From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EF6E4CCFA1A for ; Tue, 11 Nov 2025 11:07:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3A4F78E0005; Tue, 11 Nov 2025 06:07:57 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 37CF78E0002; Tue, 11 Nov 2025 06:07:57 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 243FE8E0005; Tue, 11 Nov 2025 06:07:57 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 0E0EE8E0002 for ; Tue, 11 Nov 2025 06:07:57 -0500 (EST) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id AB34F12CED8 for ; Tue, 11 Nov 2025 11:07:56 +0000 (UTC) X-FDA: 84098051352.26.CAABBF8 Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazolkn19013078.outbound.protection.outlook.com [52.103.46.78]) by imf16.hostedemail.com (Postfix) with ESMTP id CA527180009 for ; Tue, 11 Nov 2025 11:07:53 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=HOTMAIL.DE header.s=selector1 header.b="b/9FQu5G"; arc=pass ("microsoft.com:s=arcselector10001:i=1"); spf=pass (imf16.hostedemail.com: domain of bernd.edlinger@hotmail.de designates 52.103.46.78 as permitted sender) smtp.mailfrom=bernd.edlinger@hotmail.de; dmarc=pass (policy=none) header.from=hotmail.de ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1762859274; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=bUNenhQhlCOx3VL7piVBsfQhhog8UCi73UWST9oscEI=; b=J6GP5gw8hs3NoDJmtZxDmCBHS4khlRcX0/h6Bm+dleyZs1FsLHMeCwX1L1JkHOHrxejHUK 8FuBXI6MzrCi8ruV230UbchxolTZlv9iU1CCB7NtwZWFgO7qBynD6e4N3hNk9JKZ56/kRC buqm1N5kct+sMTJFxeKZSSF/+BObLZ0= ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1762859274; a=rsa-sha256; cv=pass; b=Y0yP8/VP53n8mherVvDbwIqHmDm6WcuQpJipS9aynMmF6u1ZNaciQSxjFts2JPXyzZRdd4 0/XFS4UZ7vSSPNKx9rGoRUxk9TDRa1/cHsMWkvzE2ShYe5VzuhoUuOfr4kL6B71JV650Cv pVFkYBwwzkKPeEBaym0YWAi2C2wVctk= ARC-Authentication-Results: i=2; imf16.hostedemail.com; dkim=pass header.d=HOTMAIL.DE header.s=selector1 header.b="b/9FQu5G"; arc=pass ("microsoft.com:s=arcselector10001:i=1"); spf=pass (imf16.hostedemail.com: domain of bernd.edlinger@hotmail.de designates 52.103.46.78 as permitted sender) smtp.mailfrom=bernd.edlinger@hotmail.de; dmarc=pass (policy=none) header.from=hotmail.de ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kdiER4FX4NKFNeq1yZODLf7Vjtw6lPydgPqIJGsZ3GmNNgY67FlW2lNuTJaM0LA6987VP7zosjY1YODcoj6q3GGHNI3D6VCZwl/H2GvVDX/Yibbk7JcjNMLLzYNtcNRgk3AotbRBz/+Rufh/Ya2ItbYN7U4P0i2ZU3tK1NxO5iRz/mgHM0WvXhE5NVrKw/1kfYYXgb1qkExc4tS0o6XrOy24R0OGV15eendOKEU74740pKOWQc9ORgLOztt6yK3MAlL6BjFlFTjEFym9fXkyZ2PTNNuc92pj8M3ooigUoUcKbXZzdkNI0E8+C8v87QkRtox7/oIF5XXSUT13xtTifQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bUNenhQhlCOx3VL7piVBsfQhhog8UCi73UWST9oscEI=; b=qaw1tt2eNVE14ES6mniYnNDGSIZjS+gMBxDkvpWLEiTlAgans2FvTCOmc8Ln8XX7oY4ewBRNGTJ3R3A8nEnqcL0EKrBGb7jb4s+lMB1Dcv8zdUuwvDSFJZAWnDgUyKf3I8PUhpzXSwvMgAzwIGOsSorJ3bRXcBWj8qmHMi3XvSUH3rOiCFoMBFwll0tOHZ/bNo9TupyoGmPjLFC4Q/APWOS1O3ytKNF3hKcEKrQ+f4/uOvWG/RdqB5MTjOedIOfaco1gRYQWDiGm97NkyC2nVQzowaKdBHELBkvlQ7uobyBMrkBErcOI16u25RZjxgC3NLFu0Zh3yEOV+3pt8dAbRw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=HOTMAIL.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bUNenhQhlCOx3VL7piVBsfQhhog8UCi73UWST9oscEI=; b=b/9FQu5GvYggMtIRW2oEzuQym7NU4EE0zDjjOdWySw6kBpMGPA5r91MFzHWQNyGS1UzrYMYDHYjdOwX4VRHmiCEHq3gvyNicbxKhO0QXD94uSoV3Z122nNtgdiGzEdG1gEuBEenLRrKXRQeEIPSB4cNZFR7B0Ho+dah9AQ/GvaXdgPQO8HCAGfF4r73pGkefJc3EM6/i2T4Do+zNkGz7mHmOZtnjkDb5BtDoM4ziFBdlQtf87KIYme1No/t8pARlQZinftpJPiI2HEvNNMZ2pqxPhT0ZdjE/S3ovmt0/5/C/zdl4ILQ3ZDwKS/57Ggh4ZXPye7KEZtlhtUEVEl2jpw== Received: from GV2PPF74270EBEE.EURP195.PROD.OUTLOOK.COM (2603:10a6:158:401::8d4) by VI0P195MB3290.EURP195.PROD.OUTLOOK.COM (2603:10a6:800:2d4::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9298.16; Tue, 11 Nov 2025 11:07:49 +0000 Received: from GV2PPF74270EBEE.EURP195.PROD.OUTLOOK.COM ([fe80::dde:411d:b5f2:49]) by GV2PPF74270EBEE.EURP195.PROD.OUTLOOK.COM ([fe80::dde:411d:b5f2:49%8]) with mapi id 15.20.9298.007; Tue, 11 Nov 2025 11:07:49 +0000 Message-ID: Date: Tue, 11 Nov 2025 12:07:39 +0100 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v17] exec: Fix dead-lock in de_thread with ptrace_attach To: Christian Brauner , Oleg Nesterov Cc: Alexander Viro , Alexey Dobriyan , Kees Cook , Andy Lutomirski , Will Drewry , Andrew Morton , Michal Hocko , Serge Hallyn , James Morris , Randy Dunlap , Suren Baghdasaryan , Yafang Shao , Helge Deller , "Eric W. Biederman" , Adrian Reber , Thomas Gleixner , Jens Axboe , Alexei Starovoitov , "linux-fsdevel@vger.kernel.org" , "linux-kernel@vger.kernel.org" , linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-security-module@vger.kernel.org, tiozhang , Luis Chamberlain , "Paulo Alcantara (SUSE)" , Sergey Senozhatsky , Frederic Weisbecker , YueHaibing , Paul Moore , Aleksa Sarai , Stefan Roesch , Chao Yu , xu xin , Jeff Layton , Jan Kara , David Hildenbrand , Dave Chinner , Shuah Khan , Elena Reshetova , David Windsor , Mateusz Guzik , Ard Biesheuvel , "Joel Fernandes (Google)" , "Matthew Wilcox (Oracle)" , Hans Liljestrand , Penglei Jiang , Lorenzo Stoakes , Adrian Ratiu , Ingo Molnar , "Peter Zijlstra (Intel)" , Cyrill Gorcunov , Eric Dumazet References: <20251105143210.GA25535@redhat.com> <20251111-ankreiden-augen-eadcf9bbdfaa@brauner> Content-Language: en-US From: Bernd Edlinger In-Reply-To: <20251111-ankreiden-augen-eadcf9bbdfaa@brauner> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: FR4P281CA0407.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::16) To GV2PPF74270EBEE.EURP195.PROD.OUTLOOK.COM (2603:10a6:158:401::8d4) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV2PPF74270EBEE:EE_|VI0P195MB3290:EE_ X-MS-Office365-Filtering-Correlation-Id: e79ebff6-40ed-409c-0203-08de21128cc4 X-MS-Exchange-SLBlob-MailProps: 9IecXKUgicBJ8NNsyPoVvrHIv5xlNgd3DClhicMbZQGQScwPSSUB4wtX+IKcX8H5ch33TMqBacURcGqnTQ7S4GsR91tRmQcgeP/Ywgg6phjXdIH5JVALj0y6lZ4ojz6sD6z1TwChJe+b0+GwZw5V7S589G7IKipf2H9+dicTHVyJ/0LBfng6jHpeWGBUZy+uT/r5edtMWHEl18wmHlqTLxeHXknOE21I/88bf6h0dLptgnzw/9xCT5U0EfbLYF0V73JVUkUvUpm9UD4B//M2fo18R3CoRBl9fdSegjcSC9wzcfdAKPumyrF6u9eVKTE384q4iISmZwfYBe6Uw0aeMA9CJkkoicYt+QFrIYqF6aZy/smwopYSnObrXcpPs472xTVHyXc4/NhB/LJVGvFdG2tIGIXMEcgxd5rTFwYbKbtQ/gGCn/hjGZ/N9mX30bwFZmGQoksGcbF2KsXuBC4rYpqC/6mDZYC9FN2fEadkM2E2p28LMg1WRuk6aI16E2zWvXCU3ZtEmvv9t6sCayIz8BdEmwMutlGzBdbsDx/8WaBREna0lbhx6xWUtR/wyWhfSlMivKOo1w3BGNm3o25iNmzrxTeYRHMDgNbhpono40QPG1YPdBr/YvISmaAPnT1EYoHHrl7rTKhWfFMo19SEy/Kj25Y+rv+swXRiqnNr+RFm7AlXAXaoYopv9TuFGHLyvEzbIU73WVwWlLxgCoHNXlp1Ix2HqWZt6d2rAmnMeW32v7zBSyQMiw== X-Microsoft-Antispam: BCL:0;ARA:14566002|5072599009|19110799012|8060799015|41001999006|6090799003|15080799012|12121999013|461199028|23021999003|51005399006|3412199025|440099028|40105399003; X-Microsoft-Antispam-Message-Info: =?utf-8?B?ZW9EK1VrRm5qbE45STJmK3BnaVBKcVR1d0c1TitBakJNRXBUakVMdEJmMzZt?= =?utf-8?B?Zmpsb0NUa2IrV3JBbTd6eTJmWkIwd1BLcVExdmpTN1R3ZG9aSGl5RnVCWlhh?= =?utf-8?B?Q29pQzgwSDBaZlY3RzZabDFPUm55YXlYUSt3WEpVMTUxQzZ6SzZTdmN2MCtr?= =?utf-8?B?bW5ORERWcmttWnB5alFjdVRZNFFNWWZNUG5iSlo4WTZFZHlHazFxVU5iRWVP?= =?utf-8?B?NXFwcHZRVVFqWm1LVCt1SVdFemdaWmdzdTkzNGdFK05oWi85bGpWeFYrc3pM?= =?utf-8?B?dXM0S2RMS0l5b1htLzNCbzg0a3BqQ3Z1WFhmeUlwdWZvQkI4U3cxL25Bb3gw?= =?utf-8?B?bTQwdEEyWmt4by9nc2pBWmVsUXFqa2lFSE9HMDZ4b0VWV28rK0xsOGI3eVkz?= =?utf-8?B?SXF4eC9OQ05uamUzWlZ1SUF3N1h6bHNPeUZJMGtNK1U3QlozcjkvaE9DUnc0?= =?utf-8?B?aXZmbGlhVjVYN0NiY0JIQUxtckdSb2w1VjhRQiszK3Y4VUREVzhNb1czMElV?= =?utf-8?B?T3E5L0s5QVlqUHZJcHpzUWxuTDB1Zm1xeFJobFpVeVZmSDRZSjEwR1BoQlIx?= =?utf-8?B?elZCd2VGaVBJQ1lhbGFPVXJpVUY0SVdRZmNOdWcwdmw0RWU1KzIxbDVjSXJN?= =?utf-8?B?bjE3dSs4WFU1WVhYL2tCWE15N0VUZGdCTDd6Rk9UNkF3bU1XaDc2OFdnbS96?= =?utf-8?B?WnZVd0VXeDVSODNmdUNWZ0pxcnRnL2djNCtCT0tqZ0M5UXlOcytDY3B2bWpl?= =?utf-8?B?dFdKb3RaSFFtYlpzUlMwdnRYSEg4dHVPbTlYbE9TMjZJL3EzSGRnREJ5VVRX?= =?utf-8?B?VWl6ZWVtZmpxaG5BdHdkMG80QVdYUHhrQmp6ejdVaThzc1IycVNZRzB3Y2RS?= =?utf-8?B?N2gvZzByZ25XMDlNMkFiZG9BSENibnpZeHNVVDhxdUsvOHp2QXdBQTVuclM5?= =?utf-8?B?U2kxZFBsUVlrVGV0OFRyK2RlVTdJWXM3aUlYalJJVGxRVWplUmtvalhHMDg4?= =?utf-8?B?Wmh0NmVrejgyVTg4OGtrVHh0WUZxMlY1ckZIc3dIYkk0bmFCWXh4YitLSmJq?= =?utf-8?B?OXZhbDJqSGw1VWhzNEZEK3hnVkZlZFRzeDJTazRmRFgxRHAxY1FCVkVLUVow?= =?utf-8?B?R09GWVA1VXc4L3hnVVExR1JVNUhBaDV4cUtLOS9VeHh3T3I0Sm11OGFkSGs1?= =?utf-8?B?cWRaZVlQMVFzOHU4b1h5MHRHSDVoSFluWmdmUkRuaEpoNVhFOFJpU0FqTmxF?= =?utf-8?B?M3YyaVFwRUFWTm1vY2llNGtvNFNZTE5jYUNIUjc0bmlybDI4cnZOcW5kYUN3?= =?utf-8?B?cE5HYklWeEpSOFJqcmpiMXE1bVVtcytMenJNeGRTWmd6R0lPRkxjYnF6TmhF?= =?utf-8?B?dng0RmJQOEVhRWs4Y0JaKytjazZFaDRHQ1hFSkN1eDhtTk1QTnFUakorTUpT?= =?utf-8?B?TURkaENVSEtpUVJRdUtFbjVyUzdQQkZLOTg1N3FsTXFxRTlWOVRpTEhoNWRG?= =?utf-8?B?ZXFVbGhWS1pCTUhTR2dIbjZiZlcxdU5PVmpHa1MvaytXVVhMZ0hZVkJvRmdi?= =?utf-8?B?RVhXQ3pJc1l0STVibnFjL3Bsd0xOT2tpL2xIaEpHdmRMdXhmVXhFRVVCYm95?= =?utf-8?B?VkpOTUVOclE1TGRSbDRvc25sMGUwSTNXWUl6MHRsR29UOWFGd0R2azRaZWto?= =?utf-8?B?YXBGLzR3UGd4elBpUE51SVRGR2lwRWhPUnVPTXF0RjVXSkUrNUR0SWdBPT0=?= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cDJ6Qk1BR1hVRkxXbGlOelJnTWlTNW9XUnQyOEpYZEY5MnJDV2lSL3Z2MXht?= =?utf-8?B?eDNiNThkQ1ZDRUFoZ255czcyaWRKVmU3VisvY1pSVHVKMnF5eDFEd1pwalZj?= =?utf-8?B?REpHTXJMSS9NMXBuN3Azcnp0a2xhWHBFUysydjNyNnVocXZIOUlGU3MrTTRu?= =?utf-8?B?Q2lXOWRIWWhhSGtQUWhUT0pCWjFzQ3FZTEViSFBXWkJ5QVpCTFBwYm5UVXpK?= =?utf-8?B?RnRDdGRqSE5zUlB1QkRGNURFVHU4eWdCdUNML2xld1JnSGNad2NPZWYvY1Ew?= =?utf-8?B?amV4NFlhQ0lOV0MwRlgzSDQ1V2YzRUlHWFVaK00xWWVyWExIUlBCYXFVdm9h?= =?utf-8?B?R1gxZ0xCaVNFRHRWOFByVWtlSmcxdWlTUGVybWlBRDNsUG43THEzOXJBVWNS?= =?utf-8?B?SE9nSEpUOGZnZWFqNVNMdnBwTnl3MVhGU2NzOVdjNlJiMmVXQ3hxUUh4R21F?= =?utf-8?B?cWh2RERJUXpsME1QUEhxY0l3b05BWkJENjg1ZmMyKyszTEZ4RXRYSW1kVHVy?= =?utf-8?B?a2lrcE5RZTk2b2NZV3hOVVhtbnIrNktsb0RqUTFqQk5iaFZ5VXVlMlMwenVn?= =?utf-8?B?L0ozZ0x1b2M5MURYcUNobzhqdnptWEE5a3VscGhNR1h3RG1Ua2FiekM2UjlG?= =?utf-8?B?YUhxV1RCYnBTTmcrOVdmQUFRQkdHL3c4cVU4NHdwN2xQVXpHa1Jld0tqUHBE?= =?utf-8?B?c2U2cnRZSWRmQnZCa0NCZ0ZKckZiNlVnTGRkcmI4cVVaaEh6WklocUNNK0Jh?= =?utf-8?B?TnlaSGw1YkFmMnNsZDFCdmQ5d25QenkyNkNUWEg5VVd0aE5PK2VqVjBsZExD?= =?utf-8?B?ekY4eGt4eVFDSHRFaUtwT3c4MlRyOUUzdEVPbDlTd0dmaFVaVnU5alR4ZG55?= =?utf-8?B?QUpLZmxtOEFsbHgyOVFmcVd5TEt6d3FONVA4M0cycWZhQlhtbzNvMnArRmI0?= =?utf-8?B?WkdoaElDaVNOZEVvdm05OWdTQ3dsZzJRbU1xaE1Ba29yMW1UZlcrMnRQVm1R?= =?utf-8?B?TnhVTXVOU1psL2hmN2RrdGkwT0paYkZxRHdsdWIxckcrbnRIK3JjOHpyQkR5?= =?utf-8?B?NnpIc1hscHYrdTFyYXI5MU5nMDFKNGJRSDg5MXlQUitZTHcwcXp5RFNLUzNJ?= =?utf-8?B?ZlIwTjd2em5QWjF5aFVDZjd4MHBBVnlHQ1NzSktrSWNlTDBrVmU0T2hGcnZ4?= =?utf-8?B?bnA2YWdrOTRteVVBalFORFo1cVoyYzVLOWkxSGxhRm1vSnBhbTFlSmpIb3Zn?= =?utf-8?B?aDFMREtVTUxMVnRUcVZhN29MbGt0MlpWeGI4djZUR0pSVW11SXJ6RUQ2ZzZp?= =?utf-8?B?THhiTS9qSHYxYmh3TWpaazJlcDJuVHhOQVNjUVB1NXIyQWtHdk1McmNOWlVV?= =?utf-8?B?UGxkTXFoVUMrQXhFZmxUUVhTR21PUlZBOTBlb0llZlpTQnVldDB1MW55d1gx?= =?utf-8?B?anN1ZzU0VldCcm1HMnRFaUNNaHQ2QW9IREFhOEIwYkJBSUdzRy9Da3dzcnJn?= =?utf-8?B?TFNXWmxJUCtSR3F4QlN3QVE2L1VmODV3OTF3RjJWc2xyTEpZUllOT1d3UXpq?= =?utf-8?B?cGpiN0Q3TkdnVlc5dE1ubmN4NUd4cVBuYUNmY25vL0g1YTJKSHUyVWJnK0Rp?= =?utf-8?B?eHVzQ205R1ZrcU41VW9WOWtGM2FZK212R0FRVnpPVDFoMFIwRzJMYnVZTWZQ?= =?utf-8?B?UzBWUXIrNGEveW5zcmQvblh4WGpHb1FKRGZOYmdPVTQ4U3o3aWEwT3FDOTdQ?= =?utf-8?Q?kQYLNqW+/oPyUL6C021DbNAIVbm0iEdt0oltAmP?= X-OriginatorOrg: sct-15-20-8534-20-msonline-outlook-87dd8.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: e79ebff6-40ed-409c-0203-08de21128cc4 X-MS-Exchange-CrossTenant-AuthSource: GV2PPF74270EBEE.EURP195.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Nov 2025 11:07:49.3292 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI0P195MB3290 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: CA527180009 X-Stat-Signature: 9on1j5pshspjs8e6zgqyseoksmhwxzew X-Rspam-User: X-HE-Tag: 1762859273-584339 X-HE-Meta: U2FsdGVkX1/4goHnjjAQoGFrDG1emw9H6GgzyXJ4zL8QRlSi1WP8Jx28gbOTGSxi/xsNAg3d746t1O/E+1R3vOHqRVMQzok0Fk9ngIv3yI//6viW+ENHG7wh2TRAq6FbFlNw+nCeY2hOIi0ZkbZ420HkEhGInDvyFgGNqSfUG1PCJ7J/ulOJHUHudiJ0HubvqYqV8GqLraHySuog4I/qA9Gn0rHyKnJr8xm4LW5s5pP6pCzHg+srD+vogkgfi2pX3VACY1zHO7aO10dr+qIqtmQeecECkWagU0xyklA5WinI2vJJC1yqs4koUfWCBbqmp0rfMFdT+cScqVRkhQls4sNHkacpoDicWwZUWRt1Sr1GGrgqG0U2tQOMGeHQ88pOP9uA6D4faX91Dp3hYP9L+F2TG1V2Lfjw9WRYCBtyK6TniUDKwvqpC6yBPW4yvnBhKUar0YexRtAbwgiE/Fyw61jU1e9pgF2KXmxCjYUyFWLlPBN9C9Y4KtengDpmf6uq4zQXnKXAc35fCpkEMXsv8t6PSMEbsUkRGz8ZAdJl+pxzDgV/U2SUJ15zqFFO/3YVCUmmAaYuLuKca6rboQwswMAQXXIM2A2E0abgb1MjklCtauRHwNd0/e15flm02mkf64nNuv4arUEA1ZYr0NrJd7n3NrosLriyKv0wNKvLpFOoiVi3ZGPxt/oLVKPQI6RJ1dhGrSThFTqnFqQKxe7UyjnXG/ANWoq4846IjYap1KKJEjjMpalQw7sNHG2XFN0cbHJFwhHjfqEfLs7pACTCjYicvrqinJMTeoGVauQpNBa/q9t/20E9KROHnaGlTN1AjdrfzEyqmGOJ8xK23BBI9pj9bqJOTCbM/tcMoU6AIAcYAQeALflo/D+XZHvWtU5/T3EG1Vg6UTfX9aB0SYGdSIOHAoL5lL7Vv41xsChZ6HmggaLYEzdEcuOJEqAFTLbotpPi7gxgQuVMs9kPlfd nkBhTGbA L4whNFQXLXLUU2r+1Ogm3joAxknk5dBYDBbzs6EOtrfSBSJCdXyOaDV2xtSwQZtdR0fUn7m7HUlXAwFMWIFniyhMVKJJ2mjgbcQRgmDF9YWUV6v/bOicWSgVfDZTCEwWM8aIU+BTmhdufAPcD1lmlm23dXVtPSCwU0Q8QYa/xA9HBG2NYFhJtdlQzZ174mnrF9OWtBAUnebP1e7MFbmx3MDIDUwc5MGAD8myVq1CcK/B6UTILtQ4hIfdu+svec0OFpEuH1YIwB8WeLbGHb3oVAUHcHH0SpYxGVgVWAI1xfrd6B8mVhswnfVNnVg1X9tughds8qq7CPVohg1H4GMynqk3NcU6o+/bg5phYi0YLJ8/D/Zd/ejE556Wmdv0jS3n3sYupYK1ItAmkl1EjyndJf7NLuEMj62cMG9lM75BVgK75SRc/Zx0QPx5+t3qRGIuuLrSR0NkvkpwYrLSerPHwBrNOfMgJIy5P0zi8rvjzipILUK/zyhQZEF8W0M0abTTjsVcw/QPlsYTa9jSJhA+3Ep0Y0xrrZpGCT6o2wr0Borlv3eVlHpOvGCJfSGwepnzAwCrZ9jZKtMVvckcHljF/SRUWVK+ZxCBPKAGib541EAr4AMmL6MZihJ8s9NoB8SXZZLOgigpQV/DUjA3hIG8126YK/Vx3zojrHruM X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 11/11/25 10:21, Christian Brauner wrote: > On Wed, Nov 05, 2025 at 03:32:10PM +0100, Oleg Nesterov wrote: >> I am still thinking about another approach, will write another email. >> But let me take a closer look at your patch. >> >> First of all, can you split it? See below. >> >> On 08/21, Bernd Edlinger wrote: >>> >>> -static int de_thread(struct task_struct *tsk) >>> +static int de_thread(struct task_struct *tsk, struct linux_binprm *bprm) >>> { >>> struct signal_struct *sig = tsk->signal; >>> struct sighand_struct *oldsighand = tsk->sighand; >>> spinlock_t *lock = &oldsighand->siglock; >>> + struct task_struct *t; >>> + bool unsafe_execve_in_progress = false; >>> >>> if (thread_group_empty(tsk)) >>> goto no_thread_group; >>> @@ -932,6 +934,19 @@ static int de_thread(struct task_struct *tsk) >>> if (!thread_group_leader(tsk)) >>> sig->notify_count--; >>> >>> + for_other_threads(tsk, t) { >>> + if (unlikely(t->ptrace) >>> + && (t != tsk->group_leader || !t->exit_state)) >>> + unsafe_execve_in_progress = true; >> >> you can add "break" into the "if ()" block... >> >> But this is minor. Why do we need "bool unsafe_execve_in_progress" ? >> If this patch