Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp5005141imm; Tue, 9 Oct 2018 08:20:35 -0700 (PDT) X-Google-Smtp-Source: ACcGV63DnXDh3tfgX6ghnjrQGxOakshSkncqcw8Hn8B3gcpg6tUODz6X3tZy3V62IPCJx7vJldno X-Received: by 2002:a17:902:8a90:: with SMTP id p16-v6mr29626996plo.106.1539098435763; Tue, 09 Oct 2018 08:20:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539098435; cv=none; d=google.com; s=arc-20160816; b=DxigAC4H4tkQVItf33rF9U93Y6inVkG5EsmJlO+AF6tqpRh7UA9dCNVsuAmKpHmi71 lzderRhL0762IEsByI0n3RjjWpgmdWE9zO8WdrjZdU5ggXjUcCqzwLIKCmePgE3ltYG3 NrqJxr2MqG9Dl2hb4ySH7D5PS+dZb2r0e0EhZ70MEaramZN4p80CTro2Em/aEwctG80F 08fHavPBZywlRqulsekQTWxQ0yaG5oZ+93iKYmq0MNMHl5kW+FLLlgU4lGeBzfjArOE2 vdShX34/gc8VDkYN2du4H7op4aRqLyU9F0VmTg7xpJoXF4eUrDHYKyTJyIbVGkBSKRlj wpEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject; bh=fjt/nTgEP9YlQfvmWAKgYba3lKy4xNu30e4GetTTzsE=; b=dR80JmBcia3gTraSQIbgqqmQ6/DlqH34Z+MiU9vHEWEyOcCacwraVMiOUcF/EtgKgR 4LMmeGw0kGR0YyLJRue8TLcP0Hgl3467mmutn1Z2c/SIm/NdNNa7vfgpqMrcqin4oOTP 7+yZzelERMVQgEk0U+aD8z8IZFigry/+uenpKojUG+5tDZiESUcI7O4quRpcpIk4ye7Z laQGxhy297OOIGlBrD17w/Y8OQW+TfsJwTI71Ta38sTfQ2A4MUkVkNGfNKlQkZJVVlRM xzfCtV4qW8H7DJpagSWyz2SKYtdcChiDHP73Qp1Pi1mevaH3ics3tJvQhQSHdWft2r3f ZOeQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y92-v6si22503889plb.177.2018.10.09.08.20.20; Tue, 09 Oct 2018 08:20:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726750AbeJIWhU (ORCPT + 99 others); Tue, 9 Oct 2018 18:37:20 -0400 Received: from mout.kundenserver.de ([212.227.126.135]:41595 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726476AbeJIWhU (ORCPT ); Tue, 9 Oct 2018 18:37:20 -0400 Received: from [192.168.100.1] ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue009 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MXH3e-1gBX7k3HLy-00YiiS; Tue, 09 Oct 2018 17:19:14 +0200 Received: from [192.168.100.1] ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue009 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MXH3e-1gBX7k3HLy-00YiiS; Tue, 09 Oct 2018 17:19:14 +0200 Subject: Re: [RFC v5 1/1] ns: add binfmt_misc to the user namespace To: Tycho Andersen Cc: linux-kernel@vger.kernel.org, Dmitry Safonov , linux-api@vger.kernel.org, containers@lists.linux-foundation.org, Jann Horn , James Bottomley , Eric Biederman , linux-fsdevel@vger.kernel.org, Alexander Viro References: <20181009103752.21482-1-laurent@vivier.eu> <20181009103752.21482-2-laurent@vivier.eu> <20181009151641.GB10149@cisco> From: Laurent Vivier Openpgp: preference=signencrypt Autocrypt: addr=laurent@vivier.eu; prefer-encrypt=mutual; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= Message-ID: <409c22e3-1df8-cf7f-2462-ead2bb3020cf@vivier.eu> Date: Tue, 9 Oct 2018 17:19:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 In-Reply-To: <20181009151641.GB10149@cisco> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:1lWv7EXFY1qMZY9QnuPkxO1sDbefPZW/u9jn3jNEJIRY/vwsf0R Ru0x2yPMtssUJNHdVi2rMDDDSXkVP9fUUJeUU8b/CQzSnlLioLRt6ZH1LjQ6YkdfNHkO3qJ ZJ7XF9TO+biKG5xmJhOKun7ruUqiSZLO4x4upq8LAU8TSy6T0BTrR3epzE9dKVGD7Iz788u OuYRUXXPpYBP6LU1aUTvw== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V01:K0:zJ+6wh+SzL0=:1il2LgUdeY8UxFm32KAERs elH0xjC546g3sfv84VuomsvBDf7nKnBZ3hxd9vO/QCiU9/5gyCHuliFdeg9HYuWvhBhsImu7P nhcwSE2d8Ieib85NRSWesFhwtsxEbvIIDdDQtiNePQy2dbed3/aUk5cEftEF+KCcYWGZvgrEA QWx6tQLPJGNW0Yyp+/bcha9mKA7oYCyLdsUalr7dBCKjX5jcYjzCACFT0sSW6D7lETmpLAEfh UKepKkHCpPzkQKXQpEuBkDr+OMAJS6RInm5NQWRV+qScbHCDh1Hp2VZd0B1sqHUH7BLJ3s4xR lNUoMQBpb30y9kzY/E/LINc4lx5Ixm8HK9bH23oIP+RZW4inEl5sOqLfPWQw0ovBxB9CwEJaA iDkzfhqCojwR0ObF+Uc38XkRkm8qB3Ir1DuVWwMkKKqEQCYmoWli8m+8+DSW+Hr2ivTpGWzCu SKfDD1ctISr6ujkyx8/rYdchb5kxvLdSNvnfjCPEXqL6PYv9eNsy3QLdK/xlZEy3YISI//uQG poRCYsn/rB4hdRYG6PeS2FhfnW3003CEcbbERNwOl9uQDnwgCcZNIOLTuF5CVrhDae6iFDR91 1HNpgFolGo5QQwvzTJzjGKQcD1m3tSZsw/kSaUu50XTYK/c4pypcldUzLm+nLZz3G+itKNzJJ ezHwXelLb7AViHX1oKdO+zhAn++enQgR8jYLPe0nv4501MYPXbwnbcwzYyKt+3Prb0V28KE2H 35auY5icm+fAbbs/ Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Le 09/10/2018 à 17:16, Tycho Andersen a écrit : > On Tue, Oct 09, 2018 at 12:37:52PM +0200, Laurent Vivier wrote: >> @@ -80,18 +74,32 @@ static int entry_count; >> */ >> #define MAX_REGISTER_LENGTH 1920 >> >> +static struct binfmt_namespace *binfmt_ns(struct user_namespace *ns) >> +{ >> + struct binfmt_namespace *b_ns; >> + >> + while (ns) { >> + b_ns = READ_ONCE(ns->binfmt_ns); >> + if (b_ns) >> + return b_ns; >> + ns = ns->parent; >> + } >> + WARN_ON_ONCE(1); > > It looks like we warn here, > >> @@ -133,17 +141,18 @@ static int load_misc_binary(struct linux_binprm *bprm) >> struct file *interp_file = NULL; >> int retval; >> int fd_binary = -1; >> + struct binfmt_namespace *ns = binfmt_ns(current_user_ns()); >> >> retval = -ENOEXEC; >> - if (!enabled) >> + if (!ns->enabled) > > ...but then in cases like this we immediately dereference the pointer > anyways and crash. Can we return some other error code here in the !ns > case so we don't crash? My concern here is I don't want to add code to check an error case that cannot happen. The first namespace binfmt_ns pointer is initialized with &init_binfmt_ns, so the return value cannot be NULL. Thanks, Laurent