From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753244AbbHMQIj (ORCPT <rfc822;w@1wt.eu>);
	Thu, 13 Aug 2015 12:08:39 -0400
Received: from out01.mta.xmission.com ([166.70.13.231]:43393 "EHLO
	out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752484AbbHMQIh (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 13 Aug 2015 12:08:37 -0400
From: ebiederm@xmission.com (Eric W. Biederman)
To: Oleg Nesterov <oleg@redhat.com>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>,
        Andrew Morton <akpm@linux-foundation.org>,
        Kees Cook <keescook@chromium.org>, David Howells <dhowells@redhat.com>,
        linux-kernel@vger.kernel.org, Peter Zijlstra <peterz@infradead.org>,
        Ingo Molnar <mingo@kernel.org>,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        Rik van Riel <riel@redhat.com>,
        Vladimir Davydov <vdavydov@parallels.com>,
        Ricky Zhou <rickyz@chromium.org>, Julien Tinnes <jln@google.com>
References: <20150728221111.GA23391@node.dhcp.inet.fi>
	<20150805172356.GA20490@redhat.com>
	<87wpx9sjhq.fsf@x220.int.ebiederm.org>
	<87614tr2jd.fsf@x220.int.ebiederm.org>
	<20150806130629.GA4728@redhat.com> <20150806134426.GA6843@redhat.com>
	<871tf9cnbi.fsf_-_@x220.int.ebiederm.org>
	<87vbclb8op.fsf_-_@x220.int.ebiederm.org>
	<20150812174847.GA6703@redhat.com>
	<87wpx046s6.fsf_-_@x220.int.ebiederm.org>
	<20150813125704.GB13984@redhat.com>
Date: Thu, 13 Aug 2015 11:01:46 -0500
In-Reply-To: <20150813125704.GB13984@redhat.com> (Oleg Nesterov's message of
	"Thu, 13 Aug 2015 14:57:04 +0200")
Message-ID: <87k2szw51x.fsf@x220.int.ebiederm.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-XM-AID: U2FsdGVkX1+cuGRvhEwJEf/lrWSXbJ4QfOyKzC8o/lY=
X-SA-Exim-Connect-IP: 67.3.205.173
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
	*  0.0 TVD_RCVD_IP Message was received from an IP address
	*  0.7 XMSubLong Long Subject
	*  0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available.
	*  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
	*      [score: 0.5000]
	* -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
	*      [sa07 1397; Body=2 Fuz1=2 Fuz2=2]
	*  0.1 XMSolicitRefs_0 Weightloss drug
X-Spam-DCC: XMission; sa07 1397; Body=2 Fuz1=2 Fuz2=2 
X-Spam-Combo: ;Oleg Nesterov <oleg@redhat.com>
X-Spam-Relay-Country: 
X-Spam-Timing: total 713 ms - load_scoreonly_sql: 0.09 (0.0%),
	signal_user_changed: 4.1 (0.6%), b_tie_ro: 2.8 (0.4%), parse: 1.31 (0.2%),
	extract_message_metadata: 4.4 (0.6%), get_uri_detail_list: 1.65 (0.2%),
	tests_pri_-1000: 6 (0.9%), tests_pri_-950: 1.93 (0.3%), tests_pri_-900: 1.73
	(0.2%), tests_pri_-400: 28 (3.9%), check_bayes: 26 (3.6%), b_tokenize: 7
	(1.0%), b_tok_get_all: 8 (1.1%), b_comp_prob: 2.9 (0.4%), b_tok_touch_all: 6
	(0.8%), b_finish: 0.79 (0.1%), tests_pri_0: 644 (90.3%), tests_pri_500: 7
	(1.0%), rewrite_mail: 0.00 (0.0%)
Subject: Re: [PATCH v2] unshare: Unsharing a thread does not require unsharing a vm
X-Spam-Flag: No
X-SA-Exim-Version: 4.2.1 (built Wed, 24 Sep 2014 11:00:52 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Oleg Nesterov <oleg@redhat.com> writes:

> On 08/12, Eric W. Biederman wrote:
>>
>> +	if (unshare_flags & (CLONE_SIGHAND | CLONE_VM)) {
>> +		if (atomic_read(&current->sighand->count) > 1)
>> +			return -EINVAL;
>> +	}
>
> I am still not sure we want this... please the the previous email.

Reading your other email I did not see why you thought this check was
unnecessary.

> But perhaps I missed something.

In short:
clone(VM) --> mm_users > 1 && sighand_struct->count == 1
followed by:
unshare(SIGHAND)
the unshare should succeed.

Meanwhile:
clone(VM|SIGHAND) --> mm_users > 1 && sighand_struct->count > 1
followed by:
unshare(SIGHAND)
the unshare should fail.

I actually tested both of these cases and my patch works properly.

Not that I expect that there is anyone actually calling unshare(SIGHAND)
but unless we figure out how to remove the code, the code should
function correctly.  If for no other reason than to not confuse people
reading and maintaining the code.

Further I have audited the callers and we don't have anyone playing
games with sighand->count.  There is an implementation of unsharing the
sighand_struct in dethread in fs/exec.c that relies on this.

Other possible tests such as current_is_single_threaded() and
thread_group_empty() fail at the wrong times to be used.

So I think it is clear that testing for a private sighand_struct is
necessaring and testing sighand->count is a perfectly fine test.

Eric