From: Dmitry Safonov <dima@arista.com>
To: linux-kernel@vger.kernel.org
Cc: Dmitry Safonov <0x7f454c46@gmail.com>,
Dmitry Safonov <dima@arista.com>, Adrian Reber <adrian@lisas.de>,
Andrei Vagin <avagin@openvz.org>,
Andy Lutomirski <luto@kernel.org>,
Christian Brauner <christian.brauner@ubuntu.com>,
Cyrill Gorcunov <gorcunov@openvz.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Jeff Dike <jdike@addtoit.com>, Oleg Nesterov <oleg@redhat.com>,
Pavel Emelyanov <xemul@virtuozzo.com>,
Shuah Khan <shuah@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
containers@lists.linux-foundation.org, criu@openvz.org,
linux-api@vger.kernel.org, x86@kernel.org
Subject: [RFC 11/20] x86/vdso: Purge timens page on setns()/unshare()/clone()
Date: Wed, 19 Sep 2018 21:50:28 +0100 [thread overview]
Message-ID: <20180919205037.9574-12-dima@arista.com> (raw)
In-Reply-To: <20180919205037.9574-1-dima@arista.com>
Find page with timens offsets on vvar and flush mapping for it during
entering/creating another time namespace.
Prevents application to have stale mapping from old namespace.
(as old namespace might be destroyed on the moment of userspace access,
it also prevents leaks from kernel).
Signed-off-by: Dmitry Safonov <dima@arista.com>
---
arch/x86/entry/vdso/vma.c | 31 +++++++++++++++++++++++++++++++
arch/x86/include/asm/vdso.h | 1 +
kernel/time_namespace.c | 12 ++++++++++++
3 files changed, 44 insertions(+)
diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
index 0f92227a4a7e..90eadcfcb7f5 100644
--- a/arch/x86/entry/vdso/vma.c
+++ b/arch/x86/entry/vdso/vma.c
@@ -25,6 +25,7 @@
#include <asm/cpufeature.h>
#include <asm/mshyperv.h>
#include <asm/page.h>
+#include <asm/tlbflush.h>
#if defined(CONFIG_X86_64)
unsigned int __read_mostly vdso64_enabled = 1;
@@ -158,6 +159,36 @@ static int vvar_fault(const struct vm_special_mapping *sm,
return VM_FAULT_SIGBUS;
}
+static void clear_flush_timens_pte(struct mm_struct *mm, unsigned long addr)
+{
+ spinlock_t *ptl;
+ pte_t *ptep;
+
+ if (follow_pte_pmd(mm, addr, NULL, NULL, &ptep, NULL, &ptl))
+ return; /* no pte found */
+ ptep_get_and_clear(mm, addr, ptep);
+ pte_unmap_unlock(ptep, ptl);
+ flush_tlb_mm_range(mm, addr, addr + PAGE_SIZE, VM_NONE);
+}
+
+int vvar_purge_timens(struct task_struct *task)
+{
+ struct mm_struct *mm = task->mm;
+ const struct vdso_image *image;
+ unsigned long addr;
+
+ if (down_write_killable(&mm->mmap_sem))
+ return -EINTR;
+
+ image = mm->context.vdso_image;
+
+ addr = (unsigned long)mm->context.vdso + image->sym_timens_page;
+ clear_flush_timens_pte(mm, addr);
+
+ up_write(&mm->mmap_sem);
+ return 0;
+}
+
static const struct vm_special_mapping vdso_mapping = {
.name = "[vdso]",
.fault = vdso_fault,
diff --git a/arch/x86/include/asm/vdso.h b/arch/x86/include/asm/vdso.h
index 619322065b8e..98b02481137c 100644
--- a/arch/x86/include/asm/vdso.h
+++ b/arch/x86/include/asm/vdso.h
@@ -45,6 +45,7 @@ extern const struct vdso_image vdso_image_32;
extern void __init init_vdso_image(const struct vdso_image *image);
extern int map_vdso_once(const struct vdso_image *image, unsigned long addr);
+extern int vvar_purge_timens(struct task_struct *task);
#endif /* __ASSEMBLER__ */
diff --git a/kernel/time_namespace.c b/kernel/time_namespace.c
index f96871cb8124..f88ae0e17d92 100644
--- a/kernel/time_namespace.c
+++ b/kernel/time_namespace.c
@@ -14,6 +14,7 @@
#include <linux/proc_ns.h>
#include <linux/sched/task.h>
#include <linux/mm.h>
+#include <asm/vdso.h>
static struct ucounts *inc_time_namespaces(struct user_namespace *ns)
{
@@ -91,9 +92,15 @@ static struct time_namespace *clone_time_ns(struct user_namespace *user_ns,
struct time_namespace *copy_time_ns(unsigned long flags,
struct user_namespace *user_ns, struct time_namespace *old_ns)
{
+ int ret;
+
if (!(flags & CLONE_NEWTIME))
return get_time_ns(old_ns);
+ ret = vvar_purge_timens(current);
+ if (ret)
+ return ERR_PTR(ret);
+
return clone_time_ns(user_ns, old_ns);
}
@@ -138,11 +145,16 @@ static void timens_put(struct ns_common *ns)
static int timens_install(struct nsproxy *nsproxy, struct ns_common *new)
{
struct time_namespace *ns = to_time_ns(new);
+ int ret;
