Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp6506813imm;
        Mon, 23 Jul 2018 20:29:51 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpdKLG7nDGSR31CdYsEgwrhjpEPhzMry57k/NMsWBvvWLCEdFsLwWRAFwi7vFsROwlVoDmdu
X-Received: by 2002:a17:902:bb0d:: with SMTP id l13-v6mr1102570pls.5.1532402991574;
        Mon, 23 Jul 2018 20:29:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1532402991; cv=none;
        d=google.com; s=arc-20160816;
        b=eIReTUf6TSJYfBwKpW8puDuoP/gosEf02MR+YxRzbE7pRe9Hi/ZjhQAmzkXkazIVDK
         YaXBlHw2GoSFsQ2MI+bX3bBw4sYyw/BsORTnE4feeH+TwNusyz8kHKzrW2MmE+LzqVTG
         VH3sCgkGy2ads0OSzKmYVC+ePxyUesjiBTrnvXm6N3gehLIs128aeOxt7S0vrJdaxF+h
         Ds0dpXWhvkMOgmBAyzAH/Nj9llTxLk/AZWMryZozxwCVftsa6VaEgx6M2GA7PLEHAXuS
         1D4sUNwtCuHd3z9CSy9lxk/SMMfHSlYYlKFs1M7jf9/FHSsIGZFoUJ8eTV45OXaKALUY
         VE4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:subject:references:in-reply-to:message-id
         :date:cc:to:from:arc-authentication-results;
        bh=QIIWjc+Aq2AjCDE0VvRDGZInwb2StaAfQGvN4jmaFW4=;
        b=qe4pMaoCprwZc9g1O38H+Q5a7XUljXaewYtVxgs+7J6zgEQ9RVyXKMPY62CbV00G6b
         PY2Gk8o7wg8AMQD4vbEMDRBRmyMy4poCqB3p3+Ro4Yse0sYUYFp4+zUXY71hltxwoXSL
         wjUC2vRuG7VicrWiJJJha4KYIDgiFY08YtGxyXYKZOq2bQp+aco0nOQ7rjxctTYC3upo
         ExrOkWk+JR8QivqV9zWWROpcgQZ2SLPime8jw8ygwd/ZNUQNj2gZnFKyujFFtY6QhgmI
         f2uGW4Is0nCd/rAbGjuQZltlNuYZkSdh1ArcT4VOhDVAALTTu/DM2t7fGzFiBzVMtSb2
         i6xw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 20-v6si9807541pgl.358.2018.07.23.20.29.37;
        Mon, 23 Jul 2018 20:29:51 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388532AbeGXEcg (ORCPT <rfc822;huangleihappily@gmail.com>
        + 99 others); Tue, 24 Jul 2018 00:32:36 -0400
Received: from out03.mta.xmission.com ([166.70.13.233]:41966 "EHLO
        out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2388130AbeGXEbw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 24 Jul 2018 00:31:52 -0400
Received: from in01.mta.xmission.com ([166.70.13.51])
        by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1fhnz3-00032p-RB; Mon, 23 Jul 2018 21:27:33 -0600
Received: from [97.119.167.31] (helo=x220.int.ebiederm.org)
        by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
        (Exim 4.87)
        (envelope-from <ebiederm@xmission.com>)
        id 1fhnxb-0008AK-7S; Mon, 23 Jul 2018 21:26:03 -0600
From:   "Eric W. Biederman" <ebiederm@xmission.com>
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     Oleg Nesterov <oleg@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        linux-kernel@vger.kernel.org, Wen Yang <wen.yang99@zte.com.cn>,
        majiang <ma.jiang@zte.com.cn>,
        "Eric W. Biederman" <ebiederm@xmission.com>
Date:   Mon, 23 Jul 2018 22:24:15 -0500
Message-Id: <20180724032419.20231-16-ebiederm@xmission.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <87efft5ncd.fsf_-_@xmission.com>
References: <87efft5ncd.fsf_-_@xmission.com>
X-XM-SPF: eid=1fhnxb-0008AK-7S;;;mid=<20180724032419.20231-16-ebiederm@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=97.119.167.31;;;frm=ebiederm@xmission.com;;;spf=neutral
X-XM-AID: U2FsdGVkX1+gVvQKuYty13MjHAmMSqbkaV3j2WuD1hA=
X-SA-Exim-Connect-IP: 97.119.167.31
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on sa03.xmission.com
X-Spam-Level: **
X-Spam-Status: No, score=2.0 required=8.0 tests=ALL_TRUSTED,BAYES_50,
        DCC_CHECK_NEGATIVE,T_TooManySym_01,XMNoVowels,XMSubLong autolearn=disabled
        version=3.4.0
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
        *  1.5 XMNoVowels Alpha-numberic number with no vowels
        *  0.7 XMSubLong Long Subject
        *  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
        *      [score: 0.4993]
        * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
        *      [sa03 1397; Body=1 Fuz1=1 Fuz2=1]
        *  0.0 T_TooManySym_01 4+ unique symbols in subject
X-Spam-DCC: XMission; sa03 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: **;Linus Torvalds <torvalds@linux-foundation.org>
X-Spam-Relay-Country: 
X-Spam-Timing: total 433 ms - load_scoreonly_sql: 0.09 (0.0%),
        signal_user_changed: 3.3 (0.8%), b_tie_ro: 2.2 (0.5%), parse: 1.12 (0.3%),
        extract_message_metadata: 26 (6.0%), get_uri_detail_list: 2.1 (0.5%),
        tests_pri_-1000: 11 (2.5%), tests_pri_-950: 2.2 (0.5%), tests_pri_-900: 1.79
        (0.4%), tests_pri_-400: 26 (6.0%), check_bayes: 24 (5.5%), b_tokenize: 9
        (2.1%), b_tok_get_all: 6 (1.4%), b_comp_prob: 3.4 (0.8%), b_tok_touch_all:
        2.3 (0.5%), b_finish: 0.82 (0.2%), tests_pri_0: 347 (80.1%),
        check_dkim_signature: 0.81 (0.2%), check_dkim_adsp: 5 (1.2%), tests_pri_500:
        10 (2.2%), rewrite_mail: 0.00 (0.0%)
Subject: [PATCH 16/20] fork: Move and describe why the code examines PIDNS_ADDING
X-Spam-Flag: No
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Normally this would be something that would be handled by handling
signals that are sent to a group of processes but in this case the
forking process is not a member of the group being signaled.  Thus
special code is needed to prevent a race with pid namespaces exiting,
and fork adding new processes within them.

Move this test up before the signal restart just in case signals are
also pending.  Fatal conditions should take presedence over restarts.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 kernel/fork.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/kernel/fork.c b/kernel/fork.c
index cc5be0d01ce6..b9c54318a292 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1922,6 +1922,12 @@ static __latent_entropy struct task_struct *copy_process(
 
 	rseq_fork(p, clone_flags);
 
+	/* Don't start children in a dying pid namespace */
+	if (unlikely(!(ns_of_pid(pid)->pid_allocated & PIDNS_ADDING))) {
+		retval = -ENOMEM;
+		goto bad_fork_cancel_cgroup;
+	}
+
 	/*
 	 * Process group and session signals need to be delivered to just the
 	 * parent before the fork or both the parent and the child after the
@@ -1935,10 +1941,7 @@ static __latent_entropy struct task_struct *copy_process(
 		retval = -ERESTARTNOINTR;
 		goto bad_fork_cancel_cgroup;
 	}
-	if (unlikely(!(ns_of_pid(pid)->pid_allocated & PIDNS_ADDING))) {
-		retval = -ENOMEM;
-		goto bad_fork_cancel_cgroup;
-	}
+
 
 	init_task_pid_links(p);
 	if (likely(p->pid)) {
-- 
2.17.1