From patchwork Sun Mar  8 21:38:00 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Eric W. Biederman" <ebiederm@xmission.com>
X-Patchwork-Id: 11425855
Return-Path: <SRS0=ujO4=4Z=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7456F14E3
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Sun,  8 Mar 2020 21:40:21 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 3DED920684
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Sun,  8 Mar 2020 21:40:21 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3DED920684
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=xmission.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 7740C6B0003; Sun,  8 Mar 2020 17:40:20 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 725266B0006; Sun,  8 Mar 2020 17:40:20 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5EC256B0007; Sun,  8 Mar 2020 17:40:20 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0200.hostedemail.com
 [216.40.44.200])
	by kanga.kvack.org (Postfix) with ESMTP id 40DDD6B0003
	for <linux-mm@kvack.org>; Sun,  8 Mar 2020 17:40:20 -0400 (EDT)
Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id 2800C8248047
	for <linux-mm@kvack.org>; Sun,  8 Mar 2020 21:40:20 +0000 (UTC)
X-FDA: 76573513800.21.vest92_5a2d066315a01
X-Spam-Summary: 
 1,0,0,,d41d8cd98f00b204,ebiederm@xmission.com,,RULES_HIT:30012:30054:30055:30056:30070,0,RBL:166.70.13.231:@xmission.com:.lbl8.mailshell.net-62.18.0.75
 64.100.201.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not
 bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:1,LUA_SUMMARY:none
X-HE-Tag: vest92_5a2d066315a01
X-Filterd-Recvd-Size: 7816
Received: from out01.mta.xmission.com (out01.mta.xmission.com [166.70.13.231])
	by imf47.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Sun,  8 Mar 2020 21:40:19 +0000 (UTC)
Received: from in01.mta.xmission.com ([166.70.13.51])
	by out01.mta.xmission.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.90_1)
	(envelope-from <ebiederm@xmission.com>)
	id 1jB3ej-0002V8-HH; Sun, 08 Mar 2020 15:40:17 -0600
Received: from ip68-227-160-95.om.om.cox.net ([68.227.160.95]
 helo=x220.xmission.com)
	by in01.mta.xmission.com with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.87)
	(envelope-from <ebiederm@xmission.com>)
	id 1jB3ei-0001yk-Px; Sun, 08 Mar 2020 15:40:17 -0600
From: ebiederm@xmission.com (Eric W. Biederman)
To: Bernd Edlinger <bernd.edlinger@hotmail.de>
Cc: Christian Brauner <christian.brauner@ubuntu.com>,  Kees Cook
 <keescook@chromium.org>,  Jann Horn <jannh@google.com>,  Jonathan Corbet
 <corbet@lwn.net>,  Alexander Viro <viro@zeniv.linux.org.uk>,  Andrew
 Morton <akpm@linux-foundation.org>,  Alexey Dobriyan
 <adobriyan@gmail.com>,  Thomas Gleixner <tglx@linutronix.de>,  Oleg
 Nesterov <oleg@redhat.com>,  Frederic Weisbecker <frederic@kernel.org>,
  Andrei Vagin <avagin@gmail.com>,  Ingo Molnar <mingo@kernel.org>,  "Peter
 Zijlstra \(Intel\)" <peterz@infradead.org>,  Yuyang Du <duyuyang@gmail.com>,
  David Hildenbrand <david@redhat.com>,  Sebastian Andrzej Siewior
 <bigeasy@linutronix.de>,  Anshuman Khandual <anshuman.khandual@arm.com>,
  David Howells <dhowells@redhat.com>,  James Morris
 <jamorris@linux.microsoft.com>,  Greg Kroah-Hartman
 <gregkh@linuxfoundation.org>,  Shakeel Butt <shakeelb@google.com>,  Jason
 Gunthorpe <jgg@ziepe.ca>,  Christian Kellner <christian@kellner.me>,
  Andrea Arcangeli <aarcange@redhat.com>,  Aleksa Sarai
 <cyphar@cyphar.com>,  "Dmitry V. Levin" <ldv@altlinux.org>,
  "linux-doc\@vger.kernel.org" <linux-doc@vger.kernel.org>,
  "linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>,
  "linux-fsdevel\@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
  "linux-mm\@kvack.org" <linux-mm@kvack.org>,  "stable\@vger.kernel.org"
 <stable@vger.kernel.org>,  "linux-api\@vger.kernel.org"
 <linux-api@vger.kernel.org>
References: 
 <AM6PR03MB5170EB4427BF5C67EE98FF09E4E60@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<87k142lpfz.fsf@x220.int.ebiederm.org>
	<AM6PR03MB51704206634C009500A8080DE4E70@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<875zfmloir.fsf@x220.int.ebiederm.org>
	<AM6PR03MB51707ABF20B6CBBECC34865FE4E70@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<87v9nmjulm.fsf@x220.int.ebiederm.org>
	<AM6PR03MB5170B976E6387FDDAD59A118E4E70@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<202003021531.C77EF10@keescook>
	<20200303085802.eqn6jbhwxtmz4j2x@wittgenstein>
	<AM6PR03MB5170285B336790D3450E2644E4E40@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<87v9nlii0b.fsf@x220.int.ebiederm.org>
	<AM6PR03MB5170609D44967E044FD1BE40E4E40@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<87a74xi4kz.fsf@x220.int.ebiederm.org>
	<AM6PR03MB51705AA3009B4986BB6EF92FE4E50@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<87r1y8dqqz.fsf@x220.int.ebiederm.org>
	<AM6PR03MB517053AED7DC89F7C0704B7DE4E50@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<AM6PR03MB51703B44170EAB4626C9B2CAE4E20@AM6PR03MB5170.eurprd03.prod.outlook.com>
	<87tv32cxmf.fsf_-_@x220.int.ebiederm.org>
	<87v9ne5y4y.fsf_-_@x220.int.ebiederm.org>
Date: Sun, 08 Mar 2020 16:38:00 -0500
In-Reply-To: <87v9ne5y4y.fsf_-_@x220.int.ebiederm.org> (Eric W. Biederman's
	message of "Sun, 08 Mar 2020 16:34:37 -0500")
Message-ID: <875zfe5xzb.fsf_-_@x220.int.ebiederm.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
X-XM-SPF: 
 eid=1jB3ei-0001yk-Px;;;mid=<875zfe5xzb.fsf_-_@x220.int.ebiederm.org>;;;hst=in01.mta.xmission.com;;;ip=68.227.160.95;;;frm=ebiederm@xmission.com;;;spf=neutral
X-XM-AID: U2FsdGVkX19uDaHxN1o1BnoS4P9Gkr5iEXx0ynhPWgE=
X-SA-Exim-Connect-IP: 68.227.160.95
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa02.xmission.com
X-Spam-Level: 
X-Spam-Status: No, score=0.5 required=8.0 tests=ALL_TRUSTED,BAYES_50,
	DCC_CHECK_NEGATIVE,T_TooManySym_01,XMSubLong autolearn=disabled
	version=3.4.2
X-Spam-Virus: No
X-Spam-Report: 
	* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
	*  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
	*      [score: 0.4161]
	*  0.7 XMSubLong Long Subject
	* -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
	*      [sa02 1397; Body=1 Fuz1=1 Fuz2=1]
	*  0.0 T_TooManySym_01 4+ unique symbols in subject
X-Spam-DCC: XMission; sa02 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: ;Bernd Edlinger <bernd.edlinger@hotmail.de>
X-Spam-Relay-Country: 
X-Spam-Timing: total 279 ms - load_scoreonly_sql: 0.03 (0.0%),
	signal_user_changed: 2.6 (0.9%), b_tie_ro: 1.87 (0.7%), parse: 0.75
	(0.3%), extract_message_metadata: 8 (2.9%), get_uri_detail_list: 0.91
	(0.3%), tests_pri_-1000: 13 (4.5%), tests_pri_-950: 0.91 (0.3%),
	tests_pri_-900: 0.79 (0.3%), tests_pri_-90: 24 (8.5%), check_bayes: 23
	(8.1%), b_tokenize: 8 (2.9%), b_tok_get_all: 8 (2.8%), b_comp_prob:
	1.56 (0.6%), b_tok_touch_all: 3.8 (1.4%), b_finish: 0.53 (0.2%),
	tests_pri_0: 221 (79.2%), check_dkim_signature: 0.41 (0.1%),
	check_dkim_adsp: 2.3 (0.8%), poll_dns_idle: 0.94 (0.3%), tests_pri_10:
	1.64 (0.6%), tests_pri_500: 4.9 (1.8%), rewrite_mail: 0.00 (0.0%)
Subject: [PATCH v2 4/5] exec: Move exec_mmap right after de_thread in
 flush_old_exec
X-Spam-Flag: No
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