if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN) ||
!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
return -EPERM;
+ ret = vvar_purge_timens(current);
+ if (ret)
+ return ret;
+
get_time_ns(ns);
put_time_ns(nsproxy->time_ns);
nsproxy->time_ns = ns;
--
2.13.6
next prev parent reply other threads:[~2018-09-19 20:51 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-19 20:50 [RFC 00/20] ns: Introduce Time Namespace Dmitry Safonov
2018-09-19 20:50 ` [RFC 01/20] " Dmitry Safonov
2018-09-28 18:20 ` Laurent Vivier
2018-09-19 20:50 ` [RFC 02/20] timens: Add timens_offsets Dmitry Safonov
2018-09-20 18:45 ` Cyrill Gorcunov
2018-09-20 22:14 ` Cyrill Gorcunov
2018-09-19 20:50 ` [RFC 03/20] timens: Introduce CLOCK_MONOTONIC offsets Dmitry Safonov
2018-09-19 20:50 ` [RFC 04/20] timens: Introduce CLOCK_BOOTTIME offset Dmitry Safonov
2018-09-30 3:18 ` [LKP] [timens] 3cc8de9dcb: RIP:posix_get_boottime kernel test robot
2018-09-19 20:50 ` [RFC 05/20] timerfd/timens: Take into account ns clock offsets Dmitry Safonov
2018-09-19 20:50 ` [RFC 06/20] kernel: Take into account timens clock offsets in clock_nanosleep Dmitry Safonov
2018-09-19 20:50 ` [RFC 07/20] timens: Shift /proc/uptime Dmitry Safonov
2018-09-19 20:50 ` [RFC 08/20] x86/vdso: Restrict splitting vvar vma Dmitry Safonov
2018-09-19 20:50 ` [RFC 09/20] x86/vdso/timens: Add offsets page in vvar Dmitry Safonov
2018-09-19 20:50 ` [RFC 10/20] x86/vdso: Use set_normalized_timespec() to avoid 32 bit overflow Dmitry Safonov
2018-09-19 20:50 ` Dmitry Safonov [this message]
2018-09-19 20:50 ` [RFC 12/20] x86/vdso: Look for vvar vma to purge timens page Dmitry Safonov
2018-09-19 20:50 ` [RFC 13/20] posix-timers/timens: Take into account clock offsets Dmitry Safonov
2018-09-30 3:11 ` [LKP] [posix] 25217c6e39: BUG:KASAN:null-ptr-deref_in_c kernel test robot
2018-09-19 20:50 ` [RFC 14/20] timens: Add align for timens_offsets Dmitry Safonov
2018-09-19 20:50 ` [RFC 15/20] timens: Optimize zero-offsets Dmitry Safonov
2018-09-19 20:50 ` [RFC 16/20] selftest: Add Time Namespace test for supported clocks Dmitry Safonov
2018-09-24 21:36 ` Shuah Khan
2018-09-19 20:50 ` [RFC 17/20] selftest/timens: Add test for timerfd Dmitry Safonov
2018-09-19 20:50 ` [RFC 18/20] selftest/timens: Add test for clock_nanosleep Dmitry Safonov
2018-09-19 20:50 ` [RFC 19/20] timens/selftest: Add procfs selftest Dmitry Safonov
2018-09-19 20:50 ` [RFC 20/20] timens/selftest: Add timer offsets test Dmitry Safonov
2018-09-21 12:27 ` [RFC 00/20] ns: Introduce Time Namespace Eric W. Biederman
2018-09-24 20:51 ` Andrey Vagin
2018-09-24 22:02 ` Eric W. Biederman
2018-09-25 1:42 ` Andrey Vagin
2018-09-26 17:36 ` Eric W. Biederman
2018-09-26 17:59 ` Dmitry Safonov
2018-09-27 21:30 ` Thomas Gleixner
2018-09-27 21:41 ` Thomas Gleixner
2018-10-01 23:20 ` Andrey Vagin
2018-10-02 6:15 ` Thomas Gleixner
2018-10-02 21:05 ` Dmitry Safonov
2018-10-02 21:26 ` Thomas Gleixner
2018-09-28 17:03 ` Eric W. Biederman
2018-09-28 19:32 ` Thomas Gleixner
2018-10-01 9:05 ` Eric W. Biederman
2018-10-01 9:15 ` Setting monotonic time? Eric W. Biederman
2018-10-01 18:52 ` Thomas Gleixner
2018-10-02 20:00 ` Arnd Bergmann
2018-10-02 20:06 ` Thomas Gleixner
2018-10-03 4:50 ` Eric W. Biederman
2018-10-03 5:25 ` Thomas Gleixner
2018-10-03 6:14 ` Eric W. Biederman
2018-10-03 7:02 ` Arnd Bergmann
2018-10-03 6:14 ` Thomas Gleixner
2018-10-01 20:51 ` Andrey Vagin
2018-10-02 6:16 ` Thomas Gleixner
2018-10-21 1:41 ` [RFC 00/20] ns: Introduce Time Namespace Andrei Vagin
2018-10-21 3:54 ` Andrei Vagin
2018-10-29 20:33 ` Thomas Gleixner
2018-10-29 21:21 ` Eric W. Biederman
2018-10-29 21:36 ` Thomas Gleixner
2018-10-31 16:26 ` Andrei Vagin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180919205037.9574-12-dima@arista.com \
--to=dima@arista.com \
--cc=0x7f454c46@gmail.com \
--cc=adrian@lisas.de \
--cc=avagin@openvz.org \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux-foundation.org \
--cc=criu@openvz.org \
--cc=ebiederm@xmission.com \
--cc=gorcunov@openvz.org \
--cc=hpa@zytor.com \
--cc=jdike@addtoit.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xemul@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).