is correct, de_thread() can drop/reacquire cred_guard_mutex >> unconditionally. >> >> If you really think it makes sense, please make another patch with the >> changelog. >> >> I'd certainly prefer to avoid this boolean at least for the start. If nothing >> else to catch the potential problems earlier. >> >>> + if (unlikely(unsafe_execve_in_progress)) { >>> + spin_unlock_irq(lock); >>> + sig->exec_bprm = bprm; >>> + mutex_unlock(&sig->cred_guard_mutex); >>> + spin_lock_irq(lock); >> >> I don't think spin_unlock_irq() + spin_lock_irq() makes any sense... >> >>> @@ -1114,13 +1139,31 @@ int begin_new_exec(struct linux_binprm * bprm) >>> */ >>> trace_sched_prepare_exec(current, bprm); >>> >>> + /* If the binary is not readable then enforce mm->dumpable=0 */ >>> + would_dump(bprm, bprm->file); >>> + if (bprm->have_execfd) >>> + would_dump(bprm, bprm->executable); >>> + >>> + /* >>> + * Figure out dumpability. Note that this checking only of current >>> + * is wrong, but userspace depends on it. This should be testing >>> + * bprm->secureexec instead. >>> + */ >>> + if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP || >>> + is_dumpability_changed(current_cred(), bprm->cred) || >>> + !(uid_eq(current_euid(), current_uid()) && >>> + gid_eq(current_egid(), current_gid()))) >>> + set_dumpable(bprm->mm, suid_dumpable); >>> + else >>> + set_dumpable(bprm->mm, SUID_DUMP_USER); >>> + >> >> OK, we need to do this before de_thread() drops cred_guard_mutex. >> But imo this too should be done in a separate patch, the changelog should >> explain this change. >> >>> @@ -1361,6 +1387,11 @@ static int prepare_bprm_creds(struct linux_binprm *bprm) >>> if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex)) >>> return -ERESTARTNOINTR; >>> >>> + if (unlikely(current->signal->exec_bprm)) { >>> + mutex_unlock(¤t->signal->cred_guard_mutex); >>> + return -ERESTARTNOINTR; >>> + } >> >> OK, if signal->exec_bprm != NULL, then current is already killed. But >> proc_pid_attr_write() and ptrace_traceme() do the same. So how about >> something like >> >> int lock_current_cgm(void) >> { >> if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex)) >> return -ERESTARTNOINTR; >> >> if (!current->signal->group_exec_task) >> return 0; >> >> WARN_ON(!fatal_signal_pending(current)); >> mutex_unlock(¤t->signal->cred_guard_mutex); >> return -ERESTARTNOINTR; >> } >> >> ? >> >> Note that it checks ->group_exec_task, not ->exec_bprm. So this change can >> come in a separate patch too, but I won't insist. >> >>> @@ -453,6 +454,28 @@ static int ptrace_attach(struct task_struct *task, long request, >>> return retval; >>> } >>> >>> + if (unlikely(task == task->signal->group_exec_task)) { >>> + retval = down_write_killable(&task->signal->exec_update_lock); >>> + if (retval) >>> + return retval; >>> + >>> + scoped_guard (task_lock, task) { >>> + struct linux_binprm *bprm = task->signal->exec_bprm; >>> + const struct cred __rcu *old_cred = task->real_cred; >>> + struct mm_struct *old_mm = task->mm; >>> + >>> + rcu_assign_pointer(task->real_cred, bprm->cred); >>> + task->mm = bprm->mm; >>> + retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS); >>> + rcu_assign_pointer(task->real_cred, old_cred); >>> + task->mm = old_mm; >>> + } >> >> This is the most problematic change which I can't review... >> >> Firstly, it changes task->mm/real_cred for __ptrace_may_access() and this >> looks dangerous to me. > > Yeah, that is not ok. This is effectively override_creds for real_cred > and that is not a pattern I want to see us establish at all! Temporary > credential overrides for the subjective credentials is already terrible > but at least we have the explicit split between real_cred and cred > expressely for that. So no, that's not an acceptable solution. > Well when this is absolutely not acceptable then I would have to change all security engines to be aware of the current and the new credentials. That may be as well be possible but would be a rather big change. Of course that was only meant as a big exception, and somehow safe as long as it is protected under the right mutexes: cred_guard_mutex, exec_update_lock and task_lock at least. >> >> Say, current_is_single_threaded() called by another CLONE_VM process can >> miss group_exec_task and falsely return true. Probably not that bad, in >> this case old_mm should go away soon, but still... >> >> And I don't know if this can fool the users of task_cred_xxx/__task_cred >> somehow. >> >> Or. check_unsafe_exec() sets LSM_UNSAFE_PTRACE if ptrace. Is it safe to >> ptrace the execing task after that? I have no idea what the security hooks >> can do... >> >> Again, can't review this part. >> Never mind, your review was really helpful. At the very least it pointed out some places where better comments are needed. Thanks Bernd. >> Oleg. >>