From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E1A2C35FFC for ; Sat, 22 Mar 2025 18:50:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 503B6280002; Sat, 22 Mar 2025 14:50:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 48F5E280001; Sat, 22 Mar 2025 14:50:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 354D3280002; Sat, 22 Mar 2025 14:50:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 15D0B280001 for ; Sat, 22 Mar 2025 14:50:12 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 2B90112184F for ; Sat, 22 Mar 2025 18:50:13 +0000 (UTC) X-FDA: 83250077106.22.05DD816 Received: from zeniv.linux.org.uk (zeniv.linux.org.uk [62.89.141.173]) by imf10.hostedemail.com (Postfix) with ESMTP id 3A848C000A for ; Sat, 22 Mar 2025 18:50:10 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=linux.org.uk header.s=zeniv-20220401 header.b=uHZBgJ6g; dmarc=pass (policy=none) header.from=zeniv.linux.org.uk; spf=none (imf10.hostedemail.com: domain of viro@ftp.linux.org.uk has no SPF policy when checking 62.89.141.173) smtp.mailfrom=viro@ftp.linux.org.uk ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742669411; a=rsa-sha256; cv=none; b=VMHizqwDCIwhRrLh7q1GyPNGKzdMVPWOY11yoUgrxcB7yAdRHypGXeeOmgmmQEGJh03q3V Zxr896S4x7fsmlcFFmGMsNO4EHDQlfd3cSUtBiwsD3t1ZAkM/MtP5Y+/kPmu6dkS3+QEWf Uu1Z38bxefKQQlOE9KpAnlnfdbOw3CY= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=linux.org.uk header.s=zeniv-20220401 header.b=uHZBgJ6g; dmarc=pass (policy=none) header.from=zeniv.linux.org.uk; spf=none (imf10.hostedemail.com: domain of viro@ftp.linux.org.uk has no SPF policy when checking 62.89.141.173) smtp.mailfrom=viro@ftp.linux.org.uk ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742669411; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=evrD2WzzdcfxRSNM86L9mGBkJPWGxOadsbgzB06kx4g=; b=jaZ39oPeis5fhMdScALb5xxbhXFBpLQlA2sPEFrG7jPjY8MktApv73xCq3zM74gPhkXiwV 5F3lB6lyL/7jXoUjan1j+Xc4fdLjQ9Vo1GEVbCwHbEhGJctiGRKFyJ0CraInstzOa8sOZT /J4LnC4zF4+Z02shww+7J61aiHidz4o= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=linux.org.uk; s=zeniv-20220401; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=evrD2WzzdcfxRSNM86L9mGBkJPWGxOadsbgzB06kx4g=; b=uHZBgJ6gQktbtDyiVwgnJh34ak tc/iPGmhmaAsm1pkN0p2oWeSUXoudOw0H83eENhUMP2lZQ211V04PQySXOKS7BvMMujN5GW7AR3rg UBcET1vSQInsfH03x/m0GQBd/bG/JFo6IbGduNgDon3e4D5oVwI5qzKXh02yMMdAviBSDeczLKroJ pfjfbuwcsPL8bV6UrDUOl49Tx87g3+ejCxFf/YLB6qYRPeq5vakgw/cppZyXvMtyokIpH3khS89k+ 1O9QoMfi3CwJ/IvPDaAjiKzAtQLNpWzCAPdHg9ZaKADHTALiHy0ujeBOTXm/kEQ53DNeRiGNtcnn/ HTpNH4hA==; Received: from viro by zeniv.linux.org.uk with local (Exim 4.98.1 #2 (Red Hat Linux)) id 1tw3v5-0000000EGEA-26gQ; Sat, 22 Mar 2025 18:50:07 +0000 Date: Sat, 22 Mar 2025 18:50:07 +0000 From: Al Viro To: Oleg Nesterov Cc: Christian Brauner , Kees Cook , jack@suse.cz, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, syzbot Subject: Re: [syzbot] [fs?] [mm?] KCSAN: data-race in bprm_execve / copy_fs (4) Message-ID: <20250322185007.GI2023217@ZenIV> References: <67dc67f0.050a0220.25ae54.001f.GAE@google.com> <202503201225.92C5F5FB1@keescook> <20250321-abdecken-infomaterial-2f373f8e3b3c@brauner> <20250322010008.GG2023217@ZenIV> <20250322155538.GA16736@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250322155538.GA16736@redhat.com> X-Rspamd-Queue-Id: 3A848C000A X-Stat-Signature: nkckyzihfmrx68tm4mjfxzwqwe3zbit4 X-Rspam-User: X-Rspamd-Server: rspam06 X-HE-Tag: 1742669410-208180 X-HE-Meta: U2FsdGVkX1/vdGabfc5h3VOCAm686oTX9juRXaNIZ7OSuM++LQ/p9AnBsP6M3Stc9lpu6exPfWmbQ5KiudzBpzAhkERYpQZ/mzJFfZeKBzcifvh0MDzbIGLYnHq/iM7DAr7ILBHfPZr5j3pLf+hx39teUni+ww9UIw2jJZ7EunIyPeVF/B03cCH79eyJDdevSawd79f7Yiv3cFjxZ5jTKNMmvOgw4YKxy+o9L3tDAR2sQgA/FQdX9GmUA1zf5+5f6Lr3eNqELH+d1CYMqI8smtR43fmZwfBwU4QYBozrKGF0Fg86YIy5fgqlSvidWmvAGab+sYS+G4DyaM8GhCT8zXCPHmWGzjPziAT9npmMH87XfmBLzgfnH9ancqAaOmK7HFXL8tEqRM1ow1lRL4eL3B2O+YGpUNB54n29yzejrO+GXdfiYlb+LrMCBPIfUlFN4yICe4Wkml5ex3I5FY5HncMd9KwhTwGrSmX6Ax/mG6byGrB90dR1EhYGNSADInYdNuYpMcRyIuMIK5TfETO0qNSs1sKoKJ73WD5/KVoj7z5ZvAFG7zRZ8wWvc0lkCR11K+EaaWxnPeICTy8eLo3gkQXOuWAtCpENiabHe8aSDTONSM8Cit7tKug1XnuhhcLLBsiZJQHb3mlx1RKpbN4gDTHjzzsOEo0O3DRo0J3Jje7QdGuZuuo3FqwaGpLQqbEx430tlLxCuCKv7Bry/o+vlIho1JL+qiAflGvQLPRqVSbKYh7dcNOj90pMoGG5ykiOj/QcUA2gLoHI6I7vBSr9RJxGpXQna1idrOIRdDs0A2vFl6/qbUiMmaqZC2WMPKUBqBH0HbcrsBCni2zyRVgsgTESRc9zlUA+QS9CL6DRQHVuwxQ/uKQ+uJbr3s3ep+d6ksOtE0ATYreK5Mo10+NgvLqD4pXDNVE1EZv9xt1nnC4TXSTEyPl/AREyCVn5QTGXkiWdix/r8aKqdQktoTc iTbTgnRw wK/MizWio6YyrifOjtbEcPllYesexEUmxYshLkO5zvewC9h98RmVlcDUfVFOrxAs9IqgYwBq4j3wXZhBIB4emYrJzJ/tjFC00omAagpPsJLzoSoH8RWwSk4CRLjXRplOISnSeXxE7OFtPimi7Ky+M5OgPRgYkmnt1EdsxEyQdqB+1Sopl2olswf2dhOULRqcUHMzpWlTfTDUvoNntc2fvQMpoplYO2JwRXBcsPIOUdYF0kmFvQH9ykPdP3lUzyH/knixB1GaulH2NWJtDGkqwrJZkUB+ryQTYryOYIckpqe5R71odlscZLohgsgdM3YcBDBTaQdjJtjFTz0NtrL89fDtvImGvQ+f3RTrZ+VBHY8Yq/35s6XSDXsUlmce0aZnOhwrB/pQvggxPxl+jr1lQGf9V5VQHr+2nBXAWo0rPLa3Fnwoa53xtAcZIG0D8KNrZNOygrhlfLMk8TShP6zyeqGvBExP0XFfT/eFpb4S506fIQO2h6eC6EBYMSG9ccsD39uleI2M+UiBzU4YsRCgOhhye7Dd8ECtkTmNgET4x8iD5DVpt1LqIZwSjsO/xBy4AF/GfF/mzNCLb7ItRrL1kyzmOz76bsvCOkY5Y82CsLRbkLi7U8GdA1ZUfWQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000072, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Mar 22, 2025 at 04:55:39PM +0100, Oleg Nesterov wrote: > No, check_unsafe_execve() is called with cred_guard_mutex held, > see prepare_bprm_creds() Point... > > 3) A calls exec_binprm(), fails (bad binary) > > 4) A clears ->in_exec > > So (2) can only happen after A fails and drops cred_guard_mutex. > > And this means that we just need to ensure that ->in_exec is cleared > before this mutex is dropped, no? Something like below? Probably should work, but I wonder if it would be cleaner to have ->in_exec replaced with pointer to task_struct responsible. Not "somebody with that fs_struct for ->fs is trying to do execve(), has verified that nothing outside of their threads is using this and had been holding ->signal->cred_guard_mutex ever since then", but "this is the thread that..."