(flush_old_exec); |
1017 | 1017 | ||
1018 | /* | 1018 | /* |
1019 | * Prepare credentials and lock ->cred_guard_mutex. | ||
1020 | * install_exec_creds() commits the new creds and drops the lock. | ||
1021 | * Or, if exec fails before, free_bprm() should release ->cred and | ||
1022 | * and unlock. | ||
1023 | */ | ||
1024 | int prepare_bprm_creds(struct linux_binprm *bprm) | ||
1025 | { | ||
1026 | if (mutex_lock_interruptible(¤t->cred_guard_mutex)) | ||
1027 | return -ERESTARTNOINTR; | ||
1028 | |||
1029 | bprm->cred = prepare_exec_creds(); | ||
1030 | if (likely(bprm->cred)) | ||
1031 | return 0; | ||
1032 | |||
1033 | mutex_unlock(¤t->cred_guard_mutex); | ||
1034 | return -ENOMEM; | ||
1035 | } | ||
1036 | |||
1037 | void free_bprm(struct linux_binprm *bprm) | ||
1038 | { | ||
1039 | free_arg_pages(bprm); | ||
1040 | if (bprm->cred) { | ||
1041 | mutex_unlock(¤t->cred_guard_mutex); | ||
1042 | abort_creds(bprm->cred); | ||
1043 | } | ||
1044 | kfree(bprm); | ||
1045 | } | ||
1046 | |||
1047 | /* | ||
1019 | * install the new credentials for this executable | 1048 | * install the new credentials for this executable |
1020 | */ | 1049 | */ |
1021 | void install_exec_creds(struct linux_binprm *bprm) | 1050 | void install_exec_creds(struct linux_binprm *bprm) |
@@ -1024,12 +1053,13 @@ void install_exec_creds(struct linux_binprm *bprm) | |||
1024 | 1053 | ||
1025 | commit_creds(bprm->cred); | 1054 | commit_creds(bprm->cred); |
1026 | bprm->cred = NULL; | 1055 | bprm->cred = NULL; |
1027 | 1056 | /* | |
1028 | /* cred_guard_mutex must be held at least to this point to prevent | 1057 | * cred_guard_mutex must be held at least to this point to prevent |
1029 | * ptrace_attach() from altering our determination of the task's | 1058 | * ptrace_attach() from altering our determination of the task's |
1030 | * credentials; any time after this it may be unlocked */ | 1059 | * credentials; any time after this it may be unlocked. |
1031 | 1060 | */ | |
1032 | security_bprm_committed_creds(bprm); | 1061 | security_bprm_committed_creds(bprm); |
1062 | mutex_unlock(¤t->cred_guard_mutex); | ||
1033 | } | 1063 | } |
1034 | EXPORT_SYMBOL(install_exec_creds); | 1064 | EXPORT_SYMBOL(install_exec_creds); |
1035 | 1065 | ||
@@ -1246,14 +1276,6 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) | |||
1246 | 1276 | ||
1247 | EXPORT_SYMBOL(search_binary_handler); | 1277 | EXPORT_SYMBOL(search_binary_handler); |
1248 | 1278 | ||
1249 | void free_bprm(struct linux_binprm *bprm) | ||
1250 | { | ||
1251 | free_arg_pages(bprm); | ||
1252 | if (bprm->cred) | ||
1253 | abort_creds(bprm->cred); | ||
1254 | kfree(bprm); | ||
1255 | } | ||
1256 | |||
1257 | /* | 1279 | /* |
1258 | * sys_execve() executes a new program. | 1280 | * sys_execve() executes a new program. |
1259 | */ | 1281 | */ |
@@ -1277,20 +1299,15 @@ int do_execve(char * filename, | |||
1277 | if (!bprm) | 1299 | if (!bprm) |
1278 | goto out_files; | 1300 | goto out_files; |
1279 | 1301 | ||
1280 | retval = -ERESTARTNOINTR; | 1302 | retval = prepare_bprm_creds(bprm); |
1281 | if (mutex_lock_interruptible(¤t->cred_guard_mutex)) | 1303 | if (retval) |
1282 | goto out_free; | 1304 | goto out_free; |
1283 | current->in_execve = 1; | ||
1284 | |||
1285 | retval = -ENOMEM; | ||
1286 | bprm->cred = prepare_exec_creds(); | ||
1287 | if (!bprm->cred) | ||
1288 | goto out_unlock; | ||
1289 | 1305 | ||
1290 | retval = check_unsafe_exec(bprm); | 1306 | retval = check_unsafe_exec(bprm); |
1291 | if (retval < 0) | 1307 | if (retval < 0) |
1292 | goto out_unlock; | 1308 | goto out_free; |
1293 | clear_in_exec = retval; | 1309 | clear_in_exec = retval; |
1310 | current->in_execve = 1; | ||
1294 | 1311 | ||
1295 | file = open_exec(filename); | 1312 | file = open_exec(filename); |
1296 | retval = PTR_ERR(file); | 1313 | retval = PTR_ERR(file); |
@@ -1340,7 +1357,6 @@ int do_execve(char * filename, | |||
1340 | /* execve succeeded */ | 1357 | /* execve succeeded */ |
1341 | current->fs->in_exec = 0; | 1358 | current->fs->in_exec = 0; |
1342 | current->in_execve = 0; | 1359 | current->in_execve = 0; |
1343 | mutex_unlock(¤t->cred_guard_mutex); | ||
1344 | acct_update_integrals(current); | 1360 | acct_update_integrals(current); |
1345 | free_bprm(bprm); | 1361 | free_bprm(bprm); |
1346 | if (displaced) | 1362 | if (displaced) |
@@ -1360,10 +1376,7 @@ out_file: | |||
1360 | out_unmark: | 1376 | out_unmark: |
1361 | if (clear_in_exec) | 1377 | if (clear_in_exec) |
1362 | current->fs->in_exec = 0; | 1378 | current->fs->in_exec = 0; |
1363 | |||
1364 | out_unlock: | ||
1365 | current->in_execve = 0; | 1379 | current->in_execve = 0; |
1366 | mutex_unlock(¤t->cred_guard_mutex); | ||
1367 | 1380 | ||
1368 | out_free: | 1381 | out_free: |
1369 | free_bprm(bprm); | 1382 | free_bprm(bprm); |