lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALgW_8WHq051ifcYPta5reoVZ10=fA5Rb1EZuyaievK+OUw99Q@mail.gmail.com>
Date:   Sun, 11 Jul 2021 13:46:58 +0200
From:   Manfred Spraul <manfred@...orfullife.com>
To:     Alexander Mihalicyn <alexander@...alicyn.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Milton Miller <miltonm@....com>,
        Jack Miller <millerjo@...ibm.com>,
        Pavel Tikhomirov <ptikhomirov@...tuozzo.com>,
        Davidlohr Bueso <dave@...olabs.net>,
        Johannes Weiner <hannes@...xchg.org>,
        Michal Hocko <mhocko@...e.com>,
        Vladimir Davydov <vdavydov.dev@...il.com>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Andrei Vagin <avagin@...il.com>,
        Christian Brauner <christian@...uner.io>
Subject: Re: [PATCH 0/2] shm: omit forced shm destroy if task IPC namespace
 was changed

Hi Alex,


Am Sonntag, 11. Juli 2021 schrieb Alexander Mihalicyn <alexander@...alicyn.com>:
>
> Hi, Manfred,
>
> On Sun, Jul 11, 2021 at 12:13 PM Manfred Spraul
> <manfred@...orfullife.com> wrote:
> >
> > Hi,
> >
> >
> > Am Samstag, 10. Juli 2021 schrieb Alexander Mihalicyn <alexander@...alicyn.com>:
> >>
> >>
> >> Now, using setns() syscall, we can construct situation when on
> >> task->sysvshm.shm_clist list
> >> we have shm items from several (!) IPC namespaces.
> >>
> >>
> > Does this imply that locking ist affected as well? According to the initial patch, accesses to shm_clist are protected by "the" IPC shm namespace rwsem. This can't work if the list contains objects from several namespaces.
>
> Of course, you are right. I've to rework this part -> I can add check into
> static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
> function and before adding new shm into task list check that list is empty OR
> an item which is present on the list from the same namespace as
> current->nsproxy->ipc_ns.
>
Ok. (Sorry, I have only smartphone internet, thus I could not check
the patch fully)

> >> I've proposed a change which keeps the old behaviour of setns() but
> >> fixes double free.
> >>
> > Assuming that locking works, I would consider this as a namespace design question: Do we want to support that a task contains shm objects from several ipc namespaces?
>
> This depends on what we mean by "task contains shm objects from
> several ipc namespaces". There are two meanings:
>
> 1. Task has attached shm object from different ipc namespaces
>
> We already support that by design. When we doing a change of namespace
> using unshare(CLONE_NEWIPC) even with
> sysctl shm_rmid_forced=1 we not detach all ipc's from task!

OK. Thus shm and sem have different behavior anyways.

>
> 2. Task task->sysvshm.shm_clist list has items from different IPC namespaces.
>
> I'm not sure, do we need that or not. But I'm ready to prepare a patch
> for any of the options which we choose:
> a) just add exit_shm(current)+shm_init_task(current);
> b) prepare PATCHv2 with appropriate check in the newseg() to prevent
> adding new items from different namespace to the list
> c) rework algorithm so we can safely have items from different
> namespaces in task->sysvshm.shm_clist
>
Before you write something, let's wait what the others say. I don't
qualify AS shm expert

a) is user space visible, without any good excuse
c) is probably highest amount of Changes
b) Impact for me not clear. Would it mean that shm_rmid_forced would
stop to work after setns()

Correct?

--
   Manfred

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