coredump: set_dumpable: fix the theoretical race with itself

set_dumpable() updates MMF_DUMPABLE_MASK in a non-trivial way to ensure
that get_dumpable() can't observe the intermediate state, but this all
can't help if multiple threads call set_dumpable() at the same time.

And in theory commit_creds()->set_dumpable(SUID_DUMP_ROOT) racing with
sys_prctl()->set_dumpable(SUID_DUMP_DISABLE) can result in SUID_DUMP_USER.

Change this code to update both bits atomically via cmpxchg().

Note: this assumes that it is safe to mix bitops and cmpxchg.  IOW, if,
say, an architecture implements cmpxchg() using the locking (like
arch/parisc/lib/bitops.c does), then it should use the same locks for

Signed-off-by: Oleg Nesterov <>
Acked-by: Kees Cook <>
Cc: Alex Kelly <>
Cc: "Eric W. Biederman" <>
Cc: Josh Triplett <>
Cc: Petr Matousek <>
Cc: Vasily Kulikov <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
1 file changed