pidfd: Use new infrastructure to fix deadlocks in execve

This changes __pidfd_fget to use the new exec_update_mutex instead of cred_guard_mutex. This should be safe, as the credentials do not change before exec_update_mutex is locked. Therefore whatever file access is possible with holding the cred_guard_mutex here is also possbile with the exec_update_mutex. Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2020-03-21 02:46:16 +0000
committer: Eric W. Biederman <ebiederm@xmission.com> 2020-03-25 10:04:01 -0500
commit: 501f9328bf5c6b5e4863da4b50e0e86792de3aa9 (patch)
tree: 1daa6f09d76a01c93cb59372e85e017a833ca5c9 /kernel/pid.c
parent: 6914303824bb572278568330d72fc1f8f9814e67 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/pid.c b/kernel/pid.c
index 60820e72634c..efd34874b3d1 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -577,7 +577,7 @@ static struct file *__pidfd_fget(struct task_struct *task, int fd)
 	struct file *file;
 	int ret;
 
-	ret = mutex_lock_killable(&task->signal->cred_guard_mutex);
+	ret = mutex_lock_killable(&task->signal->exec_update_mutex);
 	if (ret)
 		return ERR_PTR(ret);
 
@@ -586,7 +586,7 @@ static struct file *__pidfd_fget(struct task_struct *task, int fd)
 	else
 		file = ERR_PTR(-EPERM);
 
-	mutex_unlock(&task->signal->cred_guard_mutex);
+	mutex_unlock(&task->signal->exec_update_mutex);
 
 	return file ?: ERR_PTR(-EBADF);
 }
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2020-03-21 02:46:16 +0000
committer	Eric W. Biederman <ebiederm@xmission.com>	2020-03-25 10:04:01 -0500
commit	501f9328bf5c6b5e4863da4b50e0e86792de3aa9 (patch)
tree	1daa6f09d76a01c93cb59372e85e017a833ca5c9 /kernel/pid.c
parent	6914303824bb572278568330d72fc1f8f9814e67 (diff)