lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Nov 2010 20:21:07 +0900 (JST) From: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com> To: Oleg Nesterov <oleg@...hat.com> Cc: kosaki.motohiro@...fujitsu.com, Andrew Morton <akpm@...ux-foundation.org>, David Rientjes <rientjes@...gle.com>, KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>, Rik van Riel <riel@...hat.com>, Ying Han <yinghan@...gle.com>, linux-mm@...ck.org, linux-kernel@...r.kernel.org, Roland McGrath <roland@...hat.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, JANAK DESAI <janak@...ibm.com> Subject: Re: [PATCH 1/1][2nd resend] sys_unshare: remove the dead CLONE_THREAD/SIGHAND/VM code > Cleanup: kill the dead code which does nothing but complicates the code > and confuses the reader. > > sys_unshare(CLONE_THREAD/SIGHAND/VM) is not really implemented, and I doubt > very much it will ever work. At least, nobody even tried since the original > "unshare system call -v5: system call handler function" commit > 99d1419d96d7df9cfa56bc977810be831bd5ef64 was applied more than 4 years ago. > > And the code is not consistent. unshare_thread() always fails unconditionally, > while unshare_sighand() and unshare_vm() pretend to work if there is nothing > to unshare. > > Remove unshare_thread(), unshare_sighand(), unshare_vm() helpers and related > variables and add a simple CLONE_THREAD | CLONE_SIGHAND| CLONE_VM check into > check_unshare_flags(). > > Also, move the "CLONE_NEWNS needs CLONE_FS" check from check_unshare_flags() > to sys_unshare(). This looks more consistent and matches the similar > do_sysvsem check in sys_unshare(). > > Note: with or without this patch "atomic_read(mm->mm_users) > 1" can give > a false positive due to get_task_mm(). > > Signed-off-by: Oleg Nesterov <oleg@...hat.com> > Acked-by: Roland McGrath <roland@...hat.com> > --- > > kernel/fork.c | 123 +++++++++++----------------------------------------------- > 1 file changed, 25 insertions(+), 98 deletions(-) > > --- 2.6.37/kernel/fork.c~unshare-killcrap 2010-11-05 18:03:28.000000000 +0100 > +++ 2.6.37/kernel/fork.c 2010-11-05 18:09:52.000000000 +0100 > @@ -1522,38 +1522,24 @@ void __init proc_caches_init(void) > } > > /* > - * Check constraints on flags passed to the unshare system call and > - * force unsharing of additional process context as appropriate. > + * Check constraints on flags passed to the unshare system call. > */ > -static void check_unshare_flags(unsigned long *flags_ptr) > +static int check_unshare_flags(unsigned long unshare_flags) > { > + if (unshare_flags & ~(CLONE_THREAD|CLONE_FS|CLONE_NEWNS|CLONE_SIGHAND| > + CLONE_VM|CLONE_FILES|CLONE_SYSVSEM| > + CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWNET)) > + return -EINVAL; Please put WARN_ON_ONCE() explicitly. That's good way to find hidden user if exist and getting better bug report. And, I've reveied this patch and I've found no fault. but I will not put my ack because I think I haven't understand original intention perhaps. Anyway, thanks Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists