On Mon, Dec 7, 2020 at 1:10 AM Peter Zijlstra <pet...@infradead.org> wrote:
>
> > PeterZ, is there something I'm missing?
>
> Like this?
>
>
> https://lkml.kernel.org/r/20200828123720.gz1362...@hirez.programming.kicks-ass.net
Yes, except I think you should remove the old ptrace_may_access() check.
Because otherwise we'll just end up having KCSAN complain about the
unlocked optimistic accesses or something like that.
So do the perfmon_capable() check early - it doesn't need the
exec_update_mutex - and then just do the ptrace_may_access() one late.
I don't see any point at all in checking privileges twice, and I do
see real downsides. Not just that KCSAN issue, but also lack of
coverage (ie the second check will then effectively never be tested,
which is bad too).
Linus
