From patchwork Mon Jun 13 06:07:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Vagin X-Patchwork-Id: 12879040 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E354FC43334 for ; Mon, 13 Jun 2022 06:07:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 460968D0155; Mon, 13 Jun 2022 02:07:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4106A8D0142; Mon, 13 Jun 2022 02:07:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2D7AE8D0155; Mon, 13 Jun 2022 02:07:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 1F6A68D0142 for ; Mon, 13 Jun 2022 02:07:37 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id DC90520E25 for ; Mon, 13 Jun 2022 06:07:36 +0000 (UTC) X-FDA: 79572180912.14.6055132 Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) by imf22.hostedemail.com (Postfix) with ESMTP id 67B4FC00A5 for ; Mon, 13 Jun 2022 06:07:36 +0000 (UTC) Received: by mail-pj1-f42.google.com with SMTP id g16-20020a17090a7d1000b001ea9f820449so3230582pjl.5 for ; Sun, 12 Jun 2022 23:07:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=R2YkzI9j1jsr56lMlCtYILywTtcG8+NXvsHywe0vpm8=; b=hhvQSETcJzMWUEZQmAuklFwxKIhtykeBuDIiv8Nc4AScgy9Iu++Ff19Sk1bckffCfs pM+5xxeoLj6aMvfb+lweD1Hvty0eL73rvwI0I0KgXEAUj01prXeM+I9T52WMpgOegV5n 8Tw5EgM1q09dhE/uBZpAUmDe35xQAlbIFQAiuiJDGIBKsn6T52yCtw89phsz2ml9JfQh nBfTlSSgk0Orzqd9cWjz5VMsAPGNwzSyhIjnf5AECy+qoqymQ4iZMbEev2JE4F01Ng+L aWy5o3pk7RiH1jZV6v0IBPabPa9oreoIUMhJTembQSwIaNCq7jfyjrB6XqWlIJioIyrJ AWEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=R2YkzI9j1jsr56lMlCtYILywTtcG8+NXvsHywe0vpm8=; b=WBhjtXwN+IVKv54qE0ijcDLtZfhubVydgpaeCgjlZFn1aQ1Upyn4Txw0PUwEgLXIOd Q/GX4zHQyC7HvhdSWacKQ1RNCsivKwOP1Vevoo5Zrm0j3e2LHpX4QXfvwNsJ/gI/mBlQ gSA/4qs10Z35NW1/juErJ9KDDr+JW8TIqzF/Mw7paQvGa8Uq7SPXXkMkjValRs69GyRK TgdsSHwRw2/4BNrxhiKiMN/QQz9UA2UiZLgylthZvr+PF/QBM/URdXSxtV95Olib0LD3 hC2NvloXToE0Zointt78RfJnLecmZWVXMYvoyM40MrYvoBAoBsI9WIuXDwkKJYeJxbWg taZQ== X-Gm-Message-State: AOAM532/lUOujF82X4pirLxnijx/dk0LX9DKMlS5Emc6b/dF+WBIz6gH UMd1KTZsQ1P29K3DIqdVnKY= X-Google-Smtp-Source: ABdhPJxu+n/sA9OaUT7rb/xD5BABGaVCwNCHWLBEpExROYalF9j/xouFkI6qBNBX+qZjZajJV2+ZAw== X-Received: by 2002:a17:90a:eb17:b0:1e2:f569:6b60 with SMTP id j23-20020a17090aeb1700b001e2f5696b60mr13894942pjz.48.1655100455292; Sun, 12 Jun 2022 23:07:35 -0700 (PDT) Received: from laptop.hsd1.wa.comcast.net ([2601:600:8500:5f14:d627:c51e:516e:a105]) by smtp.gmail.com with ESMTPSA id p5-20020a170903248500b0015e8d4eb1c8sm420157plw.18.2022.06.12.23.07.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Jun 2022 23:07:34 -0700 (PDT) From: Andrei Vagin To: linux-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com>, Christian Brauner Cc: Florian Weimer , linux-mm@kvack.org, Eric Biederman , Kees Cook , Andrei Vagin Subject: [PATCH 1/2] fs/exec: allow to unshare a time namespace on vfork+exec Date: Sun, 12 Jun 2022 23:07:22 -0700 Message-Id: <20220613060723.197407-1-avagin@gmail.com> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655100456; a=rsa-sha256; cv=none; b=JrroebVSDM1WKhrgc5veqAFsNsXhIj2Lt7QEe/AhzlCql24KxOS6QdU4+xizHXU3+fo0nG lvRKqKuwc8Gc5qD9A3D8Ce4oWbkV6olb59veaeNuh+ZWC/wqRXoBoxSIopvbXpzpLe+a8K VMNmPvBQqZx41UnHw0mKUn5ZE6ZLNRs= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=hhvQSETc; spf=pass (imf22.hostedemail.com: domain of avagin@gmail.com designates 209.85.216.42 as permitted sender) smtp.mailfrom=avagin@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655100456; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=R2YkzI9j1jsr56lMlCtYILywTtcG8+NXvsHywe0vpm8=; b=eQfKiJHz1lVEIKOePiZKQ2btt99cfn1NPnkekZyyS5DKlud8Ijl2UUxCVFFCjwmaEPJZdY