From: Christian Brauner Date: Thu, 21 May 2026 06:46:22 +0000 (+0200) Subject: Merge patch series "exec: introduce task_exec_state for exec-time metadata" X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=4425cd76b5e73ce92bea9dc61a0027ef3d55c9f0;p=thirdparty%2Fkernel%2Flinux.git Merge patch series "exec: introduce task_exec_state for exec-time metadata" Christian Brauner (Amutable) says: This series relocates the dumpable mode and the user_namespace captured at execve() from mm_struct onto a new per-task task_exec_state structure that stays attached to the task for its full lifetime. __ptrace_may_access() and several /proc owner / visibility checks need to consult two pieces of state for any observable task, including zombies that have already gone through exit_mm(): the dumpable mode and the user namespace captured at execve(). Both live on mm_struct today, which exit_mm() clears from the task long before the task is reaped. A reader that races with do_exit() observes task->mm == NULL and either fails the check or falls back to init_user_ns - which denies legitimate access to non-dumpable zombies that were running in a nested user namespace. mm_struct loses ->user_ns and the dumpability bits in ->flags. MMF_DUMPABLE_BITS is reserved so MMF_DUMP_FILTER_* layout exposed via /proc//coredump_filter stays stable. task->user_dumpable and its exit_mm() snapshot are removed. task_exec_state is the privilege domain established by an execve() [1]. Within a thread group it is shared via refcount; across thread groups each task has its own: - CLONE_VM siblings (thread-group members, io_uring workers) refcount-share the parent's exec_state. - Non-CLONE_VM clones (fork(), vfork() without CLONE_VM) allocate a fresh exec_state inheriting the parent's dumpable mode and user_ns. - execve() in the child allocates a fresh instance and installs it under task_lock + exec_update_lock via task_exec_state_replace(). - Credential changes (setresuid, capset, ...) and prctl(PR_SET_DUMPABLE) update dumpability on the current task's exec_state, i.e. on the thread group's shared instance. Behavioral change: Kernel threads that briefly use a user mm via kthread_use_mm() no longer inherit dumpability from the borrowed mm. Kthreads are not ptraceable (PF_KTHREAD short-circuits __ptrace_may_access), so this is observable only via /proc surfaces that a sufficiently privileged reader can reach. [1] https://lore.kernel.org/r/CAHk-=wj+NgoDH3GSicJ140SV8OoDd71pLmL3fgFEsTcgoMC6Og@mail.gmail.com * patches from https://patch.msgid.link/20260520-work-task_exec_state-v3-0-69f895bc1385@kernel.org: exec_state: relocate dumpable information ptrace: add ptracer_access_allowed() exec: introduce struct task_exec_state sched/coredump: introduce enum task_dumpable Link: https://patch.msgid.link/20260520-work-task_exec_state-v3-0-69f895bc1385@kernel.org Signed-off-by: Christian Brauner (Amutable) --- 4425cd76b5e73ce92bea9dc61a0027ef3d55c9f0