Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp5005141imm;
        Tue, 9 Oct 2018 08:20:35 -0700 (PDT)
X-Google-Smtp-Source: ACcGV63DnXDh3tfgX6ghnjrQGxOakshSkncqcw8Hn8B3gcpg6tUODz6X3tZy3V62IPCJx7vJldno
X-Received: by 2002:a17:902:8a90:: with SMTP id p16-v6mr29626996plo.106.1539098435763;
        Tue, 09 Oct 2018 08:20:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539098435; cv=none;
        d=google.com; s=arc-20160816;
        b=DxigAC4H4tkQVItf33rF9U93Y6inVkG5EsmJlO+AF6tqpRh7UA9dCNVsuAmKpHmi71
         lzderRhL0762IEsByI0n3RjjWpgmdWE9zO8WdrjZdU5ggXjUcCqzwLIKCmePgE3ltYG3
         NrqJxr2MqG9Dl2hb4ySH7D5PS+dZb2r0e0EhZ70MEaramZN4p80CTro2Em/aEwctG80F
         08fHavPBZywlRqulsekQTWxQ0yaG5oZ+93iKYmq0MNMHl5kW+FLLlgU4lGeBzfjArOE2
         vdShX34/gc8VDkYN2du4H7op4aRqLyU9F0VmTg7xpJoXF4eUrDHYKyTJyIbVGkBSKRlj
         wpEg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:autocrypt:openpgp:from:references:cc:to:subject;
        bh=fjt/nTgEP9YlQfvmWAKgYba3lKy4xNu30e4GetTTzsE=;
        b=dR80JmBcia3gTraSQIbgqqmQ6/DlqH34Z+MiU9vHEWEyOcCacwraVMiOUcF/EtgKgR
         4LMmeGw0kGR0YyLJRue8TLcP0Hgl3467mmutn1Z2c/SIm/NdNNa7vfgpqMrcqin4oOTP
         7+yZzelERMVQgEk0U+aD8z8IZFigry/+uenpKojUG+5tDZiESUcI7O4quRpcpIk4ye7Z
         laQGxhy297OOIGlBrD17w/Y8OQW+TfsJwTI71Ta38sTfQ2A4MUkVkNGfNKlQkZJVVlRM
         xzfCtV4qW8H7DJpagSWyz2SKYtdcChiDHP73Qp1Pi1mevaH3ics3tJvQhQSHdWft2r3f
         ZOeQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y92-v6si22503889plb.177.2018.10.09.08.20.20;
        Tue, 09 Oct 2018 08:20:35 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726750AbeJIWhU (ORCPT <rfc822;alexandre.munsch.linux@gmail.com>
        + 99 others); Tue, 9 Oct 2018 18:37:20 -0400
Received: from mout.kundenserver.de ([212.227.126.135]:41595 "EHLO
        mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726476AbeJIWhU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 9 Oct 2018 18:37:20 -0400
Received: from [192.168.100.1] ([78.238.229.36]) by mrelayeu.kundenserver.de
 (mreue009 [212.227.15.167]) with ESMTPSA (Nemesis) id
 1MXH3e-1gBX7k3HLy-00YiiS; Tue, 09 Oct 2018 17:19:14 +0200
Received: from [192.168.100.1] ([78.238.229.36]) by mrelayeu.kundenserver.de
 (mreue009 [212.227.15.167]) with ESMTPSA (Nemesis) id
 1MXH3e-1gBX7k3HLy-00YiiS; Tue, 09 Oct 2018 17:19:14 +0200
Subject: Re: [RFC v5 1/1] ns: add binfmt_misc to the user namespace
To:     Tycho Andersen <tycho@tycho.ws>
Cc:     linux-kernel@vger.kernel.org, Dmitry Safonov <dima@arista.com>,
        linux-api@vger.kernel.org, containers@lists.linux-foundation.org,
        Jann Horn <jannh@google.com>,
        James Bottomley <James.Bottomley@HansenPartnership.com>,
        Eric Biederman <ebiederm@xmission.com>,
        linux-fsdevel@vger.kernel.org,
        Alexander Viro <viro@zeniv.linux.org.uk>
References: <20181009103752.21482-1-laurent@vivier.eu>
 <20181009103752.21482-2-laurent@vivier.eu> <20181009151641.GB10149@cisco>
From:   Laurent Vivier <laurent@vivier.eu>
Openpgp: preference=signencrypt
Autocrypt: addr=laurent@vivier.eu; prefer-encrypt=mutual; keydata=
 xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2
 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm
 SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx
 UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer
 Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM
 JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q
 q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL
 RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/
 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW
 LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp
 dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC
 CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr
 SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur
 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI
 YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh
 jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy
 gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8
 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc
 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I
 KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH
 qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT
 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT
 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN
 efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz
 asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0
 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM
 C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+
 Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP
 brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6
 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP
 jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF
 AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI
 WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq
 AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x
 OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp
 P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl
 U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd
 R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM
 oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx
 FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB
 kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ=
Message-ID: <409c22e3-1df8-cf7f-2462-ead2bb3020cf@vivier.eu>
Date:   Tue, 9 Oct 2018 17:19:11 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.0
MIME-Version: 1.0
In-Reply-To: <20181009151641.GB10149@cisco>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K1:1lWv7EXFY1qMZY9QnuPkxO1sDbefPZW/u9jn3jNEJIRY/vwsf0R
 Ru0x2yPMtssUJNHdVi2rMDDDSXkVP9fUUJeUU8b/CQzSnlLioLRt6ZH1LjQ6YkdfNHkO3qJ
 ZJ7XF9TO+biKG5xmJhOKun7ruUqiSZLO4x4upq8LAU8TSy6T0BTrR3epzE9dKVGD7Iz788u
 OuYRUXXPpYBP6LU1aUTvw==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V01:K0:zJ+6wh+SzL0=:1il2LgUdeY8UxFm32KAERs
 elH0xjC546g3sfv84VuomsvBDf7nKnBZ3hxd9vO/QCiU9/5gyCHuliFdeg9HYuWvhBhsImu7P
 nhcwSE2d8Ieib85NRSWesFhwtsxEbvIIDdDQtiNePQy2dbed3/aUk5cEftEF+KCcYWGZvgrEA
 QWx6tQLPJGNW0Yyp+/bcha9mKA7oYCyLdsUalr7dBCKjX5jcYjzCACFT0sSW6D7lETmpLAEfh
 UKepKkHCpPzkQKXQpEuBkDr+OMAJS6RInm5NQWRV+qScbHCDh1Hp2VZd0B1sqHUH7BLJ3s4xR
 lNUoMQBpb30y9kzY/E/LINc4lx5Ixm8HK9bH23oIP+RZW4inEl5sOqLfPWQw0ovBxB9CwEJaA
 iDkzfhqCojwR0ObF+Uc38XkRkm8qB3Ir1DuVWwMkKKqEQCYmoWli8m+8+DSW+Hr2ivTpGWzCu
 SKfDD1ctISr6ujkyx8/rYdchb5kxvLdSNvnfjCPEXqL6PYv9eNsy3QLdK/xlZEy3YISI//uQG
 poRCYsn/rB4hdRYG6PeS2FhfnW3003CEcbbERNwOl9uQDnwgCcZNIOLTuF5CVrhDae6iFDR91
 1HNpgFolGo5QQwvzTJzjGKQcD1m3tSZsw/kSaUu50XTYK/c4pypcldUzLm+nLZz3G+itKNzJJ
 ezHwXelLb7AViHX1oKdO+zhAn++enQgR8jYLPe0nv4501MYPXbwnbcwzYyKt+3Prb0V28KE2H
 35auY5icm+fAbbs/
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Le 09/10/2018 à 17:16, Tycho Andersen a écrit :
> On Tue, Oct 09, 2018 at 12:37:52PM +0200, Laurent Vivier wrote:
>> @@ -80,18 +74,32 @@ static int entry_count;
>>   */
>>  #define MAX_REGISTER_LENGTH 1920
>>  
>> +static struct binfmt_namespace *binfmt_ns(struct user_namespace *ns)
>> +{
>> +	struct binfmt_namespace *b_ns;
>> +
>> +	while (ns) {
>> +		b_ns = READ_ONCE(ns->binfmt_ns);
>> +		if (b_ns)
>> +			return b_ns;
>> +		ns = ns->parent;
>> +	}
>> +	WARN_ON_ONCE(1);
> 
> It looks like we warn here,
> 
>> @@ -133,17 +141,18 @@ static int load_misc_binary(struct linux_binprm *bprm)
>>  	struct file *interp_file = NULL;
>>  	int retval;
>>  	int fd_binary = -1;
>> +	struct binfmt_namespace *ns = binfmt_ns(current_user_ns());
>>  
>>  	retval = -ENOEXEC;
>> -	if (!enabled)
>> +	if (!ns->enabled)
> 
> ...but then in cases like this we immediately dereference the pointer
> anyways and crash. Can we return some other error code here in the !ns
> case so we don't crash?

My concern here is I don't want to add code to check an error case that
cannot happen. The first namespace binfmt_ns pointer is initialized with
&init_binfmt_ns, so the return value cannot be NULL.

Thanks,
Laurent