From dave at stgolabs.net Wed Feb 25 04:42:46 2015 From: dave at stgolabs.net (Davidlohr Bueso) Date: Tue, 24 Feb 2015 11:42:46 -0800 Subject: [tomoyo-dev-en 373] [PATCH v3 3/3] tomoyo: reduce mmap_sem hold for mm->exe_file In-Reply-To: <201502242035.GCI75431.LHQFOOJMFVSFtO@I-love.SAKURA.ne.jp> References: <1424324307.18191.5.camel@stgolabs.net> <201502192007.AFI30725.tHFFOOMVFOQSLJ@I-love.SAKURA.ne.jp> <1424370153.18191.12.camel@stgolabs.net> <201502200711.EIH87066.HSOJLFFOtFVOQM@I-love.SAKURA.ne.jp> <1424449696.2317.0.camel@stgolabs.net> <201502242035.GCI75431.LHQFOOJMFVSFtO@I-love.SAKURA.ne.jp> Message-ID: <1424806966.6539.84.camel@stgolabs.net> The mm->exe_file is currently serialized with mmap_sem (shared) in order to both safely (1) read the file and (2) compute the realpath by calling tomoyo_realpath_from_path, making it an absolute overkill. Good users will, on the other hand, make use of the more standard get_mm_exe_file(), requiring only holding the mmap_sem to read the value, and relying on reference Signed-off-by: Davidlohr Bueso --- Changes from v2: remove cleanups and cp initialization. security/tomoyo/util.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 2952ba5..29f3b65 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -948,16 +948,19 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, */ const char *tomoyo_get_exe(void) { - struct mm_struct *mm = current->mm; - const char *cp = NULL; + struct file *exe_file; + const char *cp; + struct mm_struct *mm = current->mm; - if (!mm) - return NULL; - down_read(&mm->mmap_sem); - if (mm->exe_file) - cp = tomoyo_realpath_from_path(&mm->exe_file->f_path); - up_read(&mm->mmap_sem); - return cp; + if (!mm) + return NULL; + exe_file = get_mm_exe_file(mm); + if (!exe_file) + return NULL; + + cp = tomoyo_realpath_from_path(&exe_file->f_path); + fput(exe_file); + return cp; } /** -- 2.1.4 From penguin-kernel at I-love.SAKURA.ne.jp Wed Feb 25 20:40:07 2015 From: penguin-kernel at I-love.SAKURA.ne.jp (Tetsuo Handa) Date: Wed, 25 Feb 2015 20:40:07 +0900 Subject: [tomoyo-dev-en 374] Re: [PATCH v3 3/3] tomoyo: reduce mmap_sem hold for mm->exe_file In-Reply-To: <1424806966.6539.84.camel@stgolabs.net> References: <1424370153.18191.12.camel@stgolabs.net> <201502200711.EIH87066.HSOJLFFOtFVOQM@I-love.SAKURA.ne.jp> <1424449696.2317.0.camel@stgolabs.net> <201502242035.GCI75431.LHQFOOJMFVSFtO@I-love.SAKURA.ne.jp> <1424806966.6539.84.camel@stgolabs.net> Message-ID: <201502252040.IHB78651.OQFSLtFFHOOJMV@I-love.SAKURA.ne.jp> Davidlohr Bueso wrote: > The mm->exe_file is currently serialized with mmap_sem (shared) in order > to both safely (1) read the file and (2) compute the realpath by calling > tomoyo_realpath_from_path, making it an absolute overkill. Good users will, > on the other hand, make use of the more standard get_mm_exe_file(), requiring > only holding the mmap_sem to read the value, and relying on reference > > Signed-off-by: Davidlohr Bueso Acked-by: Tetsuo Handa James, will you apply to linux-security.git#next ? I'm not using publicly accessible git tree for sending pull requests. > --- > > Changes from v2: remove cleanups and cp initialization. > > security/tomoyo/util.c | 21 ++++++++++++--------- > 1 file changed, 12 insertions(+), 9 deletions(-) > > diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c > index 2952ba5..29f3b65 100644 > --- a/security/tomoyo/util.c > +++ b/security/tomoyo/util.c > @@ -948,16 +948,19 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, > */ > const char *tomoyo_get_exe(void) > { > - struct mm_struct *mm = current->mm; > - const char *cp = NULL; > + struct file *exe_file; > + const char *cp; > + struct mm_struct *mm = current->mm; > > - if (!mm) > - return NULL; > - down_read(&mm->mmap_sem); > - if (mm->exe_file) > - cp = tomoyo_realpath_from_path(&mm->exe_file->f_path); > - up_read(&mm->mmap_sem); > - return cp; > + if (!mm) > + return NULL; > + exe_file = get_mm_exe_file(mm); > + if (!exe_file) > + return NULL; > + > + cp = tomoyo_realpath_from_path(&exe_file->f_path); > + fput(exe_file); > + return cp; > } > > /** > -- > 2.1.4 > From dave.bueso at gmail.com Thu Feb 26 02:39:08 2015 From: dave.bueso at gmail.com (Davidlohr Bueso) Date: Wed, 25 Feb 2015 09:39:08 -0800 Subject: [tomoyo-dev-en 375] Re: [PATCH v3 3/3] tomoyo: reduce mmap_sem hold for mm->exe_file In-Reply-To: <201502252040.IHB78651.OQFSLtFFHOOJMV@I-love.SAKURA.ne.jp> References: <1424370153.18191.12.camel@stgolabs.net> <201502200711.EIH87066.HSOJLFFOtFVOQM@I-love.SAKURA.ne.jp> <1424449696.2317.0.camel@stgolabs.net> <201502242035.GCI75431.LHQFOOJMFVSFtO@I-love.SAKURA.ne.jp> <1424806966.6539.84.camel@stgolabs.net> <201502252040.IHB78651.OQFSLtFFHOOJMV@I-love.SAKURA.ne.jp> Message-ID: <1424885948.9419.2.camel@stgolabs.net> On Wed, 2015-02-25 at 20:40 +0900, Tetsuo Handa wrote: > Davidlohr Bueso wrote: > > The mm->exe_file is currently serialized with mmap_sem (shared) in order > > to both safely (1) read the file and (2) compute the realpath by calling > > tomoyo_realpath_from_path, making it an absolute overkill. Good users will, > > on the other hand, make use of the more standard get_mm_exe_file(), requiring > > only holding the mmap_sem to read the value, and relying on reference > > > > Signed-off-by: Davidlohr Bueso > > Acked-by: Tetsuo Handa > > James, will you apply to linux-security.git#next ? > I'm not using publicly accessible git tree for sending pull requests. I'm actually trying to route these through Andrew. Because there will be lock conversions, I'm afraid that if such patches are merged in different order to Linus' tree, it will break bisectibility as you'd have races. Thanks, Davidlohr