This completes the new infrastructure patch, and replaces the cred_guard_mutex with an exec_guard_mutex, and a boolean, that is set, when a dead-lock situation is detected.
I also change ptrace_traceme to use the new mutex, but I consider it a bug, that it didn't take any mutex previously since it calls security_ptrace_traceme, and all the security modules operate under the assumption that execve is not operating in parallel.
This patch fixes the test case tools/testing/selftests/ptrace/vmaccess:
[==========] Running 2 tests from 1 test cases. [ RUN ] global.vmaccess [ OK ] global.vmaccess [ RUN ] global.attach [ OK ] global.attach <= this was still failing [==========] 2 / 2 tests passed. [ PASSED ]
Yes, it is an API change, but only in some very special case, so I would exepect this to be un-noticeable to user space applications.
Bernd Edlinger (2): exec: Fix dead-lock in de_thread with ptrace_attach doc: Update documentation of ->exec_*_mutex
Documentation/security/credentials.rst | 29 +++++++++++++++------- fs/exec.c | 44 +++++++++++++++++++++++++++------- fs/proc/base.c | 13 ++++++---- include/linux/sched/signal.h | 14 +++++++---- init/init_task.c | 2 +- kernel/cred.c | 2 +- kernel/fork.c | 2 +- kernel/ptrace.c | 20 +++++++++++++--- kernel/seccomp.c | 15 +++++++----- 9 files changed, 102 insertions(+), 39 deletions(-)