| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4AE20532.6060809@librato.com> Date: Fri, 23 Oct 2009 15:34:10 -0400 From: Oren Laadan <orenl@...rato.com> To: Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com> CC: randy.dunlap@...cle.com, arnd@...db.de, linux-api@...r.kernel.org, Containers <containers@...ts.linux-foundation.org>, Nathan Lynch <nathanl@...tin.ibm.com>, linux-kernel@...r.kernel.org, Louis.Rilling@...labs.com, "Eric W. Biederman" <ebiederm@...ssion.com>, kosaki.motohiro@...fujitsu.com, hpa@...or.com, mingo@...e.hu, Pavel Emelyanov <xemul@...nvz.org>, torvalds@...ux-foundation.org, Alexey Dobriyan <adobriyan@...il.com>, roland@...hat.com Subject: Re: [RFC][v8][PATCH 0/10] Implement clone3() system call Oren Laadan wrote: > > Sukadev Bhattiprolu wrote: >> Eric W. Biederman [ebiederm@...ssion.com] wrote: >> | > | + if (target < RESERVED_PIDS) >> | > >> | > Should we replace RESERVED_PIDS with 0 ? We currently allow new >> | > containers to have pids 1..32K in the first pass and in subsequent >> | > passes assign starting at RESERVED_PIDS. >> | >> | If it is a preexisting namespace pid namespace removing the RESERVED_PIDS >> | check removes most if not all of the point of RESERVED_PIDS. >> | >> | In a new fresh pid namespace I have no problem with not performing >> | the RESERVED_PIDS check. >> >> In that case can we do this >> >> if (target_pid < RESERVED_PIDS && !pid_ns->level) >> return -EINVAL; >> >> instead ? >> | >> | So I guess that makes the check. >> | >> | if ((target < RESERVED_PIDS) && pid_ns->last_pid >= RESERVED_PIDS) >> | return -EINVAL; >> >> I am just wondering if there is a small corner case where C/R would randomly >> fail because of this sequence: >> >> - C/R code calls clone() or clone3() say about RESERVED_PIDS-1 >> times and ->last_pid == RESERVED_PIDS-1. >> >> - C/R code calls normal fork()/alloc_pidmap() for a short-lived >> child - its pid == ->last_pid == RESERVED_PIDS >> >> - C/R code then calls clone3()/set_pidmap() to set the pid of >> a new child to RESERVED_PID but fails (i.e it fails to restore >> a pid even when the pid is not in use). > > Not only for short-lived children. The problem is restart will succeed > or fail depending on the order in which tasks were checkpointed. If > task with pid 290 is restarted after pid 305, restart will fail. > > And because chekcpoint scans the task tree in a DFS manner, this is > more likely to happen than not. > > I wonder why you'd like to restrict a pid-specific clone like that ? > It is already a privileged syscall, so it could be exempt. I suggest > that only regular clones will be constrained. I stand corrected by Suka: a pid-specific clone does not change last_pid. Therefore, given that 'restart' only creates tasks with pid-specific clone, this should be safe for c/r. Oren. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists