linux-hardened/fs
Oleg Nesterov e56fb28740 exec: do not abuse ->cred_guard_mutex in threadgroup_lock()
threadgroup_lock() takes signal->cred_guard_mutex to ensure that
thread_group_leader() is stable.  This doesn't look nice, the scope of
this lock in do_execve() is huge.

And as Dave pointed out this can lead to deadlock, we have the
following dependencies:

	do_execve:		cred_guard_mutex -> i_mutex
	cgroup_mount:		i_mutex -> cgroup_mutex
	attach_task_by_pid:	cgroup_mutex -> cred_guard_mutex

Change de_thread() to take threadgroup_change_begin() around the
switch-the-leader code and change threadgroup_lock() to avoid
->cred_guard_mutex.

Note that de_thread() can't sleep with ->group_rwsem held, this can
obviously deadlock with the exiting leader if the writer is active, so it
does threadgroup_change_end() before schedule().

Reported-by: Dave Jones <davej@redhat.com>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Li Zefan <lizefan@huawei.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-04-30 17:04:07 -07:00
..
9p fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
adfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
affs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
afs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
autofs4 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
befs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-04-30 09:36:50 -07:00
bfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
btrfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2013-04-14 10:52:54 -07:00
cachefiles FS-Cache: Mark cancellation of in-progress operation 2012-12-20 22:34:00 +00:00
ceph fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
cifs cifs: Allow passwords which begin with a delimitor 2013-04-10 15:54:14 -05:00
coda fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
configfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
cramfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
debugfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
devpts fs: Limit sys_mount to only request filesystem modules (Part 2). 2013-03-07 01:08:55 -08:00
dlm hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ecryptfs ecryptfs: close rmmod race 2013-04-09 14:08:16 -04:00
efs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
exofs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
exportfs hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ext2 ext2: Fix BUG_ON in evict() on inode deletion 2013-03-13 15:23:44 +01:00
ext3 mm: make snapshotting pages for stable writes a per-bio operation 2013-04-29 15:54:33 -07:00
ext4 ext4: fix big-endian bugs which could cause fs corruptions 2013-04-03 12:37:17 -04:00
f2fs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-04-30 09:36:50 -07:00
fat fat (exportfs): rebuild directory-inode if fat_dget() 2013-04-29 18:28:41 -07:00
freevxfs fs: Readd the fs module aliases. 2013-03-12 18:55:21 -07:00
fscache fs/fscache/stats.c: fix memory leak 2013-04-29 15:54:27 -07:00
fuse fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
gfs2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-04-30 09:36:50 -07:00
hfs hfs/hfsplus: convert printks to pr_<level> 2013-04-30 17:04:05 -07:00
hfsplus hfsplus: remove duplicated message prefix in hfsplus_block_free() 2013-04-30 17:04:05 -07:00
hostfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2013-03-13 15:47:50 -07:00
hpfs fs: Limit sys_mount to only request filesystem modules. (Part 3) 2013-03-11 07:09:48 -07:00
hppfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
hugetlbfs hugetlbfs: stop setting VM_DONTDUMP in initializing vma(VM_HUGETLB) 2013-04-17 16:10:44 -07:00
isofs fs: Readd the fs module aliases. 2013-03-12 18:55:21 -07:00
jbd fs/buffer.c: remove unnecessary init operation after allocating buffer_head. 2013-04-29 15:54:39 -07:00
jbd2 fs/buffer.c: remove unnecessary init operation after allocating buffer_head. 2013-04-29 15:54:39 -07:00
jffs2 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
jfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
lockd Merge branch 'for-3.9' of git://linux-nfs.org/~bfields/linux 2013-02-28 18:02:55 -08:00
logfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
minix fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
ncpfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
nfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-04-30 09:36:50 -07:00
nfs_common nfs_common: Update the translation between nfsv3 acls linux posix acls 2013-02-13 06:15:14 -08:00
nfsd nfsd: convert nfs4_alloc_stid() to use idr_alloc_cyclic() 2013-04-29 18:28:41 -07:00
nilfs2 nilfs2: remove unneeded test in nilfs_writepage() 2013-04-30 17:04:05 -07:00
nls
notify inotify: invalid mask should return a error number but not set it 2013-04-30 17:04:00 -07:00
ntfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
ocfs2 ocfs2/dlm: remove redundant null pointer check 2013-04-29 15:54:27 -07:00
omfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
openpromfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
proc fs, proc: truncate /proc/pid/comm writes to first TASK_COMM_LEN bytes 2013-04-30 17:04:07 -07:00
pstore A few fixes to reduce places where pstore might hang 2013-02-21 09:38:18 -08:00
qnx4 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
qnx6 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
quota quota: add missing use of dq_data_lock in __dquot_initialize 2013-03-11 22:05:56 +01:00
ramfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
reiserfs reiserfs: Fix warning and inode leak when deleting inode with xattrs 2013-03-29 17:08:43 +01:00
romfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
