On 3/8/20 10:34 PM, Eric W. Biederman wrote:
Bernd, everyone
This is how I think the infrastructure change should look that makes way for fixing this issue.
- Cleanup and reorder the code so code that can potentially wait indefinitely for userspace comes at the beginning for flush_old_exec.
- Add a new mutex and take it after we have passed any potential indefinite waits for userspace.
Then I think it is just going through the existing users of cred_guard_mutex and fixing them to use the new one.
There really aren't that many users of cred_guard_mutex so we should be able to get through the easy ones fairly quickly. And anything that isn't easy we can wait until we have a good fix.
The users of cred_guard_mutex that I saw were: fs/proc/base.c: proc_pid_attr_write do_io_accounting proc_pid_stack proc_pid_syscall proc_pid_personality perf_event_open mm_access kcmp pidfd_fget seccomp_set_mode_filter
Bernd I think I have addressed the issues you pointed out in v1. Please let me know if you see anything else.
Yes, looks good, except some nits.
Thanks Bernd.