From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753212AbbHETkk (ORCPT <rfc822;w@1wt.eu>);
	Wed, 5 Aug 2015 15:40:40 -0400
Received: from mail-io0-f177.google.com ([209.85.223.177]:34081 "EHLO
	mail-io0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752007AbbHETkj (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 5 Aug 2015 15:40:39 -0400
MIME-Version: 1.0
In-Reply-To: <878u9psix0.fsf@x220.int.ebiederm.org>
References: <20150728171500.GA2871@www.outflux.net>
	<87d1zcm9iz.fsf@x220.int.ebiederm.org>
	<CAJmxDmRZTF1BFG5p3KfCTuBLLWFNNzxtDyacWJp4S=mTW7Aoww@mail.gmail.com>
	<CAGXu5jLWp=mMH5rCO-jcBVEH5jpfS2nckrO+bvon0TSNH2rfcw@mail.gmail.com>
	<878u9psix0.fsf@x220.int.ebiederm.org>
Date: Wed, 5 Aug 2015 12:40:38 -0700
X-Google-Sender-Auth: uyxt3bARlDvwdUCO1nATftckFZY
Message-ID: <CAGXu5jKgSgoWjTXVsnGASsUXSiD9Wq5DSF8_U1XKhhJbNdxyVQ@mail.gmail.com>
Subject: Re: [PATCH] user_ns: use correct check for single-threadedness
From: Kees Cook <keescook@chromium.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Ricky Zhou <rickyz@google.com>, Oleg Nesterov <oleg@redhat.com>,
        David Howells <dhowells@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Peter Zijlstra <peterz@infradead.org>, Ingo Molnar <mingo@kernel.org>,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        Rik van Riel <riel@redhat.com>,
        Vladimir Davydov <vdavydov@parallels.com>,
        Julien Tinnes <jln@google.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Aug 5, 2015 at 11:13 AM, Eric W. Biederman
<ebiederm@xmission.com> wrote:
> Kees Cook <keescook@chromium.org> writes:
>
>> On Tue, Jul 28, 2015 at 1:55 PM, Ricky Zhou <rickyz@google.com> wrote:
>>> On Tue, Jul 28, 2015 at 11:17 AM, Eric W. Biederman
>>> <ebiederm@xmission.com> wrote:
>>>> Kees Cook <keescook@chromium.org> writes:
>>>>
>>>>> From: Ricky Zhou <rickyz@chromium.org>
>>>>>
>>>>> Checking mm_users > 1 does not mean a process is multithreaded. For
>>>>> example, reading /proc/PID/maps temporarily increments mm_users, allowing
>>>>> other processes to (accidentally) interfere with unshare() calls.
>>>>>
>>>>> This fixes observed failures of unshare(CLONE_NEWUSER) incorrectly
>>>>> returning EINVAL if another processes happened to be simultaneously
>>>>> reading the maps file.
>>>>>
>>>>> Signed-off-by: Ricky Zhou <rickyz@chromium.org>
>>>>> Signed-off-by: Kees Cook <keescook@chromium.org>
>>>>> Cc: stable@vger.kernel.org
>>>>
>>>> This looks like a good fix.  Any chance you can drudge up the commit where
>>>> this hack came in so that Greg & Company know how far to back port this?
>>>
>>> userns_install in user_namespace.c (affects setns of a user
>>> namespace): cde1975bc242f3e1072bde623ef378e547b73f91.
>>>
>>> The check in check_unshare_flags is a little more complex. The
>>> incorrect check was added in
>>> cf2e340f4249b781b3d2beb41e891d08581f0e10 but I don't think it would
>>> have triggered under any supported combination of flags at that point.
>>>
>>> From 50804fe3737ca6a5942fdc2057a18a8141d00141 until
>>> 6e556ce209b09528dbf1931cbfd5d323e1345926, the bug affected
>>> unshare(CLONE_NEWPID).
>>
>> That's back to v3.8, so this goes quite a way, it seems.
>
> This patch was marked as CC' stable.  The question I am asking is this
> problem bad enough that backporting this change to stable makes sense?

I have no problem dropping the CC. At the time it seemed like a clear
bug fix appropriate for stable. If you feel differently, please remove
the CC. :)

-Kees

-- 
Kees Cook
Chrome OS Security