From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DC1BDC47258 for ; Wed, 24 Jan 2024 00:09:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 489536B0075; Tue, 23 Jan 2024 19:09:17 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4379B6B007E; Tue, 23 Jan 2024 19:09:17 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2B26A8D0001; Tue, 23 Jan 2024 19:09:17 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 13CDB6B0075 for ; Tue, 23 Jan 2024 19:09:17 -0500 (EST) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 811DC1A02CA for ; Wed, 24 Jan 2024 00:09:16 +0000 (UTC) X-FDA: 81712269912.04.713674B Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by imf15.hostedemail.com (Postfix) with ESMTP id 9DA14A0003 for ; Wed, 24 Jan 2024 00:09:14 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=AO27Rs2f; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf15.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.171 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706054954; a=rsa-sha256; cv=none; b=h/UxVO86AsdJR4ad/hmEB5SKcpVx5rNXVJ68Z/nihHO39te3XDxzPOnKlGq7/VScljvq0k uFYihhOH/9DmypDHCeep7Fz36/hDq7uoa6+3PI2IjS/V0+8Szwq11IJLrkJVysCoz0Hrc2 hzAstdraPopRuCtGcQ8wiT3CMajqW2s= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=AO27Rs2f; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf15.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.171 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706054954; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=fi/zj5voHDPYKB6Z7ghbg+VPHgNO2bSCRicH9ZX7KmE=; b=f1lVsKTr3l0EFyN0Jxcwt7D7imXDWkU8RnTvD7LrXer16FnmeK1nNHL9D6GEgFeCH/LGf5 99wyNXO78iaUGqpmoXk4WClR2TwVTlAl/Rp/0kgLN4fG1DyFaD1CZ4krpXAuQ+rEdCWDIk 3oWmak9RRiVIhmNng7RLzYFW1/CgeuM= Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-6dd9f4c0809so14555b3a.0 for ; Tue, 23 Jan 2024 16:09:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1706054953; x=1706659753; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=fi/zj5voHDPYKB6Z7ghbg+VPHgNO2bSCRicH9ZX7KmE=; b=AO27Rs2ffCwgunU4h6i0mlAyaGbpD87jdZ11Pn3+v+kfsVEPwxwAYFMRITzVx6UUYH hC+iNQxGFysAIDABMF4Xa3Ny4xIZaWZ48GfNrQPlKOiLjoQdel/e4986b1sE5RgdzrRC uoQi1LaqbU0sZRSlAOkWr4r1bCiG3EeSKxFP8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706054953; x=1706659753; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=fi/zj5voHDPYKB6Z7ghbg+VPHgNO2bSCRicH9ZX7KmE=; b=h4RUdnNMYUTXy1d4DcjPX0laH9SFl3VUx8Y/VbcwYlmKWZgepWQaMcskm6+VuP7iQB qKejkrspKKIbZl4wW7BaBa1DDiEUh2bJDzngjNpOBlFfgL5LAtIRuxq4Y82Cz6MRvITp oRRaZINvnIJiAQ2h+SkEpTDZOOxgDXZ+iaK4GZkLZB71ckzxAk2JIoCp+WIGO59hpsnO RT3kWXgq5UIPLcZISeOyr0BDW4gWE42igAjOi8KgWaLJKQGs+qVqyo3t6hZof+eibhPM l4py5OpnHZ/aNqTsJnv/UareGNee72rA0S8ExNT8WLFz4FvDiXn+zXG0tfH1HlYEtaQJ 5IwA== X-Gm-Message-State: AOJu0Yzr0xLqfCKEQ7H44yoFlNfp9W1tuaf/JrUT1hZCqoB50Vpu5mVy lmF9s+VDoi5zbEnHgD6p2CkMUUB3GRO/ELoRZcK8OUUKMm/JHMSbYMo7bMoJXQ== X-Google-Smtp-Source: AGHT+IF/Rcc9ZWVa1OawRmGE1bBUza9XGJben23P16mFFKh9P3lRowBvA2V6yqh/hwNbfps8sMV1fg== X-Received: by 2002:a05:6a00:138b:b0:6dd:8891:81ef with SMTP id t11-20020a056a00138b00b006dd889181efmr407925pfg.43.1706054953404; Tue, 23 Jan 2024 16:09:13 -0800 (PST) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id r22-20020aa78456000000b006dd7f7b880bsm1841242pfn.133.2024.01.23.16.09.