From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=2lSW=4T=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DB088C3F2CD
	for <linux-mm@archiver.kernel.org>; Mon,  2 Mar 2020 16:19:48 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 8A257217F4
	for <linux-mm@archiver.kernel.org>; Mon,  2 Mar 2020 16:19:48 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8A257217F4
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=xmission.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id EC87E6B0006; Mon,  2 Mar 2020 11:19:47 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id E51B66B0007; Mon,  2 Mar 2020 11:19:47 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id CF1536B0008; Mon,  2 Mar 2020 11:19:47 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0086.hostedemail.com [216.40.44.86])
	by kanga.kvack.org (Postfix) with ESMTP id B653D6B0006
	for <linux-mm@kvack.org>; Mon,  2 Mar 2020 11:19:47 -0500 (EST)
Received: from smtpin12.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 4EACE2D225
	for <linux-mm@kvack.org>; Mon,  2 Mar 2020 16:19:47 +0000 (UTC)
X-FDA: 76550933214.12.power07_8f9166d4a2f0b
X-HE-Tag: power07_8f9166d4a2f0b
X-Filterd-Recvd-Size: 7277
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
	by imf18.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon,  2 Mar 2020 16:19:46 +0000 (UTC)
Received: from in02.mta.xmission.com ([166.70.13.52])
	by out02.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.90_1)
	(envelope-from <ebiederm@xmission.com>)
	id 1j8nnD-0001jz-MG; Mon, 02 Mar 2020 09:19:43 -0700
Received: from ip68-227-160-95.om.om.cox.net ([68.227.160.95] helo=x220.xmission.com)
	by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.87)
	(envelope-from <ebiederm@xmission.com>)
	id 1j8nnC-0000UA-Vb; Mon, 02 Mar 2020 09:19:43 -0700
From: ebiederm@xmission.com (Eric W. Biederman)
To: Bernd Edlinger <bernd.edlinger@hotmail.de>
Cc: Jann Horn <jannh@google.com>,  Christian Brauner
 <christian.brauner@ubuntu.com>,  Jonathan Corbet <corbet@lwn.net>,
  Alexander Viro <viro@zeniv.linux.org.uk>,  Andrew Morton
 <akpm@linux-foundation.org>,  Alexey Dobriyan <adobriyan@gmail.com>,
  Thomas Gleixner <tglx@linutronix.de>,  Oleg Nesterov <oleg@redhat.com>,
  Frederic Weisbecker <frederic@kernel.org>,  Andrei Vagin
 <avagin@gmail.com>,  Ingo Molnar <mingo@kernel.org>,  "Peter Zijlstra
 \(Intel\)" <peterz@infradead.org>,  Yuyang Du <duyuyang@gmail.com>,  David
 Hildenbrand <david@redhat.com>,  Sebastian Andrzej Siewior
 <bigeasy@linutronix.de>,  Anshuman Khandual <anshuman.khandual@arm.com>,
  David Howells <dhowells@redhat.com>,  James Morris
 <jamorris@linux.microsoft.com>,  Kees Cook <keescook@chromium.org>,  Greg
 Kroah-Hartman <gregkh@linuxfoundation.org>,  Shakeel Butt
 <shakeelb@google.com>,  Jason Gunthorpe <jgg@ziepe.ca>,  Christian Kellner
 <christian@kellner.me>,  Andrea Arcangeli <aarcange@redhat.com>,  Aleksa
 Sarai <cyphar@cyphar.com>,  "Dmitry V. Levin" <ldv@altlinux.org>,
  "linux-doc\@vger.kernel.org" <linux-doc@vger.kernel.org>,
  "linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>,
  "linux-fsdevel\@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
  "linux-mm\@kvack.org" <linux-mm@kvack.org>,  "stable\@vger.kernel.org"
 <stable@vger.kernel.org>
References: <AM6PR03MB5170B06F3A2B75EFB98D071AE4E60@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<CAG48ez3QHVpMJ9Rb_Q4LEE6uAqQJeS1Myu82U=fgvUfoeiscgw@mail.gmail.com>
	<20200301185244.zkofjus6xtgkx4s3@wittgenstein>
	<CAG48ez3mnYc84iFCA25-rbJdSBi3jh9hkp569XZTbFc_9WYbZw@mail.gmail.com>
	<AM6PR03MB5170EB4427BF5C67EE98FF09E4E60@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<87a74zmfc9.fsf@x220.int.ebiederm.org>
	<AM6PR03MB517071DEF894C3D72D2B4AE2E4E70@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<87k142lpfz.fsf@x220.int.ebiederm.org>
	<AM6PR03MB51704206634C009500A8080DE4E70@AM6PR03MB5170.eurprd03.prod.outlook.com>
Date: Mon, 02 Mar 2020 10:17:32 -0600
In-Reply-To: <AM6PR03MB51704206634C009500A8080DE4E70@AM6PR03MB5170.eurprd03.prod.outlook.com>
	(Bernd Edlinger's message of "Mon, 2 Mar 2020 16:02:46 +0000")
Message-ID: <875zfmloir.fsf@x220.int.ebiederm.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-XM-SPF: eid=1j8nnC-0000UA-Vb;;;mid=<875zfmloir.fsf@x220.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=68.227.160.95;;;frm=ebiederm@xmission.com;;;spf=neutral
X-XM-AID: U2FsdGVkX1/rDgyLYZJLEvddAZC2RnTuV8ERN149vpA=
X-SA-Exim-Connect-IP: 68.227.160.95
X-SA-Exim-Mail-From: ebiederm@xmission.com
Subject: Re: [PATCHv2] exec: Fix a deadlock in ptrace
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Bernd Edlinger <bernd.edlinger@hotmail.de> writes:

> On 3/2/20 4:57 PM, Eric W. Biederman wrote:
>> Bernd Edlinger <bernd.edlinger@hotmail.de> writes:
>> 
>>>
>>> I tried this with s/EACCESS/EACCES/.
>>>
>>> The test case in this patch is not fixed, but strace does not freeze,
>>> at least with my setup where it did freeze repeatable.
>> 
>> Thanks, That is what I was aiming at.
>> 
>> So we have one method we can pursue to fix this in practice.
>> 
>>> That is
>>> obviously because it bypasses the cred_guard_mutex.  But all other
>>> process that access this file still freeze, and cannot be
>>> interrupted except with kill -9.
>>>
>>> However that smells like a denial of service, that this
>>> simple test case which can be executed by guest, creates a /proc/$pid/mem
>>> that freezes any process, even root, when it looks at it.
>>> I mean: "ln -s README /proc/$pid/mem" would be a nice bomb.
>> 
>> Yes.  Your the test case in your patch a variant of the original
>> problem.
>> 
>> 
>> I have been staring at this trying to understand the fundamentals of the
>> original deeper problem.
>> 
>> The current scope of cred_guard_mutex in exec is because being ptraced
>> causes suid exec to act differently.  So we need to know early if we are
>> ptraced.
>> 
>
> It has a second use, that it prevents two threads entering execve,
> which would probably result in disaster.

Exec can fail with an error code up until de_thread.  de_thread causes
exec to fail with the error code -EAGAIN for the second thread to get
into de_thread.

So no.  The cred_guard_mutex is not needed for that case at all.

>> If that case did not exist we could reduce the scope of the
>> cred_guard_mutex in exec to where your patch puts the cred_change_mutex.
>> 
>> I am starting to think reworking how we deal with ptrace and exec is the
>> way to solve this problem.


I am 99% convinced that the fix is to move cred_guard_mutex down.

Then right after we take cred_guard_mutex do:
	if (ptraced) {
		use_original_creds();
	}

And call it a day.

The details suck but I am 99% certain that would solve everyones
problems, and not be too bad to audit either.

Eric