NKNL0brbil+JYppYTzXPap/dNn19GrUldJ55Ju3l6npzCM3iLfYbAuB3QLjdNaXxNn9eNE sMnKQrV4oBYUYA0TS7wBjgLVKxpnbzs= X-Rspamd-Queue-Id: 67B4FC00A5 Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=hhvQSETc; spf=pass (imf22.hostedemail.com: domain of avagin@gmail.com designates 209.85.216.42 as permitted sender) smtp.mailfrom=avagin@gmail.com; dmarc=pass (policy=none) header.from=gmail.com X-Rspam-User: X-Rspamd-Server: rspam06 X-Stat-Signature: mbd339mmp3x8sxdbd5r51u73usznmxaa X-HE-Tag: 1655100456-122208 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Right now, a new process can't be forked in another time namespace if it shares mm with its parent. It is prohibited, because each time namespace has its own vvar page that is mapped into a process address space. When a process calls exec, it gets a new mm and so it could be "legal" to switch time namespace in that case. This was not implemented and now if we want to do this, we need to add another clone flag to not break backward compatibility. We don't have any user requests to switch times on exec except the vfork+exec combination, so there is no reason to add a new clone flag. As for vfork+exec, this should be safe to allow switching timens with the current clone flag. Right now, vfork (CLONE_VFORK | CLONE_VM) fails if a child is forked into another time namespace. With this change, vfork creates a new process in parent's timens, and the following exec does the actual switch to the target time namespace. Suggested-by: Florian Weimer Signed-off-by: Andrei Vagin Acked-by: Christian Brauner (Microsoft) --- fs/exec.c | 7 +++++++ kernel/fork.c | 5 ++++- kernel/nsproxy.c | 3 ++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 0989fb8472a1..347e8f55bc2b 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -65,6 +65,7 @@ #include #include #include +#include #include #include @@ -982,10 +983,12 @@ static int exec_mmap(struct mm_struct *mm) { struct task_struct *tsk; struct mm_struct *old_mm, *active_mm; + bool vfork; int ret; /* Notify parent that we're no longer interested in the old VM */ tsk = current; + vfork = !!tsk->vfork_done; old_mm = current->mm; exec_mm_release(tsk, old_mm); if (old_mm) @@ -1030,6 +1033,10 @@ static int exec_mmap(struct mm_struct *mm) tsk->mm->vmacache_seqnum = 0; vmacache_flush(tsk); task_unlock(tsk); + + if (vfork) + timens_on_fork(tsk->nsproxy, tsk); + if (old_mm) { mmap_read_unlock(old_mm); BUG_ON(active_mm != old_mm); diff --git a/kernel/fork.c b/kernel/fork.c index 9d44f2d46c69..9174146f6812 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2033,8 +2033,11 @@ static __latent_entropy struct task_struct *copy_process( /* * If the new process will be in a different time namespace * do not allow it to share VM or a thread group with the forking task. + * + * On vfork, the child process enters the target time namespace only + * after exec. */ - if (clone_flags & (CLONE_THREAD | CLONE_VM)) { + if ((clone_flags & (CLONE_VM | CLONE_VFORK)) == CLONE_VM) { if (nsp->time_ns != nsp->time_ns_for_children) return ERR_PTR(-EINVAL); } diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index eec72ca962e2..b4cbb406bc28 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c @@ -179,7 +179,8 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk) if (IS_ERR(new_ns)) return PTR_ERR(new_ns); - timens_on_fork(new_ns, tsk); + if ((flags & CLONE_VM) == 0) + timens_on_fork(new_ns, tsk); tsk->nsproxy = new_ns; return 0; From