| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Jul 2021 13:46:58 +0200
From: Manfred Spraul <manfred@...orfullife.com>
To: Alexander Mihalicyn <alexander@...alicyn.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Milton Miller <miltonm@....com>,
Jack Miller <millerjo@...ibm.com>,
Pavel Tikhomirov <ptikhomirov@...tuozzo.com>,
Davidlohr Bueso <dave@...olabs.net>,
Johannes Weiner <hannes@...xchg.org>,
Michal Hocko <mhocko@...e.com>,
Vladimir Davydov <vdavydov.dev@...il.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Andrei Vagin <avagin@...il.com>,
Christian Brauner <christian@...uner.io>
Subject: Re: [PATCH 0/2] shm: omit forced shm destroy if task IPC namespace
was changed
Hi Alex,
Am Sonntag, 11. Juli 2021 schrieb Alexander Mihalicyn <alexander@...alicyn.com>:
>
> Hi, Manfred,
>
> On Sun, Jul 11, 2021 at 12:13 PM Manfred Spraul
> <manfred@...orfullife.com> wrote:
> >
> > Hi,
> >
> >
> > Am Samstag, 10. Juli 2021 schrieb Alexander Mihalicyn <alexander@...alicyn.com>:
> >>
> >>
> >> Now, using setns() syscall, we can construct situation when on
> >> task->sysvshm.shm_clist list
> >> we have shm items from several (!) IPC namespaces.
> >>
> >>
> > Does this imply that locking ist affected as well? According to the initial patch, accesses to shm_clist are protected by "the" IPC shm namespace rwsem. This can't work if the list contains objects from several namespaces.
>
> Of course, you are right. I've to rework this part -> I can add check into
> static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
> function and before adding new shm into task list check that list is empty OR
> an item which is present on the list from the same namespace as
> current->nsproxy->ipc_ns.
>
Ok. (Sorry, I have only smartphone internet, thus I could not check
the patch fully)
> >> I've proposed a change which keeps the old behaviour of setns() but
> >> fixes double free.
> >>
> > Assuming that locking works, I would consider this as a namespace design question: Do we want to support that a task contains shm objects from several ipc namespaces?
>
> This depends on what we mean by "task contains shm objects from
> several ipc namespaces". There are two meanings:
>
> 1. Task has attached shm object from different ipc namespaces
>
> We already support that by design. When we doing a change of namespace
> using unshare(CLONE_NEWIPC) even with
> sysctl shm_rmid_forced=1 we not detach all ipc's from task!
OK. Thus shm and sem have different behavior anyways.
>
> 2. Task task->sysvshm.shm_clist list has items from different IPC namespaces.
>
> I'm not sure, do we need that or not. But I'm ready to prepare a patch
> for any of the options which we choose:
> a) just add exit_shm(current)+shm_init_task(current);
> b) prepare PATCHv2 with appropriate check in the newseg() to prevent
> adding new items from different namespace to the list
> c) rework algorithm so we can safely have items from different
> namespaces in task->sysvshm.shm_clist
>
Before you write something, let's wait what the others say. I don't
qualify AS shm expert
a) is user space visible, without any good excuse
c) is probably highest amount of Changes
b) Impact for me not clear. Would it mean that shm_rmid_forced would
stop to work after setns()
Correct?
--
Manfred
Powered by blists - more mailing lists