* [PATCH 01/17] fork: fold legacy_clone_args_valid() into _do_fork() [not found] <20200622234326.906346-1-christian.brauner@ubuntu.com> @ 2020-06-22 23:43 ` Christian Brauner [not found] ` <20200627082748.GM5535@shao2-debian> 0 siblings, 1 reply; 2+ messages in thread From: Christian Brauner @ 2020-06-22 23:43 UTC (permalink / raw) To: linux-kernel Cc: Linus Torvalds, Christian Brauner, Thomas Gleixner, Ingo Molnar, Al Viro, Geert Uytterhoeven, Matthew Wilcox (Oracle), Peter Zijlstra (Intel), linux-m68k, x86 This separate helper only existed to guarantee the mutual exclusivity of CLONE_PIDFD and CLONE_PARENT_SETTID for legacy clone since CLONE_PIDFD abuses the parent_tid field to return the pidfd. But we can actually handle this uniformely thus removing the helper. For legacy clone we can detect that CLONE_PIDFD is specified in conjunction with CLONE_PARENT_SETTID because they will share the same memory which is invalid and for clone3() setting the separate pidfd and parent_tid fields to the same memory is bogus as well. So fold that helper directly into _do_fork() by detecting this case. Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org> Cc: linux-m68k@lists.linux-m68k.org Cc: x86@kernel.org Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> --- arch/m68k/kernel/process.c | 3 --- arch/x86/kernel/sys_ia32.c | 3 --- include/linux/sched/task.h | 1 - kernel/fork.c | 30 ++++++++++++++---------------- 4 files changed, 14 insertions(+), 23 deletions(-) diff --git a/arch/m68k/kernel/process.c b/arch/m68k/kernel/process.c index 90ae376b7ab1..0608439ba452 100644 --- a/arch/m68k/kernel/process.c +++ b/arch/m68k/kernel/process.c @@ -125,9 +125,6 @@ asmlinkage int m68k_clone(struct pt_regs *regs) .tls = regs->d5, }; - if (!legacy_clone_args_valid(&args)) - return -EINVAL; - return _do_fork(&args); } diff --git a/arch/x86/kernel/sys_ia32.c b/arch/x86/kernel/sys_ia32.c index f8d65c99feb8..720cde885042 100644 --- a/arch/x86/kernel/sys_ia32.c +++ b/arch/x86/kernel/sys_ia32.c @@ -251,9 +251,6 @@ COMPAT_SYSCALL_DEFINE5(ia32_clone, unsigned long, clone_flags, .tls = tls_val, }; - if (!legacy_clone_args_valid(&args)) - return -EINVAL; - return _do_fork(&args); } #endif /* CONFIG_IA32_EMULATION */ diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h index 38359071236a..ddce0ea515d1 100644 --- a/include/linux/sched/task.h +++ b/include/linux/sched/task.h @@ -96,7 +96,6 @@ extern void exit_files(struct task_struct *); extern void exit_itimers(struct signal_struct *); extern long _do_fork(struct kernel_clone_args *kargs); -extern bool legacy_clone_args_valid(const struct kernel_clone_args *kargs); extern long do_fork(unsigned long, unsigned long, unsigned long, int __user *, int __user *); struct task_struct *fork_idle(int); struct mm_struct *copy_init_mm(void); diff --git a/kernel/fork.c b/kernel/fork.c index 142b23645d82..9875aeb2ba41 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2422,6 +2422,20 @@ long _do_fork(struct kernel_clone_args *args) int trace = 0; long nr; + /* + * For legacy clone() calls, CLONE_PIDFD uses the parent_tid argument + * to return the pidfd. Hence, CLONE_PIDFD and CLONE_PARENT_SETTID are + * mutually exclusive. With clone3() CLONE_PIDFD has grown a separate + * field in struct clone_args and it still doesn't make sense to have + * them both point at the same memory location. Performing this check + * here has the advantage that we don't need to have a separate helper + * to check for legacy clone(). + */ + if ((args->flags & CLONE_PIDFD) && + (args->flags & CLONE_PARENT_SETTID) && + (args->pidfd == args->parent_tid)) + return -EINVAL; + /* * Determine whether and which event to report to ptracer. When * called from kernel_thread or CLONE_UNTRACED is explicitly @@ -2479,16 +2493,6 @@ long _do_fork(struct kernel_clone_args *args) return nr; } -bool legacy_clone_args_valid(const struct kernel_clone_args *kargs) -{ - /* clone(CLONE_PIDFD) uses parent_tidptr to return a pidfd */ - if ((kargs->flags & CLONE_PIDFD) && - (kargs->flags & CLONE_PARENT_SETTID)) - return false; - - return true; -} - #ifndef CONFIG_HAVE_COPY_THREAD_TLS /* For compatibility with architectures that call do_fork directly rather than * using the syscall entry points below. */ @@ -2508,9 +2512,6 @@ long do_fork(unsigned long clone_flags, .stack_size = stack_size, }; - if (!legacy_clone_args_valid(&args)) - return -EINVAL; - return _do_fork(&args); } #endif @@ -2593,9 +2594,6 @@ SYSCALL_DEFINE5(clone, unsigned long, clone_flags, unsigned long, newsp, .tls = tls, }; - if (!legacy_clone_args_valid(&args)) - return -EINVAL; - return _do_fork(&args); } #endif -- 2.27.0 ^ permalink raw reply related [flat|nested] 2+ messages in thread
[parent not found: <20200627082748.GM5535@shao2-debian>]
* Re: [fork] 11689456e6: ltp.clone302.fail [not found] ` <20200627082748.GM5535@shao2-debian> @ 2020-06-27 12:23 ` Christian Brauner 0 siblings, 0 replies; 2+ messages in thread From: Christian Brauner @ 2020-06-27 12:23 UTC (permalink / raw) To: kernel test robot Cc: linux-kernel, Linus Torvalds, Thomas Gleixner, Ingo Molnar, Al Viro, Geert Uytterhoeven, Matthew Wilcox (Oracle), Peter Zijlstra (Intel), linux-m68k, x86, lkp On Sat, Jun 27, 2020 at 04:27:48PM +0800, kernel test robot wrote: > Greeting, > > FYI, we noticed the following commit (built with gcc-9): > > commit: 11689456e6df828b7917a558a36212e68fa9aa69 ("[PATCH 01/17] fork: fold legacy_clone_args_valid() into _do_fork()") > url: https://github.com/0day-ci/linux/commits/Christian-Brauner/arch-remove-do_fork-and-HAVE_COPY_THREAD_TLS/20200623-080105 > base: https://git.kernel.org/cgit/linux/kernel/git/davem/sparc.git master > > in testcase: ltp > with following parameters: > > disk: 1HDD > fs: ext4 > test: syscalls_part1 > > test-description: The LTP testsuite contains a collection of tools for testing the Linux kernel and related features. > test-url: http://linux-test-project.github.io/ > > > on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G > > caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): > > > > > If you fix the issue, kindly add following tag > Reported-by: kernel test robot <rong.a.chen@intel.com> > > > <<<test_start>>> > tag=clone302 stime=1593153327 > cmdline="clone302" > contacts="" > analysis=exit > <<<test_output>>> > tst_buffers.c:55: INFO: Test is using guarded buffers > tst_test.c:1247: INFO: Timeout per run is 0h 05m 00s > clone302.c:92: PASS: invalid args: clone3() failed as expected: EFAULT (14) > clone302.c:92: PASS: zero size: clone3() failed as expected: EINVAL (22) > clone302.c:92: PASS: short size: clone3() failed as expected: EINVAL (22) > clone302.c:92: PASS: extra size: clone3() failed as expected: EFAULT (14) > clone302.c:92: PASS: sighand-no-VM: clone3() failed as expected: EINVAL (22) > clone302.c:92: PASS: thread-no-sighand: clone3() failed as expected: EINVAL (22) > clone302.c:92: PASS: fs-newns: clone3() failed as expected: EINVAL (22) > clone302.c:92: PASS: invalid pidfd: clone3() failed as expected: EFAULT (14) > clone302.c:92: PASS: invalid childtid: clone3() failed as expected: EFAULT (14) > clone302.c:88: FAIL: invalid parenttid: clone3() should fail with EFAULT: EINVAL (22) In short, this is a change in failure behavior for clone3() I did expect and am willing to risk. Here's why in the short form: - clone3() is extremely new - this failed before - setting both CLONE_PIDFD and CLONE_PARENT_SETTID is extremely rare (haven't seen it in any codebases I know that use clone3()) - setting both CLONE_PIDFD and CLONE_PARENT_SETTID __and__ pointing them to the same adress doesn't work (haven't seen it in any codebases I know that use clone3() but see some more notes on that below) - the change makes a special case go away and simplifies multiple call-sites So a few notes about the test. I did stare at it for a while and was confused why you expect EFAULT to be returned when CLONE_PARENT_SETTID is set to an invalid memory address. Because that doesn't make sense. When the parent tid is written to the memory location for CLONE_PARENT_SETTID we're past the point of no return of process creation, i.e. the return value from put_user() isn't checked and can't be checked anymore so you'd never receive EFAULT for a bogus parent_tid memory address. This is not something new. This has been the case since the introduction of pid namespaces and specifically since commit 30e49c263e36 ("pid namespaces: allow cloning of new namespace"). But then it dawned on me. You're setting CLONE_PIDFD | CLONE_PARENT_SETTID and you're pointing: - args->parent_tid = <invalid-address> - args->pidfd = NULL so the EFAULT you've seen so far in your test-suite has never been for CLONE_PARENT_SETTID but for CLONE_PIDFD since that value is written before the point of no return and consequently put_user() is checked and the EFAULT is surfaced. So independent of that issue here you might want to adapt that test so it really tests what you want. :) (And maybe it's worth documenting on the manpage for clone{3}() that failures for CLONE_PARENT_SETTID and CLONE_CHILD_SETTID are not seen.) (Also, note that for some reason, args->pidfd and pargs->parent_tid must've ended up pointing to the same address in your test-suite. So my guess is that args->pidfd pointed to garbage which got turned into a useable address after tst_get_bad_addr() returned &invalid_address. Maybe I'm missing something subtle though.) Christian ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-06-27 12:23 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <20200622234326.906346-1-christian.brauner@ubuntu.com> 2020-06-22 23:43 ` [PATCH 01/17] fork: fold legacy_clone_args_valid() into _do_fork() Christian Brauner [not found] ` <20200627082748.GM5535@shao2-debian> 2020-06-27 12:23 ` [fork] 11689456e6: ltp.clone302.fail Christian Brauner
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).