Patchwork [3.5.y.z,extended,stable] Patch "perf: Disable monitoring on setuid processes for regular" has been added to staging queue

login
register
mail settings
Submitter Luis Henriques
Date July 1, 2013, 10 a.m.
Message ID <1372672832-15065-1-git-send-email-luis.henriques@canonical.com>
Download mbox | patch
Permalink /patch/256048/
State New
Headers show

Comments

Luis Henriques - July 1, 2013, 10 a.m.
This is a note to let you know that I have just added a patch titled

    perf: Disable monitoring on setuid processes for regular

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

From 6d708055e75fa8fb7f14183140349e6a74976852 Mon Sep 17 00:00:00 2001
From: Stephane Eranian <eranian@google.com>
Date: Thu, 20 Jun 2013 11:36:28 +0200
Subject: [PATCH] perf: Disable monitoring on setuid processes for regular
 users

commit 2976b10f05bd7f6dab9f9e7524451ddfed656a89 upstream.

There was a a bug in setup_new_exec(), whereby
the test to disabled perf monitoring was not
correct because the new credentials for the
process were not yet committed and therefore
the get_dumpable() test was never firing.

The patch fixes the problem by moving the
perf_event test until after the credentials
are committed.

Signed-off-by: Stephane Eranian <eranian@google.com>
Tested-by: Jiri Olsa <jolsa@redhat.com>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 fs/exec.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

--
1.8.1.2

Patch

diff --git a/fs/exec.c b/fs/exec.c
index 5a76464..832763a 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1162,13 +1162,6 @@  void setup_new_exec(struct linux_binprm * bprm)
 			set_dumpable(current->mm, suid_dumpable);
 	}

-	/*
-	 * Flush performance counters when crossing a
-	 * security domain:
-	 */
-	if (!get_dumpable(current->mm))
-		perf_event_exit_task(current);
-
 	/* An exec changes our domain. We are no longer part of the thread
 	   group */

@@ -1232,6 +1225,15 @@  void install_exec_creds(struct linux_binprm *bprm)

 	commit_creds(bprm->cred);
 	bprm->cred = NULL;
+
+	/*
+	 * Disable monitoring for regular users
+	 * when executing setuid binaries. Must
+	 * wait until new credentials are committed
+	 * by commit_creds() above
+	 */
+	if (get_dumpable(current->mm) != SUID_DUMP_USER)
+		perf_event_exit_task(current);
 	/*
 	 * cred_guard_mutex must be held at least to this point to prevent
 	 * ptrace_attach() from altering our determination of the task's