patchwork Mon Jun 13 06:07:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Vagin X-Patchwork-Id: 12879041 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34820C433EF for ; Mon, 13 Jun 2022 06:07:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5E7C78D0156; Mon, 13 Jun 2022 02:07:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 570B98D0142; Mon, 13 Jun 2022 02:07:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3EA538D0156; Mon, 13 Jun 2022 02:07:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 2FD788D0142 for ; Mon, 13 Jun 2022 02:07:38 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 080C635200 for ; Mon, 13 Jun 2022 06:07:38 +0000 (UTC) X-FDA: 79572180996.05.FAD5E9F Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) by imf07.hostedemail.com (Postfix) with ESMTP id A7A634006F for ; Mon, 13 Jun 2022 06:07:37 +0000 (UTC) Received: by mail-pg1-f169.google.com with SMTP id q140so4681795pgq.6 for ; Sun, 12 Jun 2022 23:07:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8rpGhRZe7OD9xjNF1m78RIAAcrJRhCm5pjhxYsieoHk=; b=qw13uZoq36bEli8mqrcMyU1ZDU0GLPkhc5EIb2TvM28HQOU6+Bp6//pg/xE2tf2Zmu C1ws5OPgHK2sMrWJuPCbrXbWfCzu+093uOcErbsEsJh5Hf1fPUiJ6O6eBFicsy/a0gZq BIN9IQXO73EoAsMeLhkWGivLl8jbP0BhRpvY0hneq8o6DtauPwc7S56XXZ8rao7JOx7E G4iPiLb1Jl5ZJeKVZlJsLDtl4KBHCH5elDbssGxKS0tLn6GwhBRxwSjlyBR1D6ksc6j9 A462hq6nvtEGRaas8A0ujrFFNUjRWqqv1YnTlBVqlaI0+nrj+d6VUDg2sOm8PeBViazt DtPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8rpGhRZe7OD9xjNF1m78RIAAcrJRhCm5pjhxYsieoHk=; b=HpLwBLQmC5OyaBdek9857snlCN8MRtOChKZ/ySOBHFIyb4G9lbrLWMn82tZeVSOfa/ s4VSMBveCQydiwYUb2TJA9amgI72YcNoqiFocJtMmgieQfRUo8MQj6k5TD8+r9zL5BnO HP3eY9AlUo9IItVjs1h+X9JAsgms951Fou+AlE8BxtrFDLkKNj8Kr25AtvEoUEjgt2gE hcGi19yIWz6u+11SDykbw/JNxCctykjjWWnAk//ZD6V1PAAHATHblSwDhY68uuOu55Un SgWpQRze9P0N9Z1VVuyRWs8vg0U073/ZuxaLAg2Y6Cut7klkB/GswGnwiPamQZ9dlDPK XVzQ== X-Gm-Message-State: AOAM532U8gj5tgiCtE6ZqLffim8LCkQpNZSaZTzinJ/t/S6jNsy/yzue w/hB2KyqZrpCnk+PCt0z25YaO/xj1Bo= X-Google-Smtp-Source: ABdhPJzURWDFcCmiEHOvEVLTggU4LjThqJO7Ns08nOOCFi+M9IUze1MifDyWiOid4te/GU4fksqIGw== X-Received: by 2002:a05:6a00:a16:b0:518:ffe0:7229 with SMTP id p22-20020a056a000a1600b00518ffe07229mr93599801pfh.49.1655100456409; Sun, 12 Jun 2022 23:07:36 -0700 (PDT) Received: from laptop.hsd1.wa.comcast.net ([2601:600:8500:5f14:d627:c51e:516e:a105]) by smtp.gmail.com with ESMTPSA id p5-20020a170903248500b0015e8d4eb1c8sm420157plw.18.2022.06.12.23.07.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Jun 2022 23:07:35 -0700 (PDT) From: Andrei Vagin To: linux-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com>, Christian Brauner Cc: Florian Weimer , linux-mm@kvack.org, Eric Biederman , Kees Cook , Andrei Vagin Subject: [PATCH 2/2] testing/timens: add a test for vfork+exit Date: Sun, 12 Jun 2022 23:07:23 -0700 Message-Id: <20220613060723.197407-2-avagin@gmail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220613060723.197407-1-avagin@gmail.com> References: <20220613060723.197407-1-avagin@gmail.com> MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655100457; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8rpGhRZe7OD9xjNF1m78RIAAcrJRhCm5pjhxYsieoHk=; b=XqXSGFuLS+cDGCnvq4IQ2/JDi1yY+yjxZs7mHmyqGq+RBJk52/YiI8jTrj2Xl4CSSopkGw BxffauPZ9yNOxKcPbkdYU1W8NE2TpsQeNPpU5vVNOYVXhiASCvE81cqTcFuXfMdw0EfYoy FGAZ7KbixDvDZIcdyPV5Hewxxq9OUYc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655100457; a=rsa-sha256; cv=none; b=n3cVVinhdLi6YeHdh64JhiYXqHhyi2EZdmiFrMsD+1ITLCyvXH9176aAVsGUwhbvqlhLo8 