Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-04 Thread Oleg Nesterov
On 03/03, Eric W. Biederman wrote: > > Oleg Nesterov writes: > > >> @@ -699,8 +701,6 @@ static void exit_notify(struct task_struct *tsk, int > >> group_dead) > >>} > >> > >>tsk->exit_state = autoreap ? EXIT_DEAD : EXIT_ZOMBIE; > >> - if (tsk->exit_state == EXIT_DEAD) >

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-04 Thread Oleg Nesterov
On 03/03, Eric W. Biederman wrote: > > Oleg Nesterov writes: > > >> @@ -699,8 +701,6 @@ static void exit_notify(struct task_struct *tsk, int > >> group_dead) > >>} > >> > >>tsk->exit_state = autoreap ? EXIT_DEAD : EXIT_ZOMBIE; > >> - if (tsk->exit_state == EXIT_DEAD) > >> -

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-03 Thread Eric W. Biederman
ebied...@xmission.com (Eric W. Biederman) writes: > The big lesson for me, and what was not obvious from your change > description is that we are changing the user space visible semantics > of exec+ptrace and that cred_guard_mutex is not at all the problem (as > we always take cred_guard_mutex in

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-03 Thread Eric W. Biederman
ebied...@xmission.com (Eric W. Biederman) writes: > The big lesson for me, and what was not obvious from your change > description is that we are changing the user space visible semantics > of exec+ptrace and that cred_guard_mutex is not at all the problem (as > we always take cred_guard_mutex in

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-03 Thread Eric W. Biederman
ebied...@xmission.com (Eric W. Biederman) writes: > ebied...@xmission.com (Eric W. Biederman) writes: > >> The big lesson for me, and what was not obvious from your change >> description is that we are changing the user space visible semantics >> of exec+ptrace and that cred_guard_mutex is not at

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-03 Thread Eric W. Biederman
ebied...@xmission.com (Eric W. Biederman) writes: > ebied...@xmission.com (Eric W. Biederman) writes: > >> The big lesson for me, and what was not obvious from your change >> description is that we are changing the user space visible semantics >> of exec+ptrace and that cred_guard_mutex is not at

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-03 Thread Eric W. Biederman
Cc'd linux-api as we are talking about a deliberate user visible API change here. Oleg Nesterov writes: > On 03/02, Eric W. Biederman wrote: >> >> Oleg Nesterov writes: >> >> > our discussion was a bit confusing, and it seems that we did not >> > fully

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-03 Thread Eric W. Biederman
Cc'd linux-api as we are talking about a deliberate user visible API change here. Oleg Nesterov writes: > On 03/02, Eric W. Biederman wrote: >> >> Oleg Nesterov writes: >> >> > our discussion was a bit confusing, and it seems that we did not >> > fully convince each other. So let me ask what

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-03 Thread Oleg Nesterov
On 03/02, Eric W. Biederman wrote: > > Oleg Nesterov writes: > > > our discussion was a bit confusing, and it seems that we did not > > fully convince each other. So let me ask what do you finally think > > about this fix. > > > > Let me repeat. Even if I do not agree with some

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-03 Thread Oleg Nesterov
On 03/02, Eric W. Biederman wrote: > > Oleg Nesterov writes: > > > our discussion was a bit confusing, and it seems that we did not > > fully convince each other. So let me ask what do you finally think > > about this fix. > > > > Let me repeat. Even if I do not agree with some of your

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-02 Thread Eric W. Biederman
Oleg Nesterov writes: > Eric, > > our discussion was a bit confusing, and it seems that we did not > fully convince each other. So let me ask what do you finally think > about this fix. > > Let me repeat. Even if I do not agree with some of your objections, > I do agree that 1/2

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-03-02 Thread Eric W. Biederman
Oleg Nesterov writes: > Eric, > > our discussion was a bit confusing, and it seems that we did not > fully convince each other. So let me ask what do you finally think > about this fix. > > Let me repeat. Even if I do not agree with some of your objections, > I do agree that 1/2 does not look

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-02-24 Thread Oleg Nesterov
Eric, our discussion was a bit confusing, and it seems that we did not fully convince each other. So let me ask what do you finally think about this fix. Let me repeat. Even if I do not agree with some of your objections, I do agree that 1/2 does not look nice and clean. And we seem to agree

Re: [PATCH 0/2] fix the traced mt-exec deadlock

2017-02-24 Thread Oleg Nesterov
Eric, our discussion was a bit confusing, and it seems that we did not fully convince each other. So let me ask what do you finally think about this fix. Let me repeat. Even if I do not agree with some of your objections, I do agree that 1/2 does not look nice and clean. And we seem to agree

[PATCH 0/2] fix the traced mt-exec deadlock

2017-02-13 Thread Oleg Nesterov
Hello, Lets finally fix this problem, it was reported several times. I still think that in the longer term we should (try to) rework the security hooks and (partially) revert this change, but this is not trivial and we need something backportable anyway. Eric, Jann, we already discussed this

[PATCH 0/2] fix the traced mt-exec deadlock

2017-02-13 Thread Oleg Nesterov
Hello, Lets finally fix this problem, it was reported several times. I still think that in the longer term we should (try to) rework the security hooks and (partially) revert this change, but this is not trivial and we need something backportable anyway. Eric, Jann, we already discussed this