From patchwork Wed May 11 00:23:04 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Stultz X-Patchwork-Id: 1442 Return-Path: Delivered-To: unknown Received: from imap.gmail.com (74.125.159.109) by localhost6.localdomain6 with IMAP4-SSL; 08 Jun 2011 14:52:00 -0000 Delivered-To: patches@linaro.org Received: by 10.224.61.3 with SMTP id r3cs39585qah; Tue, 10 May 2011 17:23:12 -0700 (PDT) Received: by 10.151.102.8 with SMTP id e8mr4089581ybm.282.1305073391602; Tue, 10 May 2011 17:23:11 -0700 (PDT) Received: from e1.ny.us.ibm.com (e1.ny.us.ibm.com [32.97.182.141]) by mx.google.com with ESMTPS id v35si20423082yba.98.2011.05.10.17.23.11 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 10 May 2011 17:23:11 -0700 (PDT) Received-SPF: pass (google.com: domain of jstultz@us.ibm.com designates 32.97.182.141 as permitted sender) client-ip=32.97.182.141; Authentication-Results: mx.google.com; spf=pass (google.com: domain of jstultz@us.ibm.com designates 32.97.182.141 as permitted sender) smtp.mail=jstultz@us.ibm.com Received: from d01relay01.pok.ibm.com (d01relay01.pok.ibm.com [9.56.227.233]) by e1.ny.us.ibm.com (8.14.4/8.13.1) with ESMTP id p4B0C7I4012544; Tue, 10 May 2011 20:12:07 -0400 Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217]) by d01relay01.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p4B0NAWu098972; Tue, 10 May 2011 20:23:10 -0400 Received: from d01av03.pok.ibm.com (loopback [127.0.0.1]) by d01av03.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p4AKMwfD016502; Tue, 10 May 2011 17:22:58 -0300 Received: from kernel.beaverton.ibm.com (kernel.beaverton.ibm.com [9.47.67.96]) by d01av03.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id p4AKMwa8016484; Tue, 10 May 2011 17:22:58 -0300 Received: by kernel.beaverton.ibm.com (Postfix, from userid 1056) id EDBA81E750D; Tue, 10 May 2011 17:23:08 -0700 (PDT) From: John Stultz To: LKML Cc: John Stultz , "Ted Ts'o" , KOSAKI Motohiro , David Rientjes , Dave Hansen , Andrew Morton , linux-mm@kvack.org Subject: [PATCH 1/3] comm: Introduce comm_lock seqlock to protect task->comm access Date: Tue, 10 May 2011 17:23:04 -0700 Message-Id: <1305073386-4810-2-git-send-email-john.stultz@linaro.org> X-Mailer: git-send-email 1.7.3.2.146.gca209 In-Reply-To: <1305073386-4810-1-git-send-email-john.stultz@linaro.org> References: <1305073386-4810-1-git-send-email-john.stultz@linaro.org> The implicit rules for current->comm access being safe without locking are no longer true. Accessing current->comm without holding the task lock may result in null or incomplete strings (however, access won't run off the end of the string). In order to properly fix this, I've introduced a comm_lock seqlock which will protect comm access and modified get_task_comm() and set_task_comm() to use it. Since there are a number of cases where comm access is open-coded safely grabbing the task_lock(), we preserve the task locking in set_task_comm, so those users are also safe. With this patch, users that access current->comm without a lock are still prone to null/incomplete comm strings, but it should be no worse then it is now. The next step is to go through and convert all comm accesses to use get_task_comm(). This is substantial, but can be done bit by bit, reducing the race windows with each patch. CC: Ted Ts'o CC: KOSAKI Motohiro CC: David Rientjes CC: Dave Hansen CC: Andrew Morton CC: linux-mm@kvack.org Signed-off-by: John Stultz --- fs/exec.c | 25 ++++++++++++++++++++----- include/linux/init_task.h | 1 + include/linux/sched.h | 5 ++--- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 5e62d26..fcd056a 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -998,18 +998,32 @@ static void flush_old_files(struct files_struct * files) char *get_task_comm(char *buf, struct task_struct *tsk) { - /* buf must be at least sizeof(tsk->comm) in size */ - task_lock(tsk); - strncpy(buf, tsk->comm, sizeof(tsk->comm)); - task_unlock(tsk); + unsigned long seq; + + do { + seq = read_seqbegin(&tsk->comm_lock); + + strncpy(buf, tsk->comm, sizeof(tsk->comm)); + + } while (read_seqretry(&tsk->comm_lock, seq)); + return buf; } void set_task_comm(struct task_struct *tsk, char *buf) { - task_lock(tsk); + unsigned long flags; /* + * XXX - Even though comm is protected by comm_lock, + * we take the task_lock here to serialize against + * current users that directly access comm. + * Once those users are removed, we can drop the + * task locking & memsetting. + */ + task_lock(tsk); + write_seqlock_irqsave(&tsk->comm_lock, flags); + /* * Threads may access current->comm without holding * the task lock, so write the string carefully. * Readers without a lock may see incomplete new @@ -1018,6 +1032,7 @@ void set_task_comm(struct task_struct *tsk, char *buf) memset(tsk->comm, 0, TASK_COMM_LEN); wmb(); strlcpy(tsk->comm, buf, sizeof(tsk->comm)); + write_sequnlock_irqrestore(&tsk->comm_lock, flags); task_unlock(tsk); perf_event_comm(tsk); } diff --git a/include/linux/init_task.h b/include/linux/init_task.h index caa151f..b4f7584 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h @@ -161,6 +161,7 @@ extern struct cred init_cred; .group_leader = &tsk, \ RCU_INIT_POINTER(.real_cred, &init_cred), \ RCU_INIT_POINTER(.cred, &init_cred), \ + .comm_lock = SEQLOCK_UNLOCKED, \ .comm = "swapper", \ .thread = INIT_THREAD, \ .fs = &init_fs, \ diff --git a/include/linux/sched.h b/include/linux/sched.h index 18d63ce..f9324e4 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1333,10 +1333,9 @@ struct task_struct { const struct cred __rcu *cred; /* effective (overridable) subjective task * credentials (COW) */ struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */ - + seqlock_t comm_lock; /* protect's comm */ char comm[TASK_COMM_LEN]; /* executable name excluding path - - access with [gs]et_task_comm (which lock - it with task_lock()) + - access with [gs]et_task_comm - initialized normally by setup_new_exec */ /* file system info */ int link_count, total_link_count;