Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S941278AbcJXTBA (ORCPT ); Mon, 24 Oct 2016 15:01:00 -0400 Received: from mail-db5eur01on0119.outbound.protection.outlook.com ([104.47.2.119]:54592 "EHLO EUR01-DB5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S938816AbcJXTAy (ORCPT ); Mon, 24 Oct 2016 15:00:54 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=avagin@virtuozzo.com; Date: Mon, 24 Oct 2016 12:00:35 -0700 From: Andrey Vagin To: Cyrill Gorcunov CC: "Eric W. Biederman" , LKML , Pavel Emelyanov Subject: Re: [ISSUE] mm: Add a user_ns owner to mm_struct and fix ptrace_may_access Message-ID: <20161024190034.GA29407@outlook.office365.com> References: <20161024105959.GQ1847@uranus.lan> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Disposition: inline In-Reply-To: <20161024105959.GQ1847@uranus.lan> User-Agent: Mutt/1.7.0 (2016-08-17) X-Originating-IP: [162.246.95.100] X-ClientProxiedBy: CY1PR21CA0029.namprd21.prod.outlook.com (10.161.247.39) To AM5PR0801MB1969.eurprd08.prod.outlook.com (10.168.158.8) X-MS-Office365-Filtering-Correlation-Id: 217e4472-b99d-4e77-b80f-08d3fc4012b2 X-Microsoft-Exchange-Diagnostics: 1;AM5PR0801MB1969;2:BXSFKztMs/8My5df1Jo2yo9oA/uX5VtWVj3Ohpo0Fe1+/7kNhob8HBH+Br1oOZSBvem88su/M0sspqn1nafHBFEr50/qebvxPVJy0qvG7+yGdx8AfO2H3ebVjztUcfn/tGd6cwiH857htMJVY1eCdlKJwkp7spv3AJ0SwVu+qoa/pi3Xt+kNWedJwBS5CQCijI5XoY241uE9nY4HsDxI9Q==;3:4vqtHAs9hkbbXFi4gKve6bzFO+cMNsgpz7UBS0CipVRdc30OdpGOMuk9gFDrdqn23TEtQ4AHIDTsMGIllD5duLFBSU9LoicrRNsQylJRup0VHZ/CLAHMYFc16jzgIBf5DSC3pSHGaosMwCW4i2UDwQ== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AM5PR0801MB1969; X-Microsoft-Exchange-Diagnostics: 1;AM5PR0801MB1969;25:SEQvpMs8g5fKrbDjjmfy6kgx9Wh1QcCPi6SVn22rAKRBYt+L9emlYMsirL4JA8+TxSv4ismO6upvchzQnLsQmZnbJXhOSVsbpjz0KrdzkH/uI4U1wOprEqDNJTcHsD1TYV4HLMwAr07ptB9xaCUHZ5wsEct8DWuYEEri5mkJyum03FPVe7PI4eZrngQ4sLXZKlN8jUxqESBl9pvgcu+VtC64VnFknJIP6+biCTv411aMqnKQSrO7Ajcg9gmtlmDmDvl5l+Irgrsg45t/PjQwU1oEu8E8CmfUvf6P6moqDJ+6DkSgzktqRpDrrcMk8p7RwdEuaeZXgbhhIwqGpQ55NLJAnKil8bLXGKqel6seT99xaQ1qtbf2MY2GeC/JMfrM6Tyfo+34mJUPqQraxnAyclFTEFeZumc+jRjP8300DARqoKTXpzdIkAm2JeJIN0qMyQD4hz5ObwrEpKEDaHgPSvaxgOW1WJd87ZmQdmg7jrysCVxvedpgfQN1j7NiqEStTpVIKjBtOFM8Zoa/UmNx23VfcLxZwdHIwNSaj9R7DwPtVZhnJFJtKfUELOkFOoYuE4eOf8O+cZXpkvQfevZJrc2N/n9wwScJRbW4Dub679A5PP4U/P5BhYzNZ6Yf5IeJVzOrlNVSYKtvlWpQ8oG6PTYb6rgG+wphbcQ+Ytiy2Qrgfq/eesVUHRmYsPkSoZXotzsailGvKPtgL2uExMw1+vB0RxvckBjB1vWnR8ZssP886WuknNlpBiJGjJeCFBDDnQhrCmBGLJSqLNeojKCT3Yp9HqkDw1NHSj/PNyId0xVvxxTJZ9LFs3qiv9TEP1tw3+3aWvcMCvpy+4ySAGEbCaLvJKf+59aBNWLVMGP/W+k= X-Microsoft-Exchange-Diagnostics: 1;AM5PR0801MB1969;31:9FFdqohrrxcohCUjAgpVok3WA4Ws+vh3qzzI9sZfnPIy0HVQl8CEBeT1938/cNckTYJFWjPUggYxkF7Aw3u03zaXIT4V4V5ml6ppChd3fLltYoSGSrZPjoIksSvYUtUa6/362RAGshyhGD1+qYwtO16AMSCSbMhKflTdSozUmq0Yv9H3e/7fPieA1iCrSk2TB/fS1VmIAzh2C2+Xy1cNP1GVckdF3/SFvIcQIoGhzhaRzD2wsppJ8JZZy1wCIBSi;4:BPHDjODNbQm0PAGvtYRGF+n3d4fTe0qJAzzZRrMQ7m+PY1a19P0V27j4Xfg4H0O/WsblXjJfuvZRGZ72iaKwzKdzskkMBB3o3k0ZLcSL53Dw4pbod3q2JnckzlZLh5aZz+vEBU14cMBTkn+6qkNHI2EmUgK6Kf4TUFmyarUGJpYQjcS7q6EHAeSu3SfFHidV7Q6cf60RriXnZc745lNVU2fahFvmIyh6q4OpqWa8uATn1Iu6xbqvFgtdGJNcQgmQC9a2VNLWNhDBq5Row9PQbgZPv3YHr1h/2JcGf4Y8Qc2qnGLvvOcIl8PcujTxWdl3w9B3Cff5fd31NeHvdDWCXCl7KdTGfauK/A59BuJOK0duhbB+gmiT5vH/eWHljKsNmvFNweoDMqhURFIplslCKR/s4N9e3wombteBn1/qCKyYzu/aezYeAhWT7v30pW7o X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6043046)(6042046);SRVR:AM5PR0801MB1969;BCL:0;PCL:0;RULEID:;SRVR:AM5PR0801MB1969; X-Forefront-PRVS: 0105DAA385 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(7916002)(199003)(24454002)(189002)(77096005)(107886002)(54356999)(76176999)(50986999)(33656002)(189998001)(110136003)(4001350100001)(92566002)(15975445007)(101416001)(69596002)(106356001)(105586002)(42186005)(5660300001)(53416004)(3846002)(97736004)(6116002)(19580405001)(19580395003)(586003)(1076002)(9686002)(23686003)(305945005)(7736002)(50466002)(7846002)(4001430100002)(68736007)(81166006)(86362001)(575784001)(4326007)(2906002)(2950100002)(6666003)(83506001)(66066001)(81156014)(8676002)(6916009)(47776003)(1411001)(7099028)(18370500001)(26326002);DIR:OUT;SFP:1102;SCL:1;SRVR:AM5PR0801MB1969;H:outlook.office365.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?koi8-r?Q?1;AM5PR0801MB1969;23:O6DRM6HwylhckIU86yy+fW8tQMz1XQZiUfxYyCDSs?= =?koi8-r?Q?4WRuHAhAzA7giN9AiBtwzHOfZUVr+iSnDUs67xfMRZPfM3Bu+m6LQtFbxLYyV4?= =?koi8-r?Q?FOm/kYEtXRtPv1HH9Ed7JmFF3WfqgCElBeESk11nu+aFGGC3AZhW4XF+3fWgWp?= =?koi8-r?Q?hq+WaxmVtYTs2nibAO93rkGgQOlYnzouQnvtHrl5d7a5iplFYLXavravZERVxb?= =?koi8-r?Q?1r5HIXIBvIGhLOFMSuetTycbd7VW40qb4HdDu/9qcXFkZL18nQYlqA9DD8wNlg?= =?koi8-r?Q?hTk1w5ISSH4u26ILey1o55LR8S6+Hh54vLimUQgr2JazE4EH4dMT0j1jyT1KMD?= =?koi8-r?Q?Xi36BeNjz1pIGETR2xkROCbuzGFq2PBeuB2BxcIBNJ/I2ORlRFnH6mHoi/0p75?= =?koi8-r?Q?vySF/peqpCpXhWjk1LiQ+wRvgFzZVmmMOWT4QpYZu9t+RhKAZzmxqjunu6PNeU?= =?koi8-r?Q?jU3jdOKqQ7RzVVnJN3NC2OpZVMj0yWmn1Qdfb2AWbcKYHW4XpNXnInVtg5iIxW?= =?koi8-r?Q?94J9l316EtL9R9COlLFdjksD1bs33UC0aItaFICV/4I/EGfjRo4UnUmue6H4MF?= =?koi8-r?Q?mw3CM7CDFlBmFIWJr8722E+TbBZsv/1LyEQQeBZLpfOxbfBaQAWRuo6dS3knT3?= =?koi8-r?Q?30iugopDUkPwFK7BKQvrw1e5UEpiUzDaQKhMEait7A6IN4+mDFfomAr4PB+RpK?= =?koi8-r?Q?NA2BgOYdB5Eg4kqRTH3+zD60EQcU1K/60R/18Yx+Nn1rI28uPm3wQBdIQpcY6c?= =?koi8-r?Q?s3LK4gooNX/JBlOs9JRZRTGepj8Hib1m2t1dxKQpmrIaLCHpOYzsvFARm11qSq?= =?koi8-r?Q?jthzhVfE6SgmfIZ2dlxw4M6GeoxC8Rn72y5JliSA+qP1KWvOfSGR14sneFjjAq?= =?koi8-r?Q?ybtpIgtyXSUw3tVONPl5+r7Fyymaa/koeK/8WjZWEKFtvoB5NoFt6jS2i2Yk1j?= =?koi8-r?Q?nQt/X7LUKmm2OhHmJ8XCkiwW9yPMPNbbJeM78dnHBtuihKy5O4mowt1zyJJQrv?= =?koi8-r?Q?/x1TAKpfJpPfRXJlyuJDVT//T9RdWJzlkw02bTs3iLMTBygPiOIjDeRLqC/e/2?= =?koi8-r?Q?Rxweacqm4kzL/xw2HUYfwNvLUl+2XfT4dpW8RCnQd0NSY23la7NIUx0tPSr9um?= =?koi8-r?Q?ZA0Gkqa1AdgqfROn9IT7S5fsuAY0UqG/qHQZqRQyXqQnH0ajYDCHWZJV79fGBn?= =?koi8-r?Q?3zwCrvSx5egPqfIKuJJXcut4Ca83/8QmwkWLwZL9bUdFz5qVI/B5zwG2YWJtfw?= =?koi8-r?Q?p3sCfZ1sdCWe++xn5u3vfI1PbQBMSUTFqQMRtp3AeF0iPFMqH4RWhSADnnKFB2?= =?koi8-r?Q?dvA2PN92p/6XhGMnx9tlbux+HZvFzvp9C/igq8dlZxB8=3D?= X-Microsoft-Exchange-Diagnostics: 1;AM5PR0801MB1969;6:8JchQreXUJ0uzdrmekKrHHzLd0XF4DGEvEcQ4nV3o2pZ1XBcBizFRwcE9ZEJ48zm6n8xeffcDlD1b2tTLPiV/k8uFloiykCWvgiq6FQJGSSDVry9FEUqNth7mG+z/bHI7rsRXWJXzo5KKy7ea19iEvQWWDd/F4cxL0Ci44FqEXGpIVaiNOmcJVbbRH+rU/Mj9YMDaiTQFl5cD+09/QWhpK+GI0gJoyDU7GJCJrPK2uVLP6rLxKdWcDGDP7ClMXpb19mXhFPkiK9FvCwIJX0H97/UAeRiLn6tHTCK6tUbs4phxwuhW16uD5rA6lutIctKAoPldKuZMvuH+40x9pVUSQ==;5:bgvXtAkbmt5sqe4GR3xzfy61yI8rpvze8T3w0gXSD250elt0Jv0XUGgzUhYxM9LNe0aYaNQokNf7IHWWJ67waRQ54NRkD8Ooqga1Al1jJoFQoPyF8dtDpTg3d1hMBSMOSc717N1Gf2CfP6D6sRweHQ==;24:vMJtrAuAHQ0GTpc6FjYf8wZFxJvDnNh2phv5cpWfvn6NiC20ixNc/8TB5ickhrNpALzuHJGTkglT93qgkDJWs11rDfRsD8sDeyE/i8J5NQc= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;AM5PR0801MB1969;7:qAWBuZ4jGq0FaHF5ECeOsT9DNJXtENj1ajnCbzWKu5ig7cVHDXmOsAcETkZv4GUl5+FPWFAJMTJ09V89H8m0DVYgOH0T4GyJEGBU14OvZGoXWoMPhvAkSTvvMgrfhJ+gTAHSi0spRlzJcZpI2OBs8sO/UGiNQoUdfOXRriCxEMpSMBnP9wW5LlN36O3sXTcZ9BtBfrP/IoFM/i1Ps7K7PTCCeAbOFcAiB89scwX609OidYb/zJOt0nz4ndY4NYpgTmXwV47vVVuaNxszT2BAuAOO2WCeBBXmbLAM4sxy/WUOXwXjtsflGXftqRL3EoVSnjF1Ku9fpdw9Cbmra6zvokAnVQDU3Gq9nZFtPHduRiw=;20:X/gzJaQhmh7tndfSASHGBSjZqDkg3jm7+6HkyKCuDdUBuQVWbaAYseqhwEa+8v6orMLkberBfG3TwGUKF2b1bbB1tG0qSU8ne9zKPRbd7Bahjp8dk5GO7TAScunKHiHd1/mWWtHKrBssRpH2Ae7sRxaveACQ7Xy7J1i5j0l4soU= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2016 19:00:50.1602 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0801MB1969 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1933 Lines: 51 On Mon, Oct 24, 2016 at 01:59:59PM +0300, Cyrill Gorcunov wrote: > Hi Eric! A few days ago we've noticed that our zombie00 test case started > failing: https://ci.openvz.org/job/CRIU/view/All/job/CRIU-linux-next/406/console > --- > ======================== Run zdtm/static/zombie00 in h ========================= > Start test > ./zombie00 --pidfile=zombie00.pid --outfile=zombie00.out > Run criu dump > Run criu restore > Send the 15 signal to 30 > Wait for zdtm/static/zombie00(30) to die for 0.100000 > ################ Test zdtm/static/zombie00 FAIL at result check ################ > > I've narrowed problem down to commit > > | From ce99dd5fd5f600f9f4f0d37bb8847c1cb7c6e4fc Mon Sep 17 00:00:00 2001 > | From: "Eric W. Biederman" > | Date: Thu, 13 Oct 2016 21:23:16 -0500 > | Subject: [PATCH] mm: Add a user_ns owner to mm_struct and fix > | ptrace_may_access > | > | During exec dumpable is cleared if the file that is being executed is > | not readable by the user executing the file. A bug in > | ptrace_may_access allows reading the file if the executable happens to > | enter into a subordinate user namespace (aka clone(CLONE_NEWUSER), > | unshare(CLONE_NEWUSER), or setns(fd, CLONE_NEWUSER). > > and the reason is that the zombie tasks do not have task::mm and in resut > we're obtaining -EPERM when trying to read task->exit_code from /proc/pid/stat. To be precise, we are obtaining 0 instead of task->exit_ode, because permitted is false: static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, ... permitted = ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS | PTRACE_MODE_NOAUDIT); ... if (permitted) seq_put_decimal_ll(m, " ", task->exit_code); else seq_puts(m, " 0"); > > Looking into commit I suspect when mm = NULL we've to move back the test > ptrace_has_cap(__task_cred(task)->user_ns, mode)?