Re: [PATCH] perf tools: Restore proper cwd on return from mnt ns

From: Jiri Olsa <jolsa@redhat.com>
To: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Jiri Olsa <jolsa@kernel.org>,
	Krister Johansen <kjlx@templeofstupid.com>,
	lkml <linux-kernel@vger.kernel.org>,
	Ingo Molnar <mingo@kernel.org>,
	Namhyung Kim <namhyung@kernel.org>,
	Alexander Shishkin <alexander.shishkin@linux.intel.com>,
	Peter Zijlstra <a.p.zijlstra@chello.nl>
Subject: Re: [PATCH] perf tools: Restore proper cwd on return from mnt ns
Date: Sat, 17 Nov 2018 10:00:10 +0100	[thread overview]
Message-ID: <20181117090010.GP9600@krava> (raw)
In-Reply-To: <20181116184245.GE18319@kernel.org>

On Fri, Nov 16, 2018 at 10:42:45AM -0800, Arnaldo Carvalho de Melo wrote:
> Em Fri, Nov 16, 2018 at 10:31:43AM -0800, Arnaldo Carvalho de Melo escreveu:
> > Em Thu, Nov 01, 2018 at 06:00:01PM +0100, Jiri Olsa escreveu:
> > > When reporting on 'record' server we try to retrieve/use
> > > the mnt namespace of the profiled tasks. We use following
> > > API with cookie to hold the return namespace, roughly:
> > > 
> > >   nsinfo__mountns_enter(struct nsinfo *nsi, struct nscookie *nc)
> > >     setns(newns, 0);
> > >   ...
> > >   new ns related open..
> > >   ...
> > >   nsinfo__mountns_exit(struct nscookie *nc)
> > >     setns(nc->oldns)
> > > 
> > > Once finished we setns to old namespace, which also sets the
> > > current working directory (cwd) to "/", trashing the cwd we had.
> > > 
> > > This is mostly fine, because we use absolute paths almost everywhere,
> > > but it screws up perf diff:
> > > 
> > >   # perf diff
> > >   failed to open perf.data: No such file or directory  (try 'perf record' first)
> > >   ...
> > > 
> > > Adding the current working directory to be part of the cookie
> > > and restoring it in the nsinfo__mountns_exit call.
> >  
> > > Cc: Krister Johansen <kjlx@templeofstupid.com>
> > > Fixes: 843ff37bb59e ("perf symbols: Find symbols in different mount namespace")
> > > Link: http://lkml.kernel.org/n/tip-zg3vz7kjr86cco7lo91v8yhj@git.kernel.org
> > > Signed-off-by: Jiri Olsa <jolsa@kernel.org>
> > > ---
> > >  tools/perf/util/namespaces.c | 18 ++++++++++++++++--
> > >  tools/perf/util/namespaces.h |  1 +
> > >  2 files changed, 17 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/tools/perf/util/namespaces.c b/tools/perf/util/namespaces.c
> > > index cf8bd123cf73..fb0458b7e6aa 100644
> > > --- a/tools/perf/util/namespaces.c
> > > +++ b/tools/perf/util/namespaces.c
> > > @@ -18,6 +18,7 @@
> > >  #include <stdio.h>
> > >  #include <string.h>
> > >  #include <unistd.h>
> > > +#include <asm/bug.h>
> > >  
> > >  struct namespaces *namespaces__new(struct namespaces_event *event)
> > >  {
> > > @@ -186,6 +187,7 @@ void nsinfo__mountns_enter(struct nsinfo *nsi,
> > >  	char curpath[PATH_MAX];
> > >  	int oldns = -1;
> > >  	int newns = -1;
> > > +	char *oldcwd = NULL;
> > >  
> > >  	if (nc == NULL)
> > >  		return;
> > > @@ -199,9 +201,13 @@ void nsinfo__mountns_enter(struct nsinfo *nsi,
> > >  	if (snprintf(curpath, PATH_MAX, "/proc/self/ns/mnt") >= PATH_MAX)
> > >  		return;
> > >  
> > > +	oldcwd = get_current_dir_name();
> > > +	if (!oldcwd)
> > > +		return;
> > > +
> > >  	oldns = open(curpath, O_RDONLY);
> > >  	if (oldns < 0)
> > > -		return;
> > > +		goto errout;
> > >  
> > >  	newns = open(nsi->mntns_path, O_RDONLY);
> > >  	if (newns < 0)
> > > @@ -210,11 +216,14 @@ void nsinfo__mountns_enter(struct nsinfo *nsi,
> > >  	if (setns(newns, CLONE_NEWNS) < 0)
> > >  		goto errout;
> > >  
> > > +	nc->oldcwd = oldcwd;
> > >  	nc->oldns = oldns;
> > >  	nc->newns = newns;
> > >  	return;
> > >  
> > >  errout:
> > > +	if (oldcwd)
> > > +		free(oldcwd);

right, ok

> > 
> > Applied, and while at it I removed the needless if in the above two
> > lines.
> > 
> > >  	if (oldns > -1)
> > >  		close(oldns);
> > >  	if (newns > -1)
> > > @@ -223,11 +232,16 @@ void nsinfo__mountns_enter(struct nsinfo *nsi,
> > >  
> > >  void nsinfo__mountns_exit(struct nscookie *nc)
> > >  {
> > > -	if (nc == NULL || nc->oldns == -1 || nc->newns == -1)
> > > +	if (nc == NULL || nc->oldns == -1 || nc->newns == -1 || !nc->oldcwd)
> > >  		return;
> > >  
> > >  	setns(nc->oldns, CLONE_NEWNS);
> > >  
> > > +	if (nc->oldcwd) {
> > > +		WARN_ON_ONCE(chdir(nc->oldcwd));
> > > +		free(nc->oldcwd);
> > > +	}
> > > +
> 
> Also changed the above to zfree(&nc->oldcwd) as this is in a struct
> member, that is not freed by the freeing caller
> (nsinfo__mountns_exit()), to avoid later possible use-after-free (I
> haven't checked if it _actually_ happens with the current codebase, but
> it could) also to match the following block, where the resource is
> released and then the handler is invalidated.

great, thanks

jirka