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jan 2024 16:09:12 -0800 (PST) Date: Tue, 23 Jan 2024 16:09:12 -0800 From: Kees Cook To: Bernd Edlinger Cc: Oleg Nesterov , Alexander Viro , Alexey Dobriyan , Andy Lutomirski , Will Drewry , Christian Brauner , Andrew Morton , Michal Hocko , Serge Hallyn , James Morris , Randy Dunlap , Suren Baghdasaryan , Yafang Shao , Helge Deller , "Eric W. Biederman" , Adrian Reber , Thomas Gleixner , Jens Axboe , Alexei Starovoitov , "linux-fsdevel@vger.kernel.org" , "linux-kernel@vger.kernel.org" , linux-kselftest@vger.kernel.org, linux-mm@kvack.org, tiozhang , Luis Chamberlain , "Paulo Alcantara (SUSE)" , Sergey Senozhatsky , Frederic Weisbecker , YueHaibing , Paul Moore , Aleksa Sarai , Stefan Roesch , Chao Yu , xu xin , Jeff Layton , Jan Kara , David Hildenbrand , Dave Chinner , Shuah Khan , Zheng Yejian , Elena Reshetova , David Windsor , Mateusz Guzik , Ard Biesheuvel , "Joel Fernandes (Google)" , "Matthew Wilcox (Oracle)" , Hans Liljestrand Subject: Re: [PATCH v14] exec: Fix dead-lock in de_thread with ptrace_attach Message-ID: <202401231555.59B7EDBB2@keescook> References: <20240116152210.GA12342@redhat.com> <20240117163739.GA32526@redhat.com> <202401221328.5E7A82C32@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 9DA14A0003 X-Stat-Signature: 9cfu5zcc1ikujdsfen6e6rty6wic5ioc X-HE-Tag: 1706054954-813224 X-HE-Meta: U2FsdGVkX19WQp9ZJVk5AN23Y0OXG2olRWvd0UkCj9jOo42ku0mSsGxTaHOYiy+Ug51PQJAg0QvcWcAIbIOnhr2cEdiO4MkVNcljAXj2CQaQBxg+chUgDlagcpvcTPOeqyt9BrqsPWst4N67nJmY4MjBbYK+FqrCnxku2R3ldiyvSErVV1Uosc0cDuIdSe8U8hrS7Zp4Id2kPcX1QGSWE0dxyzwx8eswcka+QqNjvX68TP44nQ7L/A12AILEA7KIrb1+TSvizFZ5gdmTb8r3dW2G9a5djnItvxIotIcHUdAY/ICebN0r+7UM17x0qHUCXoH4MpfyHtCgEdxpgneQ4QEHVnXQhIMkriHp9AScJNGs/mHc+IVRUsQcGAKVUnb1BqB4ZwmeA6w31JlDYNtQ9vQeaCFEPVzyrOS1AobkUlKvkMlarSgWs9go2vLLKIKBkZHA+tytzhYV5FaO/ig7o/wWXzr/D821axrX/3a1CYeDowEmoYivp95MFUzfswEfWB76lz/2vXNm5hA9nJplFE1fMWZ23BuVehCYEUnlc8maYtiMoouVzxy8n911Vnl4/GcDwAZu9b+bjjEIYX3xn0QTk373zPkmJwC/5A2pa6zbfrJ033m0Cvqe3q0IKIvdSlp1WdXlB/nhP+NPk8thA1PyqWDLoMht2IAjeKSfDknUnbK4BAp50ScBPDMIqBpA6CQPbzirtH6QfhKlXcOaUJ4LNKNeAU6l9uO2FU/1/Y8TKcHl3xNNoSLGd7NPz+7ih1fEGjpJ1P7fFDXruQRu111sy+3Jg/D7+QQuIjBKYDsMxC8bj9iWYnZMZamM543vBBfGso1FRz1TOcw1sxTFmBtuMB/NW6dnwUU5w/15HgxAQy6o9ylUoDAzknhM7okvqRhKj2CyV/8ObIh1v5KU0ZfV4i9V2Qc959ayZZawhBZmnSp3kD2m2pVRL7fJKRDlCF8vdQsZdRNhWIt2Ia6 Ds3Fy8N6 m6hb2qg7BzCFnfA8Nk5cgIjuOF+3cEQXz+GNgCsfwgmU+Z0IOob1Z1j0FnB1C0EvnqdqXhIRlPfyx3DHnurOlnzhNM+XiGaKEP53++ZyK/VeywDMhJGsDmR9WR7ZGi2pS9ur959km/gmbdih534bdm1Fa8W09P76OwcD7HJ7N54KoI31KWqOYe8Ffks9x1YUv6JiPTft7hLwdW3NG9GBRS3zgGqKS86xKN4KeQefOxvBte2/OnRIWgOLMLJHI4OlAIsVJnAc8qSa0s1hm/HdORqR4obkuek6BB/3NBO5H8ID/OarHHUEEymBsrL1+cK7aLDlG+bqweGsjyQrNhCtWT6COS2djHyer9kCHm6lzyfRDfI0WfSht09DpJiuQlft6pjQ/GBIs2FXvMX6lLolZzW3Dc9RM7/Y3RoB2oiI6249xKZH+OHmZ09+iFKrgz6IqlykUlCsOZX0o+Kuge7qcFKkkLn+qsTANjIrEzobOG63nzAez2CFleGD3Te43OdDVNaQm X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jan 23, 2024 at 07:30:52PM +0100, Bernd Edlinger wrote: > - Currently a non-privileged program can potentially send such a privileged > tracer into a deadlock. > - With the alternative patch below that non-privileged can no longer send the > tracer into a deadlock, but it can still quickly escape out of the tracer's > control. > - But with my latest patch a sufficiently privileged tracer can neither be > sent into a deadlock nor can the attached process escape. Mission completed. Thanks for the details. And it would be pretty unfriendly to fail the execve() too (or, rather, it makes the execve failure unpredictable). I'll keep reading your patch... -- Kees Cook