I have read through the code in exec_mmap and I do not see anything
that depends on sighand or the sighand lock, or on signals in anyway
so this should be safe.

This rearrangement of code has two siginficant benefits.  It makes
the determination of passing the point of no return by testing bprm->mm
accurate.  All failures prior to that point in flush_old_exec are
either truly recoverable or they are fatal.

Futher this consolidates all of the possible indefinite waits for
userspace together at the top of flush_old_exec.  The possible wait
for a ptracer on PTRACE_EVENT_EXIT, the possible wait for a page fault
to be resolved in clear_child_tid, and the possible wait for a page
fault in exit_robust_list.

This consolidation allows the creation of a mutex to replace
cred_guard_mutex that is not held of possible indefinite userspace
waits.  Which will allow removing deadlock scenarios from the kernel.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
 fs/exec.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/fs/exec.c b/fs/exec.c
index 215d86f77b63..d820a7272a76 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1272,18 +1272,6 @@ int flush_old_exec(struct linux_binprm * bprm)
 	if (retval)
 		goto out;
 
-#ifdef CONFIG_POSIX_TIMERS
-	exit_itimers(me->signal);
-	flush_itimer_signals();
-#endif
-
-	/*
-	 * Make the signal table private.
-	 */
-	retval = unshare_sighand(me);
-	if (retval)
-		goto out;
-
 	/*
 	 * Must be called _before_ exec_mmap() as bprm->mm is
 	 * not visibile until then. This also enables the update
@@ -1307,6 +1295,18 @@ int flush_old_exec(struct linux_binprm * bprm)
 	 */
 	bprm->mm = NULL;
 
+#ifdef CONFIG_POSIX_TIMERS
+	exit_itimers(me->signal);
+	flush_itimer_signals();
+#endif
+
+	/*
+	 * Make the signal table private.
+	 */
+	retval = unshare_sighand(me);
+	if (retval)
+		goto out;
+
 	set_fs(USER_DS);
 	me->flags &= ~(PF_RANDOMIZE | PF_FORKNOEXEC | PF_KTHREAD |
 					PF_NOFREEZE | PF_NO_SETAFFINITY);