Re: [PATCH v2] proc: fix a race in do_io_accounting()

From: Andrew Morton
Date: Tue Jul 05 2011 - 17:13:30 EST


<wakes up>

On Tue, 5 Jul 2011 00:13:39 +0400
Vasiliy Kulikov <segoon@xxxxxxxxxxxx> wrote:

> There is a ptrace_may_access() check in do_io_accounting() to prevent
> gathering information of setuid'ed and similar binaries. However, there
> is a race against execve(). Holding task->signal->cred_guard_mutex
> while gathering the information should protect against the race.
>
> The order of locking is similar to the one inside of
> ptrace_attach(): first goes cred_guard_mutex, then lock_task_sighand().
>
> v2 - use mutex_lock_killable() instead of mutex_lock().
>
> Signed-off-by: Vasiliy Kulikov <segoon@xxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxx

If a patch is to be backported into -stable then its changelog had
better explain why such a thing is needed. This one doesn't.

Please provide a full description of the conseuqences of the bug. One
which will permit the -stable maintainers to understand why they're
merging the patch, and one which will help distribution maintainers
decide whether they want to merge it as well.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/