mm_for_maps: simplify, use ptrace_may_access() (13f0feaf) · Commits · 戴 / test

It would be nice to kill __ptrace_may_access(). It requires task_lock(), but this lock is only needed to read mm->flags in the middle. Convert mm_for_maps() to use ptrace_may_access(), this also simplifies the code a little bit. Also, we do not need to take ->mmap_sem in advance. In fact I think mm_for_maps() should not play with ->mmap_sem at all, the caller should take this lock. With or without this patch, without ->cred_guard_mutex held we can race with exec() and get the new ->mm but check old creds. Signed-off-by:

Oleg Nesterov <oleg@redhat.com> Reviewed-by:

Serge Hallyn <serue@us.ibm.com> Signed-off-by:

James Morris <jmorris@namei.org>

fs/proc/base.c

+11 −12

Original line number	Original line	Diff line number	Diff line
	@@ -237,21 +237,20 @@ struct mm_struct mm_for_maps(struct task_struct task)
	struct mm_struct *mm = get_task_mm(task);		struct mm_struct *mm = get_task_mm(task);
	if (!mm)		if (!mm)
	return NULL;		return NULL;
	down_read(&mm->mmap_sem);		if (mm != current->mm) {
	task_lock(task);		/*
	if (task->mm != mm)		* task->mm can be changed before security check,
	goto out;		* in that case we must notice the change after.
	if (task->mm != current->mm &&		*/
	__ptrace_may_access(task, PTRACE_MODE_READ) < 0)		if (!ptrace_may_access(task, PTRACE_MODE_READ) \|\|
	goto out;		mm != task->mm) {
	task_unlock(task);
	return mm;
	out:
	task_unlock(task);
	up_read(&mm->mmap_sem);
	mmput(mm);		mmput(mm);
	return NULL;		return NULL;
	}		}
			}
			down_read(&mm->mmap_sem);
			return mm;
			}

	static int proc_pid_cmdline(struct task_struct task, char buffer)		static int proc_pid_cmdline(struct task_struct task, char buffer)
	{		{

Admin message