mm_for_maps: simplify, use ptrace_may_access()

It would be nice to kill __ptrace_may_access(). It requires task_lock(),
but this lock is only needed to read mm->flags in the middle.

Convert mm_for_maps() to use ptrace_may_access(), this also simplifies
the code a little bit.

Also, we do not need to take ->mmap_sem in advance. In fact I think
mm_for_maps() should not play with ->mmap_sem at all, the caller should
take this lock.

With or without this patch, without ->cred_guard_mutex held we can race
with exec() and get the new ->mm but check old creds.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 3ce5ae9e3d2dabd36dce105ecb4545a4723c1202..917f338a673992651144ae60e6f399a28f5d53c8 100644 (file)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -237,20 +237,19 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
        struct mm_struct *mm = get_task_mm(task);
        if (!mm)
                return NULL;
+       if (mm != current->mm) {
+               /*
+                * task->mm can be changed before security check,
+                * in that case we must notice the change after.
+                */
+               if (!ptrace_may_access(task, PTRACE_MODE_READ) ||
+                   mm != task->mm) {
+                       mmput(mm);
+                       return NULL;
+               }
+       }
        down_read(&mm->mmap_sem);
-       task_lock(task);
-       if (task->mm != mm)
-               goto out;
-       if (task->mm != current->mm &&
-           __ptrace_may_access(task, PTRACE_MODE_READ) < 0)
-               goto out;
-       task_unlock(task);
        return mm;
-out:
-       task_unlock(task);
-       up_read(&mm->mmap_sem);
-       mmput(mm);
-       return NULL;
 }
 
 static int proc_pid_cmdline(struct task_struct *task, char * buffer)