[PATCH -mm 1/2] rename is_single_threaded(task) to is_current_single_threaded(void)

(on top of rework-fix-is_single_threaded.patch)

- is_single_threaded(task) is not safe unless task == current,
  we can't use task->signal or task->mm.

- it doesn't make sense unless task == current, the task can
  fork right after the check.

Rename it to is_current_single_threaded() and kill the argument.

Signed-off-by: Oleg Nesterov <oleg@...>
---

 include/linux/sched.h        |    2 +-
 lib/is_single_threaded.c     |    3 ++-
 security/selinux/hooks.c     |    2 +-
 security/keys/process_keys.c |    2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

--- WAIT/include/linux/sched.h~ISS_1_RENAME 2009-07-01 20:20:57.000000000 +0200
+++ WAIT/include/linux/sched.h 2009-07-09 22:14:21.000000000 +0200
@@ -2055,7 +2055,7 @@ static inline unsigned long wait_task_in
 #define for_each_process(p) \
  for (p = &init_task ; (p = next_task(p)) != &init_task ; )
 
-extern bool is_single_threaded(struct task_struct *);
+extern bool is_current_single_threaded(void);
 
 /*
  * Careful: do_each_thread/while_each_thread is a double loop so
--- WAIT/lib/is_single_threaded.c~ISS_1_RENAME 2009-07-09 19:43:27.000000000 +0200
+++ WAIT/lib/is_single_threaded.c 2009-07-09 22:16:29.000000000 +0200
@@ -15,8 +15,9 @@
 /*
  * Returns true if the task does not share ->mm with another thread/process.
  */
-bool is_single_threaded(struct task_struct *task)
+bool is_current_single_threaded(void)
 {
+ struct task_struct *task = current;
  struct mm_struct *mm = task->mm;
  struct task_struct *p, *t;
  bool ret;
--- WAIT/security/selinux/hooks.c~ISS_1_RENAME 2009-07-03 11:15:08.000000000 +0200
+++ WAIT/security/selinux/hooks.c 2009-07-09 22:17:58.000000000 +0200
@@ -5182,7 +5182,7 @@ static int selinux_setprocattr(struct ta
 
  /* Only allow single threaded processes to change context */
  error = -EPERM;
- if (!is_single_threaded(p)) {
+ if (!is_current_single_threaded()) {
  error = security_bounded_transition(tsec->sid, sid);
  if (error)
  goto abort_change;
--- WAIT/security/keys/process_keys.c~ISS_1_RENAME 2009-04-06 00:03:42.000000000 +0200
+++ WAIT/security/keys/process_keys.c 2009-07-09 22:18:31.000000000 +0200
@@ -702,7 +702,7 @@ long join_session_keyring(const char *na
  /* only permit this if there's a single thread in the thread group -
  * this avoids us having to adjust the creds on all threads and risking
  * ENOMEM */
- if (!is_single_threaded(current))
+ if (!is_current_single_threaded())
  return -EMLINK;
 
  new = prepare_creds();

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

On Thu, 9 Jul 2009, Oleg Nesterov wrote:

Acked-by: James Morris <jmorris@...>

--
James Morris
<jmorris@...>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

On Thu, Jul 09, 2009 at 11:28:47PM +0200, Oleg Nesterov wrote:
> (on top of rework-fix-is_single_threaded.patch)
>
> - is_single_threaded(task) is not safe unless task == current,
>   we can't use task->signal or task->mm.
>
> - it doesn't make sense unless task == current, the task can
>   fork right after the check.
>
> Rename it to is_current_single_threaded() and kill the argument.

It would be more natural to put the current first, as in
current_is_single_threaded().  That would also fit with the various
other current_* helpers we have.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

On 07/09, Christoph Hellwig wrote:
Agreed, re-sending.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

(on top of rework-fix-is_single_threaded.patch)

- is_single_threaded(task) is not safe unless task == current,
  we can't use task->signal or task->mm.

- it doesn't make sense unless task == current, the task can
  fork right after the check.

Rename it to current_is_single_threaded() and kill the argument.

Signed-off-by: Oleg Nesterov <oleg@...>
Acked-by: James Morris <jmorris@...>
---

 include/linux/sched.h        |    2 +-
 lib/is_single_threaded.c     |    3 ++-
 security/selinux/hooks.c     |    2 +-
 security/keys/process_keys.c |    2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

--- WAIT/include/linux/sched.h~ISS_1_RENAME 2009-07-01 20:20:57.000000000 +0200
+++ WAIT/include/linux/sched.h 2009-07-09 22:14:21.000000000 +0200
@@ -2055,7 +2055,7 @@ static inline unsigned long wait_task_in
 #define for_each_process(p) \
  for (p = &init_task ; (p = next_task(p)) != &init_task ; )
 
-extern bool is_single_threaded(struct task_struct *);
+extern bool current_is_single_threaded(void);
 
 /*
  * Careful: do_each_thread/while_each_thread is a double loop so
--- WAIT/lib/is_single_threaded.c~ISS_1_RENAME 2009-07-09 19:43:27.000000000 +0200
+++ WAIT/lib/is_single_threaded.c 2009-07-09 22:16:29.000000000 +0200
@@ -15,8 +15,9 @@
 /*
  * Returns true if the task does not share ->mm with another thread/process.
  */
-bool is_single_threaded(struct task_struct *task)
+bool current_is_single_threaded(void)
 {
+ struct task_struct *task = current;
  struct mm_struct *mm = task->mm;
  struct task_struct *p, *t;
  bool ret;
--- WAIT/security/selinux/hooks.c~ISS_1_RENAME 2009-07-03 11:15:08.000000000 +0200
+++ WAIT/security/selinux/hooks.c 2009-07-09 22:17:58.000000000 +0200
@@ -5182,7 +5182,7 @@ static int selinux_setprocattr(struct ta
 
  /* Only allow single threaded processes to change context */
  error = -EPERM;
- if (!is_single_threaded(p)) {
+ if (!current_is_single_threaded()) {
  error = security_bounded_transition(tsec->sid, sid);
  if (error)
  goto abort_change;
--- WAIT/security/keys/process_keys.c~ISS_1_RENAME 2009-04-06 00:03:42.000000000 +0200
+++ WAIT/security/keys/process_keys.c 2009-07-09 22:18:31.000000000 +0200
@@ -702,7 +702,7 @@ long join_session_keyring(const char *na
  /* only permit this if there's a single thread in the thread group -
  * this avoids us having to adjust the creds on all threads and risking
  * ENOMEM */
- if (!is_single_threaded(current))
+ if (!current_is_single_threaded())
  return -EMLINK;
 
  new = prepare_creds();

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

current_is_single_threaded() can safely miss a freshly forked CLONE_VM
task, but in this case it must not miss its parent. That is why we take
mm->mmap_sem for writing to make sure a thread/task with the same ->mm
can't pass exit_mm() and disappear.

However we can avoid ->mmap_sem and rely on rcu/barriers:

        - if we do not see the exiting parent on thread/process list
          we see the result of list_del_rcu(), in this case we must
          also see the result of list_add_rcu() which does wmb().

        - if we do see the parent but its ->mm == NULL, we need rmb()
          to make sure we can't miss the child.

Signed-off-by: Oleg Nesterov <oleg@...>
---

 lib/is_single_threaded.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

--- WAIT/lib/is_single_threaded.c~ISS_2_RCU 2009-07-09 22:16:29.000000000 +0200
+++ WAIT/lib/is_single_threaded.c 2009-07-09 22:54:41.000000000 +0200
@@ -22,8 +22,6 @@ bool current_is_single_threaded(void)
  struct task_struct *p, *t;
  bool ret;
 
- might_sleep();
-
  if (atomic_read(&task->signal->live) != 1)
  return false;
 
@@ -31,7 +29,6 @@ bool current_is_single_threaded(void)
  return true;
 
  ret = false;
- down_write(&mm->mmap_sem);
  rcu_read_lock();
  for_each_process(p) {
  if (unlikely(p->flags & PF_KTHREAD))
@@ -45,12 +42,17 @@ bool current_is_single_threaded(void)
  goto found;
  if (likely(t->mm))
  break;
+ /*
+ * t->mm == NULL. Make sure next_thread/next_task
+ * will see other CLONE_VM tasks which might be
+ * forked before exiting.
+ */
+ smp_rmb();
  } while_each_thread(p, t);
  }
  ret = true;
 found:
  rcu_read_unlock();
- up_write(&mm->mmap_sem);
 
  return ret;
 }

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Oleg Nesterov <oleg@...> wrote:

Acked-by: David Howells <dhowells@...>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Oleg Nesterov <oleg@...> wrote:

Acked-by: David Howells <dhowells@...>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

On Fri, 10 Jul 2009, David Howells wrote:

I gather this stuff is going into -mm ?

Can it be merged via security-testing#next?

--
James Morris
<jmorris@...>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

On 07/13, James Morris wrote:
Yes, this is on top of rework-fix-is_single_threaded.patch

Given that David acked these changes, I guess they will go
to -mm soon.

> Can it be merged via security-testing#next?

Please do what you think right, I don't know what will be more
convenient to you and Andrew.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

On Tue, 14 Jul 2009, Oleg Nesterov wrote:

I've applied all three patches to

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

Oleg, please verify that they're the correct versions.


--
James Morris
<jmorris@...>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/