lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20191121070613.4286-1-hu1.chen@intel.com>
Date:   Thu, 21 Nov 2019 15:06:12 +0800
From:   "Chen, Hu" <hu1.chen@...el.com>
To:     unlisted-recipients:; (no To-header on input)
Cc:     avagin@...nvz.org, hu1.chen@...el.com,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Alexey Dobriyan <adobriyan@...il.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] proc: align mnt_id in /proc/pid/fdinfo and /proc/pid/mountinfo

For Android application process, we found that the mnt_id read from
/proc/pid/fdinfo doesn't exist in /proc/pid/mountinfo. Thus CRIU fails
to dump such process and it complains

"(00.019206) Error (criu/files-reg.c:1299): Can't lookup mount=42 for
fd=-3 path=/data/dalvik-cache/x86_64/system@...mework@...t.art"

This is due to how Android application is launched. In Android, there is
a special process called Zygote which handles the forking of each new
application process:
0. Zygote opens and maps some files, for example
   "/data/dalvik-cache/x86_64/system@...mework@...t.art" in its current
   mount namespace, say "old mnt ns".
1. Zygote waits for the request to fork a new application.
2. Zygote gets a request, it forks and run the new process in a new
   mount namespace, say "new mnt ns".

The file opened in step 0 ties to the mount point in "old mnt ns". The
mnt_id of that mount is listed in /proc/pid/fdinfo. However,
/proc/pid/mountinfo points to current ns, i.e., "new mnt ns".

Althgouh this issue is exposed in Android, we believe it's generic.
Prcoess may open files and enter new mnt ns.

To address it, this patch searches the mirror mount in current ns with
MAJOR and MINOR and shows the mirror's mnt_id.

Signed-off-by: Chen, Hu <hu1.chen@...el.com>

diff --git a/fs/mount.h b/fs/mount.h
index 711a4093e475..6bbfc2b3b8ba 100644
--- a/fs/mount.h
+++ b/fs/mount.h
@@ -153,3 +153,5 @@ static inline bool is_anon_ns(struct mnt_namespace *ns)
 {
 	return ns->seq == 0;
 }
+
+extern struct mount *lookup_mirror_mnt(const struct mount *mnt);
diff --git a/fs/namespace.c b/fs/namespace.c
index 2adfe7b166a3..4ea9b4464cd0 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -683,6 +683,36 @@ bool __is_local_mountpoint(struct dentry *dentry)
 	return is_covered;
 }
 
+/*
+ * lookup_mirror_mnt - Return @mnt's mirror mount in the current/local mount
+ * namespace. If mirror isn't found, just return NULL.
+ */
+struct mount *lookup_mirror_mnt(const struct mount *mnt)
+{
+	struct mnt_namespace *ns = current->nsproxy->mnt_ns;
+	struct mount *mnt_local;
+	bool is_matched = false;
+
+	/* mnt belongs to current namesapce */
+	if (mnt->mnt_ns == ns)
+		return mnt;
+
+	down_read(&namespace_sem);
+	list_for_each_entry(mnt_local, &ns->list, mnt_list) {
+		struct super_block *sb = mnt->mnt.mnt_sb;
+		struct super_block *sb_local = mnt_local->mnt.mnt_sb;
+
+		if (MAJOR(sb->s_dev) == MAJOR(sb_local->s_dev) &&
+		    MINOR(sb->s_dev) == MINOR(sb_local->s_dev)) {
+			is_matched = true;
+			break;
+		}
+	}
+	up_read(&namespace_sem);
+
+	return is_matched ? mnt_local : NULL;
+}
+
 static struct mountpoint *lookup_mountpoint(struct dentry *dentry)
 {
 	struct hlist_head *chain = mp_hash(dentry);
diff --git a/fs/proc/fd.c b/fs/proc/fd.c
index 81882a13212d..cbf2571b0620 100644
--- a/fs/proc/fd.c
+++ b/fs/proc/fd.c
@@ -23,6 +23,7 @@ static int seq_show(struct seq_file *m, void *v)
 	int f_flags = 0, ret = -ENOENT;
 	struct file *file = NULL;
 	struct task_struct *task;
+	struct mount *mount = NULL;
 
 	task = get_proc_task(m->private);
 	if (!task)
@@ -53,9 +54,16 @@ static int seq_show(struct seq_file *m, void *v)
 	if (ret)
 		return ret;
 
+	/* After unshare -m, real_mount(file->f_path.mnt) is not meaningful in
+	 * current mount namesapce. We want to know the mnt_id in current mount
+	 * namespace
+	 */
+	mount = lookup_mirror_mnt(real_mount(file->f_path.mnt));
+	if (!mount)
+		mount = real_mount(file->f_path.mnt);
+
 	seq_printf(m, "pos:\t%lli\nflags:\t0%o\nmnt_id:\t%i\n",
-		   (long long)file->f_pos, f_flags,
-		   real_mount(file->f_path.mnt)->mnt_id);
+		   (long long)file->f_pos, f_flags, mount->mnt_id);
 
 	show_fd_locks(m, file, files);
 	if (seq_has_overflowed(m))
-- 
2.22.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