XNOwHdeNZfnCzZDFtMBRrxZDsOyjCDHr86TbcketGKGdb7k8pBZN7QN2lxuVSLlitom++V 2fHECO7FPqezeuByixEi6TpbJlAzWVc= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=qw13uZoq; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf07.hostedemail.com: domain of avagin@gmail.com designates 209.85.215.169 as permitted sender) smtp.mailfrom=avagin@gmail.com Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=qw13uZoq; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf07.hostedemail.com: domain of avagin@gmail.com designates 209.85.215.169 as permitted sender) smtp.mailfrom=avagin@gmail.com X-Rspamd-Server: rspam08 X-Rspam-User: X-Stat-Signature: ufbdryywnt8bsan7mbackx9zwe379iyq X-Rspamd-Queue-Id: A7A634006F X-HE-Tag: 1655100457-789647 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: * check that a child process is in parent's time namespace after vfork. * check that a child process is in the target namespace after exec. Output on success: $ ./vfork_exec 1..1 ok 1 exec Signed-off-by: Andrei Vagin --- tools/testing/selftests/timens/Makefile | 2 +- tools/testing/selftests/timens/vfork_exec.c | 90 +++++++++++++++++++++ 2 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/timens/vfork_exec.c diff --git a/tools/testing/selftests/timens/Makefile b/tools/testing/selftests/timens/Makefile index 3a5936cc10ab..f0d51d4d2c87 100644 --- a/tools/testing/selftests/timens/Makefile +++ b/tools/testing/selftests/timens/Makefile @@ -1,4 +1,4 @@ -TEST_GEN_PROGS := timens timerfd timer clock_nanosleep procfs exec futex +TEST_GEN_PROGS := timens timerfd timer clock_nanosleep procfs exec futex vfork_exec TEST_GEN_PROGS_EXTENDED := gettime_perf CFLAGS := -Wall -Werror -pthread diff --git a/tools/testing/selftests/timens/vfork_exec.c b/tools/testing/selftests/timens/vfork_exec.c new file mode 100644 index 000000000000..e6ccd900f30a --- /dev/null +++ b/tools/testing/selftests/timens/vfork_exec.c @@ -0,0 +1,90 @@ +// SPDX-License-Identifier: GPL-2.0 +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "log.h" +#include "timens.h" + +#define OFFSET (36000) + +int main(int argc, char *argv[]) +{ + struct timespec now, tst; + int status, i; + pid_t pid; + + if (argc > 1) { + if (sscanf(argv[1], "%ld", &now.tv_sec) != 1) + return pr_perror("sscanf"); + + for (i = 0; i < 2; i++) { + _gettime(CLOCK_MONOTONIC, &tst, i); + if (abs(tst.tv_sec - now.tv_sec) > 5) + return pr_fail("%ld %ld\n", now.tv_sec, tst.tv_sec); + } + return 0; + } + + nscheck(); + + ksft_set_plan(1); + + clock_gettime(CLOCK_MONOTONIC, &now); + + if (unshare_timens()) + return 1; + + if (_settime(CLOCK_MONOTONIC, OFFSET)) + return 1; + + for (i = 0; i < 2; i++) { + _gettime(CLOCK_MONOTONIC, &tst, i); + if (abs(tst.tv_sec - now.tv_sec) > 5) + return pr_fail("%ld %ld\n", + now.tv_sec, tst.tv_sec); + } + + pid = vfork(); + if (pid < 0) + return pr_perror("fork"); + + if (pid == 0) { + char now_str[64]; + char *cargv[] = {"exec", now_str, NULL}; + char *cenv[] = {NULL}; + + // Check that we are still in the source timens. + for (i = 0; i < 2; i++) { + _gettime(CLOCK_MONOTONIC, &tst, i); + if (abs(tst.tv_sec - now.tv_sec) > 5) + return pr_fail("%ld %ld\n", + now.tv_sec, tst.tv_sec); + } + + /* Check for proper vvar offsets after execve. */ + snprintf(now_str, sizeof(now_str), "%ld", now.tv_sec + OFFSET); + execve("/proc/self/exe", cargv, cenv); + return pr_perror("execve"); + } + + if (waitpid(pid, &status, 0) != pid) + return pr_perror("waitpid"); + + if (status) + ksft_exit_fail(); + + ksft_test_result_pass("exec\n"); + ksft_exit_pass(); + return 0; +}