From patchwork Thu May 2 12:52:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michal_Koutn=C3=BD?= X-Patchwork-Id: 10926751 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 11B761395 for ; Thu, 2 May 2019 12:52:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0283F23B32 for ; Thu, 2 May 2019 12:52:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F019C237F1; Thu, 2 May 2019 12:52:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2D46723F88 for ; Thu, 2 May 2019 12:52:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9B0886B0006; Thu, 2 May 2019 08:52:17 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 964296B0007; Thu, 2 May 2019 08:52:17 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8772C6B0008; Thu, 2 May 2019 08:52:17 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by kanga.kvack.org (Postfix) with ESMTP id 3AD176B0007 for ; Thu, 2 May 2019 08:52:17 -0400 (EDT) Received: by mail-ed1-f69.google.com with SMTP id f41so1023852ede.1 for ; Thu, 02 May 2019 05:52:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=XPpRmWcxh5/v/JlGBq03jgBpgTH8A8imRmqfZ9DgEaA=; b=bPNtkZ40v0+sMU0l9D6z8Zh64Vjy9us3iKi1IAQ8A5pH1s29qys6QDLiMLShu7tLTF y2nkp52QaQgsg0Zq/sSN/ECj1eaF3aL2qm5uOIXGzRwvJbtx2TMXCqBEcubNiGmzpSyT RJQWwBfvlUNlrUd8o0+ydgzVG55wvEmEwEbD35W6/iOuegtqZsw+UVVFwK6ryuW1ZK12 mLK+/kR0QdvoLpzugtKtuCH7JB7+b7AYDdpEjILBiOUacLCSqR9vPKP1OE5a9xxqVXaU knkGok3X1fCrkXbM6xMPWRECls88dvK4aFJkoFamxbg8QUa9bd7zUZ7LEiG7mn4HOtk1 4+Dw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of mkoutny@suse.com designates 195.135.220.15 as permitted sender) smtp.mailfrom=mkoutny@suse.com X-Gm-Message-State: APjAAAWWKRQLcClhzVUA78A1+WiAEndVsE6ZwulNSzBzhmQ/Bs/7N2r7 erWIQ3VPT0FYywjT8r4ZpRKPPRCBYpgrRM+IQOic8xKOkr3GTVT/965V80VN4fnAsH4iYMWdaiP xpvxPH4SD0mkZ51KufTMvo4ybmhg8nZ/7GchLxzJdQwfmdvHtkLyJspq+QZg2xDnC3Q== X-Received: by 2002:a50:9d43:: with SMTP id j3mr1283779edk.59.1556801536740; Thu, 02 May 2019 05:52:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqxAAMOs25fpgjXGmKe/DvZ7j3W/qIVQgwyWFo8yvj6TZGjryyiaycI6VDOhSFrQA5/uvBB4 X-Received: by 2002:a50:9d43:: with SMTP id j3mr1283704edk.59.1556801535223; Thu, 02 May 2019 05:52:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556801535; cv=none; d=google.com; s=arc-20160816; b=lneKhw1HEp+2B+qVYWTv8fyF+bYzeT2M4VyJ1GFG/xDgAUE7GYuEeNYLI9HoqA6mWK WTYKbkg+ugR7vv7AnddIK1kdpm6Klyd27wswLmETgTwH75gYO6UPA+dW8dVkJuJ6g67d TjgFhvILN0/wnW3GI4CGj6Ckd//S2EtBXdpnEIzpHGLIG+xK4cdl+VX78JIxS8Z/+7d5 4olPjoeLt0jEwoQ7YVq9gadeqaTaRbu5FeXHhTg5++3d1vu1B1OSgIOHFt0Ixf5gLUTO RiyyI1fWjlBPcY6Zk6Uwbr47ce1wcUJrEDRIr4YFcq+zdD+3Ea2JNpcp7uaixFrryU5e ToIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=XPpRmWcxh5/v/JlGBq03jgBpgTH8A8imRmqfZ9DgEaA=; b=AhbwrPTAWDHDj8gCWLcX4jnrSFd6+4Z4nQ8ohunQmwSqXh0Bz5e+pYM8ULpsipzGBb EUx5jKTuZNtxUrFx0tjRBF52aJKEkMoD2KNLmDQi6tKX0cHc2UFWs+WJCxlYq/OClnyk G7adKm2pgsf8/sQlXtPuFBu13/i5AwpUT8qB+rmyps6LDjL03N9Q46V4k2gmosQhjDZy qpYYMWIjNVmknwIqu9gy55KMb2tUnZdChmMfyQgw4MBgUMV3SzZJcuVuerGPmyIcy5vN pCXI2GJW3T8hWSMi59BNcfwCdl1ax9xVdmgjwCTdLKe2QbRC/N3URT8w2jK54QvS3W07 XUww== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mkoutny@suse.com designates 195.135.220.15 as permitted sender) smtp.mailfrom=mkoutny@suse.com Received: from mx1.suse.de (mx2.suse.de. [195.135.220.15]) by mx.google.com with ESMTPS id e18si1898230edb.143.2019.05.02.05.52.15 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 May 2019 05:52:15 -0700 (PDT) Received-SPF: pass (google.com: domain of mkoutny@suse.com designates 195.135.220.15 as permitted sender) client-ip=195.135.220.15; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mkoutny@suse.com designates 195.135.220.15 as permitted sender) smtp.mailfrom=mkoutny@suse.com X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id BCDC9AE9D; Thu, 2 May 2019 12:52:14 +0000 (UTC) From: =?utf-8?q?Michal_Koutn=C3=BD?= To: gorcunov@gmail.com Cc: akpm@linux-foundation.org, arunks@codeaurora.org, brgl@bgdev.pl, geert+renesas@glider.be, ldufour@linux.ibm.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, mguzik@redhat.com, mhocko@kernel.org, mkoutny@suse.com, rppt@linux.ibm.com, vbabka@suse.cz, ktkhai@virtuozzo.com Subject: [PATCH v3 1/2] prctl_set_mm: Refactor checks from validate_prctl_map Date: Thu, 2 May 2019 14:52:02 +0200 Message-Id: <20190502125203.24014-2-mkoutny@suse.com> X-Mailer: git-send-email 2.16.4 In-Reply-To: <20190502125203.24014-1-mkoutny@suse.com> References: <0a48e0a2-a282-159e-a56e-201fbc0faa91@virtuozzo.com> <20190502125203.24014-1-mkoutny@suse.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Despite comment of validate_prctl_map claims there are no capability checks, it is not completely true since commit 4d28df6152aa ("prctl: Allow local CAP_SYS_ADMIN changing exe_file"). Extract the check out of the function and make the function perform purely arithmetic checks. This patch should not change any behavior, it is mere refactoring for following patch. v1, v2: --- v3: Remove unused mm variable from validate_prctl_map_addr CC: Kirill Tkhai CC: Cyrill Gorcunov Signed-off-by: Michal Koutný Reviewed-by: Kirill Tkhai Reviewed-by: Cyrill Gorcunov --- kernel/sys.c | 46 ++++++++++++++++++++-------------------------- 1 file changed, 20 insertions(+), 26 deletions(-) diff --git a/kernel/sys.c b/kernel/sys.c index 12df0e5434b8..5e0a5edf47f8 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1882,13 +1882,14 @@ static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd) } /* + * Check arithmetic relations of passed addresses. + * * WARNING: we don't require any capability here so be very careful * in what is allowed for modification from userspace. */ -static int validate_prctl_map(struct prctl_mm_map *prctl_map) +static int validate_prctl_map_addr(struct prctl_mm_map *prctl_map) { unsigned long mmap_max_addr = TASK_SIZE; - struct mm_struct *mm = current->mm; int error = -EINVAL, i; static const unsigned char offsets[] = { @@ -1949,24 +1950,6 @@ static int validate_prctl_map(struct prctl_mm_map *prctl_map) prctl_map->start_data)) goto out; - /* - * Someone is trying to cheat the auxv vector. - */ - if (prctl_map->auxv_size) { - if (!prctl_map->auxv || prctl_map->auxv_size > sizeof(mm->saved_auxv)) - goto out; - } - - /* - * Finally, make sure the caller has the rights to - * change /proc/pid/exe link: only local sys admin should - * be allowed to. - */ - if (prctl_map->exe_fd != (u32)-1) { - if (!ns_capable(current_user_ns(), CAP_SYS_ADMIN)) - goto out; - } - error = 0; out: return error; @@ -1993,11 +1976,17 @@ static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data if (copy_from_user(&prctl_map, addr, sizeof(prctl_map))) return -EFAULT; - error = validate_prctl_map(&prctl_map); + error = validate_prctl_map_addr(&prctl_map); if (error) return error; if (prctl_map.auxv_size) { + /* + * Someone is trying to cheat the auxv vector. + */ + if (!prctl_map.auxv || prctl_map.auxv_size > sizeof(mm->saved_auxv)) + return -EINVAL; + memset(user_auxv, 0, sizeof(user_auxv)); if (copy_from_user(user_auxv, (const void __user *)prctl_map.auxv, @@ -2010,6 +1999,14 @@ static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data } if (prctl_map.exe_fd != (u32)-1) { + /* + * Make sure the caller has the rights to + * change /proc/pid/exe link: only local sys admin should + * be allowed to. + */ + if (!ns_capable(current_user_ns(), CAP_SYS_ADMIN)) + return -EINVAL; + error = prctl_set_mm_exe_file(mm, prctl_map.exe_fd); if (error) return error; @@ -2097,7 +2094,7 @@ static int prctl_set_mm(int opt, unsigned long addr, unsigned long arg4, unsigned long arg5) { struct mm_struct *mm = current->mm; - struct prctl_mm_map prctl_map; + struct prctl_mm_map prctl_map = { .auxv = NULL, .auxv_size = 0, .exe_fd = -1 }; struct vm_area_struct *vma; int error; @@ -2139,9 +2136,6 @@ static int prctl_set_mm(int opt, unsigned long addr, prctl_map.arg_end = mm->arg_end; prctl_map.env_start = mm->env_start; prctl_map.env_end = mm->env_end; - prctl_map.auxv = NULL; - prctl_map.auxv_size = 0; - prctl_map.exe_fd = -1; switch (opt) { case PR_SET_MM_START_CODE: @@ -2181,7 +2175,7 @@ static int prctl_set_mm(int opt, unsigned long addr, goto out; } - error = validate_prctl_map(&prctl_map); + error = validate_prctl_map_addr(&prctl_map); if (error) goto out; From patchwork Thu May 2 12:52:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Michal_Koutn=C3=BD?= X-Patchwork-Id: 10926753 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 75DD213AD for ; Thu, 2 May 2019 12:52:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 65DE62237D for ; Thu, 2 May 2019 12:52:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6421E22A2A; Thu, 2 May 2019 12:52:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A0AA223A1 for ; Thu, 2 May 2019 12:52:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B5E526B0007; Thu, 2 May 2019 08:52:18 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id B369A6B0008; Thu, 2 May 2019 08:52:18 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9B02B6B000A; Thu, 2 May 2019 08:52:18 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by kanga.kvack.org (Postfix) with ESMTP id 4D14A6B0007 for ; Thu, 2 May 2019 08:52:18 -0400 (EDT) Received: by mail-ed1-f71.google.com with SMTP id e21so1000943edr.18 for ; Thu, 02 May 2019 05:52:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=05duYDah7+aoFQu7zJfyawnp25zSjdLxSn5XdE6yKZI=; b=Wd/Y4etaMQavtsQ8b9ebwMu1QkVns7eXmhlKmbqQr8nK+7QznoAO07i14Mm2QlUvlT Br2kQc49u0GJka+PtmNNtZqMwjUjF0UEy0PxF8nF81PstEC784zLDrWNTcpvr6irLtf6 D5pxwQ+1Rw/zYaVwlQm3ou6JZii6JuyEM8NyQ9bFTJdhAbomJy5nKHxtf33sEaMUZSv5 cUZ+qjpplZWF2UaL/dlhqkV5pYphYczVslu5T/iIPaP+aF0G/JZxs1IwpTM+BuFt+STy Q5XdQGMcmghEXIm+S92WDh7YcTizoa1On6EzxFFx0JrOiHy9Ar+wO7uANVxsoOR8Hd/n 2OOg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of mkoutny@suse.com designates 195.135.220.15 as permitted sender) smtp.mailfrom=mkoutny@suse.com X-Gm-Message-State: APjAAAUvp/wZQUmViwaaWUgu9/j6Y29Gw1Dgmy8ouXKFt2WTrDyKrw9C NxBXdvpoUDyMi/ri/MExmyLuGZ92Gx68fJh50EQ2V+a/Zud5GFSBHbl/SrGGIRP4yIfQ7cGM7oK Au5eNz0AScGxNiYEkhs3WtG39CDCZqGTw5MER/cBtQY/xqdnW3yimjvI9GNPANDkqGA== X-Received: by 2002:a17:906:7d43:: with SMTP id l3mr1745657ejp.81.1556801537853; Thu, 02 May 2019 05:52:17 -0700 (PDT) X-Google-Smtp-Source: APXvYqzpBFG/mYKFzmu0UL7CggvDzRKWmdMQWEum8Of4lT/24ReHJkczirA+ineyhJpb5SUDQ2V4 X-Received: by 2002:a17:906:7d43:: with SMTP id l3mr1745619ejp.81.1556801536966; Thu, 02 May 2019 05:52:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556801536; cv=none; d=google.com; s=arc-20160816; b=HdoCSEihYk+FQ5OsEi3ljJ9gcilRPzzSzPSFelMpZfN6WxftzV2qGwG9TxOClxTXup Lwo7cM8ARw9rWLxpfZ9kMzz76mUlJ0AShSHzQm0YNv4oVjjZNOxFDme3w2ghhT0imNaI LyroeLKaXpVWEqxHTb6Y2afDLNE1D5rdWbJTjVBYCDcG67PCne4+T5sfwXzKKhV+LzjX /bWTNuavYIvaGG5KnKfQidg5DTPRG+ZP635kjRmOfLVJH5nkUcD+iBVfrtvIQKMNAVlm pKSL1Kng9S6R496a9YQU6jPXpcvclX6eFMJXtWBjfJYm5CJBZhYhsFx2g9RpFqPLlnM6 Cvdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=05duYDah7+aoFQu7zJfyawnp25zSjdLxSn5XdE6yKZI=; b=dG9S4isLJeOJsVAprGCtu147Jh10DDNdsaPUNVJ84bT+QopEOl1NGqlIPGmfrBnnan Dh6etUeFubsqlU/krChbh41l9DHxSMoYnHIlbz8dk6g55kM3alCH/y8epo8Mr53px0bQ wkOwAgtmNkW/3PEBtFENvsraxvVHmcPTxCmdVkOl3yqD3+PEyi2/r6o9rSpX7TNfcPhY RPWKaZDWPzMFcnrHRsXXBe8DYUZCQ5M5lhtgkuq4YDyW7nzKBCVHi36Hzq5r6p56apwL BEpWjisWKLbvo0uhcCnbZfMKFh3CarWU+cZvUeGbw5Fq8t0A1uBc1XDv0MmcFtjWE/Kt yhUw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of mkoutny@suse.com designates 195.135.220.15 as permitted sender) smtp.mailfrom=mkoutny@suse.com Received: from mx1.suse.de (mx2.suse.de. [195.135.220.15]) by mx.google.com with ESMTPS id q6si4453525edg.394.2019.05.02.05.52.16 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 02 May 2019 05:52:16 -0700 (PDT) Received-SPF: pass (google.com: domain of mkoutny@suse.com designates 195.135.220.15 as permitted sender) client-ip=195.135.220.15; Authentication-Results: mx.google.com; spf=pass (google.com: domain of mkoutny@suse.com designates 195.135.220.15 as permitted sender) smtp.mailfrom=mkoutny@suse.com X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 916A7AEDB; Thu, 2 May 2019 12:52:16 +0000 (UTC) From: =?utf-8?q?Michal_Koutn=C3=BD?= To: gorcunov@gmail.com Cc: akpm@linux-foundation.org, arunks@codeaurora.org, brgl@bgdev.pl, geert+renesas@glider.be, ldufour@linux.ibm.