lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <149555694775.4786.18241837604458780213.stgit@localhost.localdomain>
Date:   Tue, 23 May 2017 19:29:44 +0300
From:   Kirill Tkhai <ktkhai@...tuozzo.com>
To:     <mhocko@...e.com>, <avagin@...nvz.org>, <peterz@...radead.org>,
        <linux-kernel@...r.kernel.org>, <oleg@...hat.com>,
        <rppt@...ux.vnet.ibm.com>, <ebiederm@...ssion.com>,
        <luto@...nel.org>, <gorcunov@...nvz.org>,
        <akpm@...ux-foundation.org>, <mingo@...nel.org>,
        <ktkhai@...tuozzo.com>, <serge@...lyn.com>
Subject: [PATCH] pid_ns: Allow to get pid_for_children ns before
 child_reaper is created

This patch prohibits pid allocation till child_reaper
of pid namespace is set, and it makes possible and safe
to get just unshared pid_ns from "/proc/[pid]/ns/pid_for_children"
file. This may be useful to determine user_ns of such a created
pid_ns, which is not possible now.

It was prohibited till now, because the architecture of pid namespaces
assumes child reaper is the firstly created process of the namespace,
and it initializes pid_namespace::proc_mnt. Child reaper creation
mustn't race with creation of another processes from this namespace,
otherwise a process with pid > 1 may die before pid_namespace::proc_mnt
is populated and it will get a null pointer dereference in proc_flush_task().
Also, child reaper mustn't die before processes from the namespace.

The patch prevents such races. It allows to alloc_pid() only if
ns->child_reaper is already set, and it guarantees, that
pid_namespace::proc_mnt is already populated. Also, we do the assignment
under the tasklist_lock in the copy_process() stage, when it can't fail.
This guarantees the child_reaper will be hashed before the concurrent
process, so the concurrent process can't die before it. When child reaper
dies before the concurrent hashes to task list, fork() of the concurrent
will aborts as it's prohibited after commit 3fd372262166:
"pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes()".
So, we can't safely allow to get "/proc/[pid]/ns/pid_for_children"
since it's created.

Signed-off-by: Kirill Tkhai <ktkhai@...tuozzo.com>
CC: Andrew Morton <akpm@...ux-foundation.org>
CC: "Eric W. Biederman" <ebiederm@...ssion.com>
CC: Oleg Nesterov <oleg@...hat.com>
CC: Andy Lutomirski <luto@...nel.org>
CC: Serge Hallyn <serge@...lyn.com>
CC: Michal Hocko <mhocko@...e.com>
CC: Andrei Vagin <avagin@...nvz.org>
CC: Cyrill Gorcunov <gorcunov@...nvz.org>
CC: Mike Rapoport <rppt@...ux.vnet.ibm.com>
CC: Ingo Molnar <mingo@...nel.org>
CC: Peter Zijlstra <peterz@...radead.org>
---
 kernel/pid.c           |    3 ++-
 kernel/pid_namespace.c |    9 ---------
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/kernel/pid.c b/kernel/pid.c
index fd1cde1e4576..eeeb01fdd87c 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -334,7 +334,8 @@ struct pid *alloc_pid(struct pid_namespace *ns)
 
 	upid = pid->numbers + ns->level;
 	spin_lock_irq(&pidmap_lock);
-	if (!(ns->nr_hashed & PIDNS_HASH_ADDING))
+	if (!(ns->nr_hashed & PIDNS_HASH_ADDING) ||
+	    (!ns->child_reaper && !is_child_reaper(pid)))
 		goto out_unlock;
 	for ( ; upid >= pid->numbers; --upid) {
 		hlist_add_head_rcu(&upid->pid_chain,
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index 74a5a7255b4d..51dd1d490542 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -385,15 +385,6 @@ static struct ns_common *pidns_for_children_get(struct task_struct *task)
 	}
 	task_unlock(task);
 
-	if (ns) {
-		read_lock(&tasklist_lock);
-		if (!ns->child_reaper) {
-			put_pid_ns(ns);
-			ns = NULL;
-		}
-		read_unlock(&tasklist_lock);
-	}
-
 	return ns ? &ns->ns : NULL;
 }
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