lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 16 Nov 2019 16:55:59 -0600
From:   ebiederm@...ssion.com (Eric W. Biederman)
To:     Christian Brauner <christian.brauner@...ntu.com>
Cc:     Oleg Nesterov <oleg@...hat.com>, Andrei Vagin <avagin@...il.com>,
        Adrian Reber <areber@...hat.com>,
        Pavel Emelyanov <ovzxemul@...il.com>,
        Jann Horn <jannh@...gle.com>,
        Dmitry Safonov <0x7f454c46@...il.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        linux-kernel@...r.kernel.org, Mike Rapoport <rppt@...ux.ibm.com>,
        Radostin Stoyanov <rstoyanov1@...il.com>
Subject: Re: [PATCH v10 1/2] fork: extend clone3() to support setting a PID

Christian Brauner <christian.brauner@...ntu.com> writes:

> On Fri, Nov 15, 2019 at 11:49:10AM +0100, Oleg Nesterov wrote:
>> On 11/15, Christian Brauner wrote:
>> >
>> > +static int set_tid_next(pid_t *set_tid, size_t *size, int idx)
>> > +{
>> > +	int tid = 0;
>> > +
>> > +	if (*size) {
>> > +		tid = set_tid[idx];
>> > +		if (tid < 1 || tid >= pid_max)
>> > +			return -EINVAL;
>> > +
>> > +		/*
>> > +		 * Also fail if a PID != 1 is requested and
>> > +		 * no PID 1 exists.
>> > +		 */
>> > +		if (tid != 1 && !tmp->child_reaper)
>> > +			return -EINVAL;
>> > +
>> > +		if (!ns_capable(tmp->user_ns, CAP_SYS_ADMIN))
>> > +			return -EPERM;
>> > +
>> > +		(*size)--;
>> > +	}
>> 
>> this needs more args, struct pid_namespace *tmp + pid_t pid_max
>> 		if (set_tid_size) {
>> 			tid = set_tid[ns->level - i];
>> 
>> 			retval = -EINVAL;
>> 			if (tid < 1 || tid >= pid_max)
>> 				goto out_free;
>
> I'm not a fan of this pattern of _not_ setting error codes in the actual
> error path t but I won't object.

If you can show a compiler that actually manages to reliably perform
that code motion it is worth discussing making it go away.  Last I
checked gcc will emit an extra basic block just to handle setting
the error code before jumping to the out_free.  That extra basic block
because of the extra jump tends to be costly.

Not a huge cost but in these days when branches are getting increasingly
expensive and Moore's law wrapping up I prefer code patterns that
generate cood code.

Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