squashfs fs: Limit sys_mount to only request filesystem modules. (Part 3) 2013-03-11 07:09:48 -07:00
sysfs sysfs: check if one entry has been removed before freeing 2013-04-05 15:35:52 -07:00
sysv fs: Readd the fs module aliases. 2013-03-12 18:55:21 -07:00
ubifs UBIFS: make space fixup work in the remount case 2013-03-14 11:20:22 +02:00
udf fs: Limit sys_mount to only request filesystem modules. (Part 3) 2013-03-11 07:09:48 -07:00
ufs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-04-30 09:36:50 -07:00
xfs - Fix for a potential infinite loop which was introduced in 4d559a3bcb 2013-03-19 15:17:40 -07:00
aio.c aio: fix possible invalid memory access when DEBUG is enabled 2013-04-26 07:56:18 -07:00
anon_inodes.c get_empty_filp()/alloc_file() leave both ->f_pos and ->f_version zero 2013-02-26 02:46:11 -05:00
attr.c
bad_inode.c lseek: the "whence" argument is called "whence" 2012-12-17 17:15:12 -08:00
binfmt_aout.c coredump: factor out the setting of PF_DUMPCORE 2013-04-30 17:04:06 -07:00
binfmt_elf.c coredump: factor out the setting of PF_DUMPCORE 2013-04-30 17:04:06 -07:00
binfmt_elf_fdpic.c coredump: factor out the setting of PF_DUMPCORE 2013-04-30 17:04:06 -07:00
binfmt_em86.c exec: use -ELOOP for max recursion depth 2012-12-17 17:15:23 -08:00
binfmt_flat.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
binfmt_misc.c binfmt_misc: reuse string_unescape_inplace() 2013-04-30 17:04:03 -07:00
binfmt_script.c exec: do not leave bprm->interp on stack 2012-12-20 17:40:19 -08:00
binfmt_som.c get rid of pt_regs argument of ->load_binary() 2012-11-28 21:53:38 -05:00
bio-integrity.c
bio.c Revert "block: add missing block_bio_complete() tracepoint" 2013-04-18 09:00:26 -07:00
block_dev.c fs/block_dev.c: no need to check inode->i_bdev in bd_forget() 2013-04-30 17:04:00 -07:00
buffer.c fs/buffer.c: remove unnecessary init operation after allocating buffer_head. 2013-04-29 15:54:39 -07:00
char_dev.c
compat.c Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys 2013-03-12 11:05:45 -07:00
compat_binfmt_elf.c
compat_ioctl.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
coredump.c coredump: change wait_for_dump_helpers() to use wait_event_interruptible() 2013-04-30 17:04:06 -07:00
coredump.h
dcache.c fs/dcache.c: add cond_resched() to shrink_dcache_parent() 2013-04-30 17:04:00 -07:00
dcookies.c
direct-io.c direct-io: submit bio after boundary buffer is added to it 2013-04-29 15:54:29 -07:00
drop_caches.c
eventfd.c fs, eventfd: add procfs fdinfo helper 2012-12-17 17:15:27 -08:00
eventpoll.c epoll: cleanup: use RCU_INIT_POINTER when nulling 2013-04-30 17:04:04 -07:00
exec.c exec: do not abuse ->cred_guard_mutex in threadgroup_lock() 2013-04-30 17:04:07 -07:00
fcntl.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
fhandle.c Merge branch 'for-3.8' of git://linux-nfs.org/~bfields/linux 2012-12-20 14:04:11 -08:00
fifo.c
file.c locking: Various static lock initializer fixes 2013-02-19 08:42:45 +01:00
file_table.c cache the value of file_inode() in struct file 2013-03-01 19:48:30 -05:00
filesystems.c fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
fs-writeback.c writeback: set worker desc to identify writeback workers in task dumps 2013-04-30 17:04:02 -07:00
fs_struct.c constify path_get/path_put and fs_struct.c stuff 2013-03-01 23:51:07 -05:00
generic_acl.c
inode.c vfs: Revert spurious fix to spinning prevention in prune_icache_sb 2013-04-13 16:13:55 -07:00
internal.h Don't bother with redoing rw_verify_area() from default_file_splice_from() 2013-03-21 13:11:11 -04:00
ioctl.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
ioprio.c
Kconfig fuse: Move CUSE Kconfig entry from fs/Kconfig into fs/fuse/Kconfig 2013-01-17 13:08:45 +01:00
Kconfig.binfmt fs: make binfmt support for #! scripts modular and removable 2013-04-30 17:04:04 -07:00
libfs.c vfs: drop vmtruncate 2012-12-20 18:46:29 -05:00
locks.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
Makefile fs: make binfmt support for #! scripts modular and removable 2013-04-30 17:04:04 -07:00
mbcache.c
mount.h
mpage.c
namei.c vfs: don't BUG_ON() if following a /proc fd pseudo-symlink results in a symlink 2013-03-08 09:03:07 -08:00
namespace.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-04-09 12:22:49 -07:00
no-block.c
open.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-03-03 13:23:03 -08:00
pipe.c vfs: fix pipe counter breakage 2013-03-12 08:29:17 -07:00
pnode.c vfs: Carefully propogate mounts across user namespaces 2013-03-27 07:50:05 -07:00
pnode.h vfs: Carefully propogate mounts across user namespaces 2013-03-27 07:50:05 -07:00
posix_acl.c
proc_namespace.c
read_write.c fs/read_write.c: fix generic_file_llseek() comment 2013-04-29 15:54:28 -07:00
read_write.h
readdir.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
select.c sched/rt: Move rt specific bits into new header file 2013-02-07 20:51:08 +01:00
seq_file.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-03-03 13:23:03 -08:00
signalfd.c fs, epoll: add procfs fdinfo helper 2012-12-17 17:15:27 -08:00
splice.c Don't bother with redoing rw_verify_area() from default_file_splice_from() 2013-03-21 13:11:11 -04:00
stack.c
stat.c switch vfs_getattr() to struct path 2013-02-26 02:46:08 -05:00
statfs.c vfs: fix user_statfs to retry once on ESTALE errors 2012-12-20 18:50:07 -05:00
super.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
sync.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
timerfd.c compat: restore timerfd settime and gettime compat syscalls 2013-03-02 09:35:13 -05:00
utimes.c vfs: allow utimensat() calls to retry once on an ESTALE error 2012-12-20 18:50:08 -05:00
xattr.c vfs: make lremovexattr retry once on ESTALE error 2012-12-20 18:50:11 -05:00
xattr_acl.c