[RFC PATCH 2/2] security/brute.c: Protect the stats pointer

Valdis Kl=?utf-8?Q?=c4=93?=tnieks valdis.kletnieks at vt.edu
Tue Dec 8 09:42:59 EST 2020


On Tue, 08 Dec 2020 11:35:57 +0100, John Wood said:
> I think the stats pointer present in the task_struct's security blob
> needs to be protected against concurrency for the following reasons.
>
> 1.- The same process forking at the same time in two different CPUs.
> 2.- The same process execve() at the same time in two different CPUs.

OK, I'll bite.  How would these two cases even happen?

(Note that you could conceivably issue the fork()/exeve() on one CPU, run
kernel code for a bit and then get rescheduled onto a different CPU to complete
the syscall, but that's a different cache coherency can-o-worms :)

(Your case 3 of a fork/exec while you traverse is an actual issue.  Note that
you missed one case - where the process evaporates for some reason while you do
the traverse and you're left with a stale pointer...)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20201208/f2e5494f/attachment-0001.sig>


More information about the Kernelnewbies mailing list