Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp5151189imm; Tue, 9 Oct 2018 10:24:45 -0700 (PDT) X-Google-Smtp-Source: ACcGV60LQwEvzMbeTJTNnJHq9DYBacHoxtxz3qiGc5NrSlLbrYQfplp+oivL8tFpvMD6VQxTgtRV X-Received: by 2002:a17:902:d881:: with SMTP id b1-v6mr1369345plz.10.1539105885145; Tue, 09 Oct 2018 10:24:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539105885; cv=none; d=google.com; s=arc-20160816; b=sfBjkGiP72Jdlkg+lNYd7Od4LYb+3Y+b9UL077q3UZamBB8vRrpAF38PhLmAmwgZKj slhnAMGdiPUfa1LmOhkku2k/kRQmpmjWZoKQVfIdzlL05YLAEwyF0yLovYGLETmJ7Ggr AqP4FKCXNCf8bVMzNiyZWp4pMcQzSrVoRfEGXAtKCQf7/PqReX/SDfd8UJxsgOJJacl4 UwXgg4AQ78GGt18Js+TNL6NOR8/83STc9J29Iv1TsA0yvdtspWPu7af6KpAzW++DFwJH 1hTN/E+PIfaa1eVgV+9UkZ90+jtbD7XnxWdNDxEw2k1X38w33J0wflVnKM4Bwy4eQPnY yMdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:from:references:cc:to:subject; bh=OeRgzc6SgcinzIngIJOSFG/mihHh15a/l5xQOfQBOA0=; b=PbQKj0geznj7TzA2Jx+wZm9pgUkL5JOM5s5KSKFy6KAx2T3QQiooHjPFT8F8Ufvd+A DjTBK8nik8shc/bBE3awxbWJIe1G4Vq7OU4tSdhOcMeT7U1FFG0Ze9mRoUp+7k/ISdkX aTyPh/lAuO3hqC1mbpKbME0/7JI6j5mfeMd73txngGBsiaYcNAvr6qROkGs+SH6Ml7cm WrMfMET7oIby9/giJPvq5ZyaohoJq+ZQFWpdrW6h74lNxZH8KBFRb1CBzVDq5+onB3hC 7vQ+FK+Vzp8a9nzZfSmFVZ9AlROwjr1RXY6w+59On0YaTLXazS/dYIx77wsVQidtlwgM +grw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x16-v6si20446824pgh.41.2018.10.09.10.24.30; Tue, 09 Oct 2018 10:24:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727285AbeJJAlM (ORCPT + 99 others); Tue, 9 Oct 2018 20:41:12 -0400 Received: from mout.kundenserver.de ([212.227.126.130]:45131 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726989AbeJJAlL (ORCPT ); Tue, 9 Oct 2018 20:41:11 -0400 Received: from [192.168.100.1] ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MsZ7T-1fqkqB3dkZ-00tzv9; Tue, 09 Oct 2018 19:22:41 +0200 Received: from [192.168.100.1] ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MsZ7T-1fqkqB3dkZ-00tzv9; Tue, 09 Oct 2018 19:22:41 +0200 Subject: Re: [RFC v5 1/1] ns: add binfmt_misc to the user namespace To: Kirill Tkhai , "linux-kernel@vger.kernel.org" Cc: Eric Biederman , Dmitry Safonov , "linux-api@vger.kernel.org" , James Bottomley , Alexander Viro , "linux-fsdevel@vger.kernel.org" , "Andrei Vagin (C)" , "containers@lists.linux-foundation.org" , Jann Horn References: <20181009103752.21482-1-laurent@vivier.eu> <20181009103752.21482-2-laurent@vivier.eu> <7d9d7846-d153-f328-f5b4-8dc9d9705339@virtuozzo.com> From: Laurent Vivier Openpgp: preference=signencrypt Autocrypt: addr=laurent@vivier.eu; prefer-encrypt=mutual; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= Message-ID: <1661f539-daf8-a66a-4562-03f20ecc9bef@vivier.eu> Date: Tue, 9 Oct 2018 19:22:37 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 In-Reply-To: <7d9d7846-d153-f328-f5b4-8dc9d9705339@virtuozzo.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:kBuYsYeQk+lsMd+yFSPgQYGaeXVFiJYzKgpqurVWFywkAr4zsuV EHvSrBvdjURAbN8B7vi2o8kWiHMVejyrCFuB54Dk8aK3vz06QpSc+RBB8oInhs83ajDnQ5P pCfkrcjIRkPEFXYhN3ZHiMpTGL94SuDV7DLsKGjlq8DrGOhTtxMzCWF8jqqnYN4MdcAFrDx gRPFEOKjuNtfhCY5wssfg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V01:K0:x/qkoufo4Gk=:vIiL593Fi0tWFKXS+srcA6 BTZTJczvV/YuqVeHLORaMH14zcPz0Kc0m5QNt16jp99FZcfENhFT7eZvFE2+P1uZ2SAuap/2V PXiRy7g1w67xD6gVeke7/ES/U92pz46w4u18l4grH3EqisJcQffNWPyogjozhJ2UxQBeGHxuj bvdJh3KQNd7wP8AabjWIzmtWGbVPh7X6gUeQhUGRxTF+ai10bFLTSa5NAlPkLscKH9VJOE0sW oBLng4NfKQMTMTiK9twT+PyXiTSTqJHchTm2Tmb4LEIYPbscGYePy7F8GhJ636yVVZWccPHnS +qBLnLOd96vuRwrKamaR/AzclLOZrJu/OEHwOOzhtIcYC2znZkPyIiI06OosO1oX96HFRZSWF io2ZMqcRdiFlD5WuCgc7+DH1uoNNI+AQcki4hVnL8jIrGtHd7EIxP6QrzqfMjfwtkO/nGmI3/ RYsa1r9lCciMWc2LPhKy8ul5vA9NKz4Z9Spg8sORpA8KvzLcBeF3IMFjUiBO4foLuxGFP8shq 0ypEMEvXAE5lDAcOZmxba2X6r76wXnYvRqNA1gStNX/SAebmFaCEZxH1rXwbtdIVA6cKbyPUv n06QrmLfXFEZ5eO3RZ4Qs8s3jJNAMVH0AKcX3Sk1ldjTurcjY9mcfa1w5XeQv2YxcL41MvwUB vX7Fnb4ukxcNE7aeqnvcq55COuEisgCEIRnQu4ARykuSGkEyK51zkk2gWeXJVIn+fiG4p1y05 Bph7fWnycmiFpLwE Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Le 09/10/2018 à 19:01, Kirill Tkhai a écrit : > On 09.10.2018 19:45, Laurent Vivier wrote: >> Le 09/10/2018 à 18:15, Kirill Tkhai a écrit : >>> On 09.10.2018 13:37, Laurent Vivier wrote: >>>> This patch allows to have a different binfmt_misc configuration >>>> for each new user namespace. By default, the binfmt_misc configuration >>>> is the one of the previous level, but if the binfmt_misc filesystem is >>>> mounted in the new namespace a new empty binfmt instance is created and >>>> used in this namespace. >>>> >>>> For instance, using "unshare" we can start a chroot of an another >>>> architecture and configure the binfmt_misc interpreter without being root >>>> to run the binaries in this chroot. >>>> >>>> Signed-off-by: Laurent Vivier >>>> --- >>>> fs/binfmt_misc.c | 106 ++++++++++++++++++++++++--------- >>>> include/linux/user_namespace.h | 13 ++++ >>>> kernel/user.c | 13 ++++ >>>> kernel/user_namespace.c | 3 + >>>> 4 files changed, 107 insertions(+), 28 deletions(-) >>>> >>>> diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c >>>> index aa4a7a23ff99..1e0029d097d9 100644 >>>> --- a/fs/binfmt_misc.c >>>> +++ b/fs/binfmt_misc.c >> ... >>>> @@ -80,18 +74,32 @@ static int entry_count; >>>> */ >>>> #define MAX_REGISTER_LENGTH 1920 >>>> >>>> +static struct binfmt_namespace *binfmt_ns(struct user_namespace *ns) >>>> +{ >>>> + struct binfmt_namespace *b_ns; >>>> + >>>> + while (ns) { >>>> + b_ns = READ_ONCE(ns->binfmt_ns); >>>> + if (b_ns) >>>> + return b_ns; >>>> + ns = ns->parent; >>>> + } >>>> + WARN_ON_ONCE(1); >>>> + return NULL; >>>> +} >>>> + >> ... >>>> @@ -823,12 +847,34 @@ static const struct super_operations s_ops = { >>>> static int bm_fill_super(struct super_block *sb, void *data, int silent) >>>> { >>>> int err; >>>> + struct user_namespace *ns = sb->s_user_ns; >>>> static const struct tree_descr bm_files[] = { >>>> [2] = {"status", &bm_status_operations, S_IWUSR|S_IRUGO}, >>>> [3] = {"register", &bm_register_operations, S_IWUSR}, >>>> /* last one */ {""} >>>> }; >>>> >>>> + /* create a new binfmt namespace >>>> + * if we are not in the first user namespace >>>> + * but the binfmt namespace is the first one >>>> + */ >>>> + if (READ_ONCE(ns->binfmt_ns) == NULL) { >>>> + struct binfmt_namespace *new_ns; >>>> + >>>> + new_ns = kmalloc(sizeof(struct binfmt_namespace), >>>> + GFP_KERNEL); >>>> + if (new_ns == NULL) >>>> + return -ENOMEM; >>>> + INIT_LIST_HEAD(&new_ns->entries); >>>> + new_ns->enabled = 1; >>>> + rwlock_init(&new_ns->entries_lock); >>>> + new_ns->bm_mnt = NULL; >>>> + new_ns->entry_count = 0; >>>> + /* ensure new_ns is completely initialized before sharing it */ >>>> + smp_wmb(); >>> >>> (I haven't dived into patch logic, here just small barrier remark from quick sight). >>> smp_wmb() has no sense without paired smp_rmb() on the read side. Possible, >>> you want something like below in read hunk: >>> >>> + b_ns = READ_ONCE(ns->binfmt_ns); >>> + if (b_ns) { >>> + smp_rmb(); >>> + return b_ns; >>> + } >>> >>> >> >> The write barrier is here to ensure the structure is fully written >> before we set the pointer. >> >> I don't understand how read barrier can change something at this level, >> IMHO the couple WRITE_ONCE()/READ_ONCE() should be enough to ensure we >> have correctly initialized the pointer and the structure when we read >> the pointer back. >> >> I think the pointer itself is the "barrier" to access the memory >> modified before. > > smp_rmb() guarantees you see stores in the order you want. If you have: > > [cpu0] [cpu1] > new_ns->entry_count = 0; > smp_wmb(); > WRITE_ONCE(ns->binfmt_ns, new_ns); b_ns = READ_ONCE(ns->binfmt_ns); > smp_rmb(); > entry_count> > > smp_rmb() guarantees you see true entry_count on the cpu1. Without > smp_rmb() you may see old value of new_ns->entry_count. > > See Documentation/memory-barriers.txt Yes, I tried to read this document several times... What I understand from example line 1077 (7696f9910a9a Documentation/memory-barriers.txt) is we only need a data dependency barrier, and as explained by Jann it comes with the READ_ONCE() (and is only needed for alpha). Thanks, Laurent