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, mguzik@redhat.com, mhocko@kernel.org, mkoutny@suse.com, rppt@linux.ibm.com, vbabka@suse.cz, ktkhai@virtuozzo.com Subject: [PATCH v3 2/2] prctl_set_mm: downgrade mmap_sem to read lock Date: Thu, 2 May 2019 14:52:03 +0200 Message-Id: <20190502125203.24014-3-mkoutny@suse.com> X-Mailer: git-send-email 2.16.4 In-Reply-To: <20190502125203.24014-1-mkoutny@suse.com> References: <0a48e0a2-a282-159e-a56e-201fbc0faa91@virtuozzo.com> <20190502125203.24014-1-mkoutny@suse.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The commit a3b609ef9f8b ("proc read mm's {arg,env}_{start,end} with mmap semaphore taken.") added synchronization of reading argument/environment boundaries under mmap_sem. Later commit 88aa7cc688d4 ("mm: introduce arg_lock to protect arg_start|end and env_start|end in mm_struct") avoided the coarse use of mmap_sem in similar situations. But there still remained two places that (mis)use mmap_sem. get_cmdline should also use arg_lock instead of mmap_sem when it reads the boundaries. The second place that should use arg_lock is in prctl_set_mm. By protecting the boundaries fields with the arg_lock, we can downgrade mmap_sem to reader lock (analogous to what we already do in prctl_set_mm_map). v2: call find_vma without arg_lock held v3: squashed get_cmdline arg_lock patch Fixes: 88aa7cc688d4 ("mm: introduce arg_lock to protect arg_start|end and env_start|end in mm_struct") Cc: Yang Shi Cc: Mateusz Guzik CC: Cyrill Gorcunov Co-developed-by: Laurent Dufour Signed-off-by: Laurent Dufour Signed-off-by: Michal Koutný Reviewed-by: Cyrill Gorcunov Reviewed-by: Kirill Tkhai Acked-by: Michal Hocko --- kernel/sys.c | 10 ++++++++-- mm/util.c | 4 ++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/kernel/sys.c b/kernel/sys.c index 5e0a5edf47f8..14be57840511 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2122,9 +2122,14 @@ static int prctl_set_mm(int opt, unsigned long addr, error = -EINVAL; - down_write(&mm->mmap_sem); + /* + * arg_lock protects concurent updates of arg boundaries, we need mmap_sem for + * a) concurrent sys_brk, b) finding VMA for addr validation. + */ + down_read(&mm->mmap_sem); vma = find_vma(mm, addr); + spin_lock(&mm->arg_lock); prctl_map.start_code = mm->start_code; prctl_map.end_code = mm->end_code; prctl_map.start_data = mm->start_data; @@ -2212,7 +2217,8 @@ static int prctl_set_mm(int opt, unsigned long addr, error = 0; out: - up_write(&mm->mmap_sem); + spin_unlock(&mm->arg_lock); + up_read(&mm->mmap_sem); return error; } diff --git a/mm/util.c b/mm/util.c index 43a2984bccaa..5cf0e84a0823 100644 --- a/mm/util.c +++ b/mm/util.c @@ -758,12 +758,12 @@ int get_cmdline(struct task_struct *task, char *buffer, int buflen) if (!mm->arg_end) goto out_mm; /* Shh! No looking before we're done */ - down_read(&mm->mmap_sem); + spin_lock(&mm->arg_lock); arg_start = mm->arg_start; arg_end = mm->arg_end; env_start = mm->env_start; env_end = mm->env_end; - up_read(&mm->mmap_sem); + spin_unlock(&mm->arg_lock); len = arg_end - arg_start;