Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp5001530imm; Tue, 9 Oct 2018 08:17:36 -0700 (PDT) X-Google-Smtp-Source: ACcGV61kzg7HazoTWSzOeJggQ3/uquv6JkwGC3uEt61TW8bo9vXmtGeYcARNYmGufzcWBe/m9Qh8 X-Received: by 2002:a62:f715:: with SMTP id h21-v6mr24762184pfi.169.1539098256451; Tue, 09 Oct 2018 08:17:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539098256; cv=none; d=google.com; s=arc-20160816; b=PJnNNfnShL5327GezPR0dq5GwCSJ4GtjdzouYzJYYa1PI27swcfS9Pk7wJPZHegWkl tyuxdEvkYF4C0N+dQgzM4x+o0mCisrEaFn1VluNVUOff+B3mGCtfMR/CJeSQ/QGsv0/W sGoSEIKLLvYtGxos2vNBrId5/bmglQb59tFhMFQdGUXHbfeF3u7//RI5ipbns5ZHxMlc nN/7FSzKu6einFcfXRRU46emfhRRocqobxL7LSn1qoZq7RVuQ1xFD5JtZ8/T3wDAs/Kk C4WRYLBRhzw9W1xfma8gTGlhwDwJF2yDaeiQfMV6AnuwH+sm4z9yIQYuUx/dvDwIozkc IX4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=9HW8VYx7bMPc3xCQ4IFZXaCDdlwywtCjeiSndtyAc08=; b=BjLwRztflSkdWQs8HLtLTrWNB+XIfG9qBXWCcUFG1I4RlF0y2uHYFIXOTXvSdkrLIt h1IitTXGCEBGb7djVaMlz/IkOKwFN5frAVRiSwHACu8xLN73IWd5nlG6DgaRu28MDNzf 4VDD5ohnKzLDYHpC0tUCsGieQNadoQkuerNTkYVe0cWWnVHZa9sDAgjWk29PUv2nu1fG K2rCnEOyycfCiBR9DJQxVZI+mcc9dQuLxTUzgMh/uPlfZEhWo0evLQpWKSxvPXCTDsWs OctDhk3XmH3OnZfEMeN2ANd9yOvAIMIB6K4wI7/e5c4hYydn2j1IYL12LjWkgJ2kl7Mj QBrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b="h/uV/ry7"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b41-v6si21761002pla.306.2018.10.09.08.17.21; Tue, 09 Oct 2018 08:17:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b="h/uV/ry7"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726854AbeJIWeK (ORCPT + 99 others); Tue, 9 Oct 2018 18:34:10 -0400 Received: from mail-io1-f65.google.com ([209.85.166.65]:38880 "EHLO mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726789AbeJIWeK (ORCPT ); Tue, 9 Oct 2018 18:34:10 -0400 Received: by mail-io1-f65.google.com with SMTP id n5-v6so1442370ioh.5 for ; Tue, 09 Oct 2018 08:16:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho-ws.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=9HW8VYx7bMPc3xCQ4IFZXaCDdlwywtCjeiSndtyAc08=; b=h/uV/ry7DQHwyGLk0ZlegPGjFSkXYe1eg5u83vHRB7v1vzWtKoBUk+6B2oiuwWdr9P kpJhCgP7bbk7umQAQ6riX/IIH5aiP1P3qGNuVhh9MktnMbceewy/zBz69DnrRA/PlEiq nfuibC9nQJWP7OrAIeTKfn0/N1R2pqwlM/Drui2TeO7T/tsKRjAl2n6S6cEVHeAlHnDv j5xgMyNif76HNpBPljaGSl/g86YgmASKlT44p7Q1irM63VcMDxVUKbRE1fpjLN0sghI8 DtvvcmXn237RhbwutoTctWCkAXZZnvzl4DrID6Vvltuz9oWAYcbu+PoeSI+4NlQdvFW+ O9tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=9HW8VYx7bMPc3xCQ4IFZXaCDdlwywtCjeiSndtyAc08=; b=bB0knpP52440Y1jbjEk3c4v27J+1dcecPwfthIMPdrFE4mn8bgcdvLidSMIM1Em1pw y03jMGIefnCVG3dQfCikQsytThhTltV4LpFeypRFMmWdDqw5Vk8GtOFLTAzZIi6DjUD9 HCMT1gmU9CDBEiuzC+CFoff2k+qTsUdfx8TgiPyTIwQH29XbtWUOSOmesvKrdm6eLet0 l0ZdcnC1pxq4mun1gr/w2bACBpuGaaroOxkhMvO1EpvWhBMtU07h90tbvyVAqzve3r37 o0A4ELlhZ0Jd+y63QOLBSE4QAC4l8E26eCNRJYGWyCxkrzVzDhXAqqQL4sQrL9Nfnwwc MCyg== X-Gm-Message-State: ABuFfoix6aNH68rYYfvROAtWe+bXeob+mhjacj28ln0L32Eej7Yqk1Fp nNPftneVSz/f8xxsuprHgMxLnw== X-Received: by 2002:a6b:3108:: with SMTP id j8-v6mr9647878ioa.219.1539098205184; Tue, 09 Oct 2018 08:16:45 -0700 (PDT) Received: from cisco ([12.226.92.2]) by smtp.gmail.com with ESMTPSA id g4-v6sm7024056ioc.87.2018.10.09.08.16.43 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 09 Oct 2018 08:16:44 -0700 (PDT) Date: Tue, 9 Oct 2018 08:16:41 -0700 From: Tycho Andersen To: Laurent Vivier Cc: linux-kernel@vger.kernel.org, Dmitry Safonov , linux-api@vger.kernel.org, containers@lists.linux-foundation.org, Jann Horn , James Bottomley , Eric Biederman , linux-fsdevel@vger.kernel.org, Alexander Viro Subject: Re: [RFC v5 1/1] ns: add binfmt_misc to the user namespace Message-ID: <20181009151641.GB10149@cisco> References: <20181009103752.21482-1-laurent@vivier.eu> <20181009103752.21482-2-laurent@vivier.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181009103752.21482-2-laurent@vivier.eu> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 09, 2018 at 12:37:52PM +0200, Laurent Vivier wrote: > @@ -80,18 +74,32 @@ static int entry_count; > */ > #define MAX_REGISTER_LENGTH 1920 > > +static struct binfmt_namespace *binfmt_ns(struct user_namespace *ns) > +{ > + struct binfmt_namespace *b_ns; > + > + while (ns) { > + b_ns = READ_ONCE(ns->binfmt_ns); > + if (b_ns) > + return b_ns; > + ns = ns->parent; > + } > + WARN_ON_ONCE(1); It looks like we warn here, > @@ -133,17 +141,18 @@ static int load_misc_binary(struct linux_binprm *bprm) > struct file *interp_file = NULL; > int retval; > int fd_binary = -1; > + struct binfmt_namespace *ns = binfmt_ns(current_user_ns()); > > retval = -ENOEXEC; > - if (!enabled) > + if (!ns->enabled) ...but then in cases like this we immediately dereference the pointer anyways and crash. Can we return some other error code here in the !ns case so we don't crash? Tycho