On Tue, Jul 28, 2015 at 2:35 PM, Andrew Morton <a...@linux-foundation.org> wrote: > On Tue, 28 Jul 2015 10:15:00 -0700 Kees Cook <keesc...@chromium.org> wrote: > >> From: Ricky Zhou <ric...@chromium.org> >> >> Checking mm_users > 1 does not mean a process is multithreaded. For >> example, reading /proc/PID/maps temporarily increments mm_users, allowing >> other processes to (accidentally) interfere with unshare() calls. >> >> This fixes observed failures of unshare(CLONE_NEWUSER) incorrectly >> returning EINVAL if another processes happened to be simultaneously >> reading the maps file. > > Yikes. current_is_single_threaded() is expensive. Are we sure this > isn't going to kill someone's workload?
It _can_ be expensive, but if mm->mm_users == 1 it immediately returns true, so it's only the cases where there is a race (like what's solved here), or when it's a legit failure. This doesn't feel to me like it should hit a real user very hard, since "real" callers of unshare will normally have mm_users == 1. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
