[2/3] coredump: fix error handling for replace_fd()

Message ID	20250414-work-coredump-v1-2-6caebc807ff4@kernel.org (mailing list archive)
State	New
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DBC41269836; Mon, 14 Apr 2025 09:54:02 +0000 (UTC) From: Christian Brauner <brauner@kernel.org> Date: Mon, 14 Apr 2025 11:53:37 +0200 Subject: [PATCH 2/3] coredump: fix error handling for replace_fd() Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20250414-work-coredump-v1-2-6caebc807ff4@kernel.org> References: <20250414-work-coredump-v1-0-6caebc807ff4@kernel.org> In-Reply-To: <20250414-work-coredump-v1-0-6caebc807ff4@kernel.org> To: linux-fsdevel@vger.kernel.org Cc: Oleg Nesterov <oleg@redhat.com>, Luca Boccassi <luca.boccassi@gmail.com>, Lennart Poettering <lennart@poettering.net>, Daan De Meyer <daan.j.demeyer@gmail.com>, Mike Yuan <me@yhndnzj.com>, =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>, linux-kernel@vger.kernel.org, Christian Brauner <brauner@kernel.org>
Series	coredump: hand a pidfd to the usermode coredump helper \| expand [0/3] coredump: hand a pidfd to the usermode coredump helper [1/3] pidfs: move O_RDWR into pidfs_alloc_file() [2/3] coredump: fix error handling for replace_fd() [3/3] coredump: hand a pidfd to the usermode coredump helper

Message ID

20250414-work-coredump-v1-2-6caebc807ff4@kernel.org (mailing list archive)

State

New

Headers

From: Christian Brauner <brauner@kernel.org>
Date: Mon, 14 Apr 2025 11:53:37 +0200
Subject: [PATCH 2/3] coredump: fix error handling for replace_fd()
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20250414-work-coredump-v1-2-6caebc807ff4@kernel.org>
References: <20250414-work-coredump-v1-0-6caebc807ff4@kernel.org>
In-Reply-To: <20250414-work-coredump-v1-0-6caebc807ff4@kernel.org>
To: linux-fsdevel@vger.kernel.org
Cc: Oleg Nesterov <oleg@redhat.com>,  Luca Boccassi <luca.boccassi@gmail.com>,
  Lennart Poettering <lennart@poettering.net>,
  Daan De Meyer <daan.j.demeyer@gmail.com>, Mike Yuan <me@yhndnzj.com>,
	=?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>,
  linux-kernel@vger.kernel.org, Christian Brauner <brauner@kernel.org>

Series

coredump: hand a pidfd to the usermode coredump helper | expand

Commit Message

Christian Brauner April 14, 2025, 9:53 a.m. UTC

The replace_fd() helper returns the file descriptor number on success
and a negative error code on failure. The current error handling in
umh_pipe_setup() only works because the file descriptor that is replaced
is zero but that's pretty volatile. Explicitly check for a negative
error code.

Tested-by: Luca Boccassi <luca.boccassi@gmail.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/coredump.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Oleg Nesterov April 14, 2025, 12:11 p.m. UTC | #1

On 04/14, Christian Brauner wrote:
>
> The replace_fd() helper returns the file descriptor number on success
> and a negative error code on failure. The current error handling in
> umh_pipe_setup() only works because the file descriptor that is replaced
> is zero but that's pretty volatile. Explicitly check for a negative
> error code.

...

> @@ -515,6 +517,9 @@ static int umh_pipe_setup(struct subprocess_info *info, struct cred *new)
>  
>  	err = replace_fd(0, files[0], 0);
>  	fput(files[0]);
> +	if (err < 0)
> +		return err;
> +
>  	/* and disallow core files too */
>  	current->signal->rlim[RLIMIT_CORE] = (struct rlimit){1, 1};

The patch looks trivial and correct, but if we do not want to rely on
the fact that replace_fd(fd => 0) return 0 on sucess, then this patch
should also do

	-	return err;
	+	return 0;

?

otherwise this cleanup looks "incomplete" to me.

Oleg.

Christian Brauner April 14, 2025, 1:04 p.m. UTC | #2

On Mon, Apr 14, 2025 at 02:11:56PM +0200, Oleg Nesterov wrote:
> On 04/14, Christian Brauner wrote:
> >
> > The replace_fd() helper returns the file descriptor number on success
> > and a negative error code on failure. The current error handling in
> > umh_pipe_setup() only works because the file descriptor that is replaced
> > is zero but that's pretty volatile. Explicitly check for a negative
> > error code.
> 
> ...
> 
> > @@ -515,6 +517,9 @@ static int umh_pipe_setup(struct subprocess_info *info, struct cred *new)
> >  
> >  	err = replace_fd(0, files[0], 0);
> >  	fput(files[0]);
> > +	if (err < 0)
> > +		return err;
> > +
> >  	/* and disallow core files too */
> >  	current->signal->rlim[RLIMIT_CORE] = (struct rlimit){1, 1};
> 
> The patch looks trivial and correct, but if we do not want to rely on
> the fact that replace_fd(fd => 0) return 0 on sucess, then this patch
> should also do
> 
> 	-	return err;
> 	+	return 0;
> 
> ?
> 
> otherwise this cleanup looks "incomplete" to me.

Ok, done.

diff --git a/fs/coredump.c b/fs/coredump.c
index c33c177a701b..2ed5e6956a09 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -507,7 +507,9 @@  static int umh_pipe_setup(struct subprocess_info *info, struct cred *new)
 {
 	struct file *files[2];
 	struct coredump_params *cp = (struct coredump_params *)info->data;
-	int err = create_pipe_files(files, 0);
+	int err;
+
+	err = create_pipe_files(files, 0);
 	if (err)
 		return err;
 
@@ -515,6 +517,9 @@  static int umh_pipe_setup(struct subprocess_info *info, struct cred *new)
 
 	err = replace_fd(0, files[0], 0);
 	fput(files[0]);
+	if (err < 0)
+		return err;
+
 	/* and disallow core files too */
 	current->signal->rlim[RLIMIT_CORE] = (struct rlimit){1, 1};

[2/3] coredump: fix error handling for replace_fd()

Commit Message

Comments

Patch