From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BEB04C3600B for ; Tue, 25 Mar 2025 18:40:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AB02928000D; Tue, 25 Mar 2025 14:40:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A60F3280005; Tue, 25 Mar 2025 14:40:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9000028000D; Tue, 25 Mar 2025 14:40:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 70C40280005 for ; Tue, 25 Mar 2025 14:40:19 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 471ECA8303 for ; Tue, 25 Mar 2025 18:40:20 +0000 (UTC) X-FDA: 83260938600.04.CEDAF7B Received: from tor.source.kernel.org (tor.source.kernel.org [172.105.4.254]) by imf21.hostedemail.com (Postfix) with ESMTP id 9B5371C0005 for ; Tue, 25 Mar 2025 18:40:18 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nUPm3Es2; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of kees@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742928018; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=46bS5zblPi4Cgi/GNAZgCaWw2aUsl90BI6FA+un2euk=; b=WHAs/F16ZL0ST9rY7/7K0Vp7lS+MOP1FCGustFAGeEFFZ33wceKZGE6iG48CRDqurCvs61 vxdBTFjIzDJJQmNBmRj7z9oPCCBYsNG6TLfZiLk0dYrz/cMn1Itim6JEkoxnc1nYL5zlJE zlJCmWyPCEYNov5tTIF3nHnbqkm2tzY= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nUPm3Es2; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of kees@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742928018; a=rsa-sha256; cv=none; b=XqI4PUCtSKUtgRHFoAgrO075dqHfjCktytVvlOoCWQfnW2tVt55an2gyiXE7W/TA/c9Owb fA034HooxIErkXOpQkUDrUjA083Vy80ByHiQYaYDUjyesnLmKphnLDPFq/1zZm9/Wqm+FM 5bAnJGydSOQcf2h4BOdRPEghRhIlH0E= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by tor.source.kernel.org (Postfix) with ESMTP id BCB5161134; Tue, 25 Mar 2025 18:40:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 28F7FC4CEE4; Tue, 25 Mar 2025 18:40:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1742928017; bh=46bS5zblPi4Cgi/GNAZgCaWw2aUsl90BI6FA+un2euk=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=nUPm3Es2dRzj3FRgaG8tA42h7dX9GKnc4DWwth7T3WvuzXc906Khs8/oiG+pElZL1 NBj6FKVCaG7M3fZ6xEGWVVOFCiXlRuMNeht3jfPQXN7lvwo2MtMmHY78ggOa65t4jm X7vV2dV8pwjTa+prQTkQaZkcgazfzXHO9jDyMXibvYFFYsuoinn4vszAwj5BSt3/Ad ukHZb4Q5yi9eKwjWd+9DqWVQ82lADzEtqIrvU0yaSOkngD1cCaAgaB/uNnU1RGu2DH gF6kh1+j2oZfHZABDa83+4bbQ7xzC4QxSmfox0s0BsJaFUyUsFjEXr6AAzfQkysc/e 00oRHgNpTDBAA== Date: Tue, 25 Mar 2025 11:40:15 -0700 From: Kees Cook To: Christian Brauner , Mateusz Guzik CC: Oleg Nesterov , syzbot , viro@zeniv.linux.org.uk, jack@suse.cz, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Subject: Re: [PATCH] exec: fix the racy usage of fs_struct->in_exec User-Agent: K-9 Mail for Android In-Reply-To: <20250325-stilbruch-deeskalation-f212bb2499de@brauner> References: <67dc67f0.050a0220.25ae54.001f.GAE@google.com> <20250324160003.GA8878@redhat.com> <20250324182722.GA29185@redhat.com> <20250325100936.GC29185@redhat.com> <20250325132136.GB7904@redhat.com> <20250325-bretter-anfahren-39ee9eedf048@brauner> <20250325-stilbruch-deeskalation-f212bb2499de@brauner> Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 9B5371C0005 X-Stat-Signature: fee67k5ndbdw1iruydngftymm75pediz X-Rspam-User: X-HE-Tag: 1742928018-834632 X-HE-Meta: U2FsdGVkX1+heh1FLILiCGLMUqnEx4lV9bHElnP+bKLdnLif85kXzHNsejGqsgZnSSEZ8cLvP1tU7OCvVC97JTI1yQA40Rq+1s3F7Vde1NkGoY8LC7YlauEpE368/valmXTQF+s88jzJnQ/EM5cbngdh6YoxDh+gAAOR/DQ5enusBjzy7a9zduEjrxuoc4hKp5jZfo8uiQhGATcmuzmCohB5b1r0LMMc8uCsYoy29cBF2B/QogHOooX6pkoYEkq5OE5wVI+lKEQV0vWR7zr7wZgGZaC7SSev6sXw2GCLL6KPHTpJ3Mh6IP4ekSPmgid7Zttq97Nvoh4ZDDHUlydsa8yYiMqVSK4QThieT0FhdU0CDpouFDdMDe4BD1Yck8FnbMYjf/pHmx4iGHpmAfvBIT3xSEK3MEsjhfsKkh8pyzZiI0hxRMaBbzmp69BUGva3Kdzzvh3Ky26ok+kA5Qddz6cjoyOOvE3rmaQ0HqHs2kj7jORyMy90sHGPXxKpLE/bYc2R8Q2dIS3zrTAs4tgazI/mPSyLcq+C10uMdLXy0EZjLG9sxJ3N+J7VyUQ7YsS1Sq1q2Ei7FOO9zqplP29IFvUyS0Htc4CRbypadc8v1IO8VzMlesqIiDSOo3zp5gBWaVnbFDLPAl4v8I+caEw4KpgkXKJwzFLQs8CCGI7WbzC0ernkbNPqnakothNfF+dVhyKzqyksedCuLn9DgKHbZ4i9EiB1QDUtrzgYboK++4yXXlqe65UZM+L4Fs3R9ySSYnRF+uACjQQK9Qim7XUcRxHr1HKOL9HuyxXiIZFnrVO7NiABEGB769lECwJJCnjgGn7jLT93CRMc0vQNqy0mk44Gf3NbZ235HLtv/HiHW6v6T8TUppTN31ZwhCKyx+Qjm/TlL8qkC5YUrgLrBCVrWxJ4mweCMorffYEAMrwnE5RwkxOT4UaJv/VRIj5tBsbhqFyBALGMDxOQTNsWIq4 D9Krwbqs Xuye2lKmFsmIcGAYCCvoRG0ENLFEgeXLhFb3N2Tt4tCHrlfqEGilbJlQE2mtglJdW4XDaeI6MRYl0HgSyE2r9ix85CFGsTfdyuai1et5Mh93BRkiJfLhUwXWpvbU2ocXHQC/uLWeDIpvco4ebIAIm6IexCoCvhRJQT7WiC4VLzT7jTyGymdkaczVj2hJKL+ffUXWmxGRuuUjwH3HTsl3mqbTEGhdCexiPI7oolWH8FwisaT2YauG0k9ZavgGmKkAu08m4a3dG2XbDfFL9TVXPTq0cB56OQVNIrLnIF26MbvY4LNzXfuNYFqo+cDljXBR7QsckIEGJ6b9t3wtyZXu69FVaVDz1UfyWwT2yVGEVwPodRIfa4x9YClPRC4tBslVnhCLkAXIelLE7I95tOekWxtZwsQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.004129, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On March 25, 2025 7:46:15 AM PDT, Christian Brauner = wrote: >On Tue, Mar 25, 2025 at 03:15:06PM +0100, Mateusz Guzik wrote: >> On Tue, Mar 25, 2025 at 2:30=E2=80=AFPM Christian Brauner wrote: >> > >> > On Tue, Mar 25, 2025 at 02:21:36PM +0100, Oleg Nesterov wrote: >> > > On 03/25, Mateusz Guzik wrote: >> > > > >> > > > On Tue, Mar 25, 2025 at 11:10=E2=80=AFAM Oleg Nesterov wrote: >> > > > > >> > > > > On 03/24, Mateusz Guzik wrote: >> > > > > > >> > > > > > On Mon, Mar 24, 2025 at 7:28=E2=80=AFPM Oleg Nesterov wrote: >> > > > > > > >> > > > > > > So to me it would be better to have the trivial fix for sta= ble, >> > > > > > > exactly because it is trivially backportable=2E Then cleanu= p/simplify >> > > > > > > this logic on top of it=2E >> > > > > > >> > > > > > So I got myself a crap testcase with a CLONE_FS'ed task which= can >> > > > > > execve and sanity-checked that suid is indeed not honored as = expected=2E >> > > > > >> > > > > So you mean my patch can't fix the problem? >> > > > >> > > > No, I think the patch works=2E >> > > > >> > > > I am saying the current scheme is avoidably hard to reason about= =2E >> > > >> > > Ah, OK, thanks=2E Then I still think it makes more sense to do the >> > > cleanups you propose on top of this fix=2E >> > >> > I agree=2E We should go with Oleg's fix that in the old scheme and us= e >> > that=2E And then @Mateusz your cleanup should please go on top! >>=20 >> Ok, in that case I'm gonna ship when I'm gonna ship(tm), maybe later th= is week=2E > >Ok, I've taken the patch as I've got a first round of fixes to send >already=2E Thanks!=20 Acked-by: Kees Cook --=20 Kees Cook