Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp716675imm;
        Wed, 10 Oct 2018 03:12:48 -0700 (PDT)
X-Google-Smtp-Source: ACcGV60Etr+XlKaaXGOKQQriovYQgbVM5lIdGgAPUih0nq50bLX4Ft7hsHYRCCGQjbZ4UZxYGQgc
X-Received: by 2002:a63:89c1:: with SMTP id v184-v6mr28397918pgd.79.1539166368612;
        Wed, 10 Oct 2018 03:12:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539166368; cv=none;
        d=google.com; s=arc-20160816;
        b=hYv3w0rZBuvJQO4iGUoN6vV5owh2RVcdHbYOxp3gnPZk12Wu+KC6JAMkN48ANrr1st
         ZTsfwveD42e3zvGl3zfKL0yqwSLyllIID0nuUteIYbxVam4TnvObCakzm9YMZ32Iaypd
         FpVKyWb0Z1rn1xffgkUFnt6EOZ9en3WglaOk3B+d3+3jBXoevcaVV/RuNCqg4n91wErS
         WeWqTb3H4nGqsCbz+D5iy4kDXy1x0kvR3qA16T2lX0kuUv+DCdiLAnkrYVu3fBWyA6M+
         aP7k1MI92qnkCVjZUYbx6V+Y/5erhE9Uz5vQZeVpghZp/yAub5m1WKbB3n5gZWaE3zYC
         MEBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:autocrypt:openpgp:references:cc:to:from:subject;
        bh=Bum1kv5uQPTotp/mqffxzC5ImZO4Gwl1t71XDN5yCJY=;
        b=kDgVPD1+IwFhB8I3UaCGjTbGdMObJkSyNFK2UhUVfT9pzXL4AG3ajnTpAvr19QxznA
         MfKvMsxR20UZ+zx3ggkdsfjyzDhW169aIz3+KOdyVoIN3gqOyuJiUVlBj1wXLN0jnK5T
         ra5khkveFHVMRo+iLi6qIXVeVqzo2eInAf41jIzMJnht5jeJJNmnGrPL9KsJqT84jDfb
         p3mZ7h2JWoYyRO1roEdHLsKtCVlEaR2+/WXHrDq6vRd/5B+CG6h8Zp8AuXVmPNrdT54K
         OOjDdtzwNkdF+wrJ6rbMqBB84cTpn4TA/VVv+ioxLK6kd5qPEVGoe7W77N/oVXr/lrpG
         abSA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 80-v6si26311691pfv.135.2018.10.10.03.12.33;
        Wed, 10 Oct 2018 03:12:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727082AbeJJRdi (ORCPT <rfc822;luizmacielfranco@gmail.com>
        + 99 others); Wed, 10 Oct 2018 13:33:38 -0400
Received: from mout.kundenserver.de ([217.72.192.74]:45905 "EHLO
        mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726573AbeJJRdh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 Oct 2018 13:33:37 -0400
Received: from [192.168.100.1] ([78.238.229.36]) by mrelayeu.kundenserver.de
 (mreue107 [212.227.15.183]) with ESMTPSA (Nemesis) id
 1MF45G-1fuoKI1ptY-00FX0Q; Wed, 10 Oct 2018 12:11:38 +0200
Received: from [192.168.100.1] ([78.238.229.36]) by mrelayeu.kundenserver.de
 (mreue107 [212.227.15.183]) with ESMTPSA (Nemesis) id
 1MF45G-1fuoKI1ptY-00FX0Q; Wed, 10 Oct 2018 12:11:38 +0200
Subject: Re: [RFC v5 1/1] ns: add binfmt_misc to the user namespace
From:   Laurent Vivier <laurent@vivier.eu>
To:     Tycho Andersen <tycho@tycho.ws>
Cc:     linux-kernel@vger.kernel.org, Dmitry Safonov <dima@arista.com>,
        linux-api@vger.kernel.org, containers@lists.linux-foundation.org,
        Jann Horn <jannh@google.com>,
        James Bottomley <James.Bottomley@HansenPartnership.com>,
        Eric Biederman <ebiederm@xmission.com>,
        linux-fsdevel@vger.kernel.org,
        Alexander Viro <viro@zeniv.linux.org.uk>
References: <20181009103752.21482-1-laurent@vivier.eu>
 <20181009103752.21482-2-laurent@vivier.eu> <20181009151641.GB10149@cisco>
 <409c22e3-1df8-cf7f-2462-ead2bb3020cf@vivier.eu>
Openpgp: preference=signencrypt
Autocrypt: addr=laurent@vivier.eu; prefer-encrypt=mutual; keydata=
 xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2
 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm
 SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx
 UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer
 Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM
 JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q
 q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL
 RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/
 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW
 LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp
 dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC
 CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr
 SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur
 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI
 YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh
 jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy
 gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8
 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc
 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I
 KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH
 qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT
 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT
 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN
 efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz
 asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0
 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM
 C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+
 Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP
 brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6
 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP
 jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF
 AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI
 WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq
 AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x
 OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp
 P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl
 U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd
 R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM
 oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx
 FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB
 kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ=
Message-ID: <485d1157-9d3e-b4e0-4ece-4e80b2f252c4@vivier.eu>
Date:   Wed, 10 Oct 2018 12:11:34 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <409c22e3-1df8-cf7f-2462-ead2bb3020cf@vivier.eu>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K1:RgpptC8ZvNIJIRTylJ3946i3Qb6j6ZiZZVz8n1fw+QPufSf/RyX
 qnIafzYC3eUR+Gw3ya1B7ZtUWyqXGyq38Y0n6igOBwl+M61ceROvbVHJD63pnZLuWWaawLp
 DLEPvlcm2qnE5kWwTMNTBWpy0jyTvWVX+7u4J0s18e1Lwtsu1qJUo2vFCgHiXnJQ4mJ3aib
 BOjVRdi3uVyG9SLBgpsvg==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V01:K0:h2iTG+3WqFQ=:nMv1B5YCTv28t+owGbiRbH
 +amn6gJCihK9/PFlrITkji19SJi9IFj4snenrw0/7W4AW7gm9H6brWX3lWyW8Tu4UDjH+bk7J
 fm6GfqoiRvIswje9fTvw3pIzl0MAGdc3CTB/NyyRmQXAGXP27wq/VlaCVQCSnExFc3+Un0jY9
 9+OORdTjVcCC2lwlrnwBsvmx/gYndh13XvvWtCZAz43XXkSxrl8ulK3X4p1pomRYDlAQQOCYU
 5gg6McUk4tt8Dga+R3I+MCPefyKfMv87S+tBKHJjgKXcd6KYV+dJAlhuyZKh0pGdi4joZJp9J
 FnJORk807dtuLxvGg1kgnATpihLcdrZ4dI6348U3U3w8bC+abGCGkyMMqhVI0HZG+UC6rXXlc
 /LfviYrfI64iz5mQYy2Ys95TsrjcISKQfuRus4lFqqfxMgicfa5hzYUyKo6QAtKoBBo9HZlzO
 ++bHLS1vyJ4AjeiHburrq/F/UGhNHac9NKXcae+2VpU0ILrZ6HJvasmL5bzKkh3pId8N4j1lR
 ECchbNpxeDilx9F/D/sy3cumVrIlIUWTo8DerUsVADLHm0uF80omoKYTWX6Av8DO3JUo1wEK1
 0vXex1qTHyomIns2T7J0CiyAC5pHlhgBNNkfmwjgxC63nIBgg+jIGKYyVc8UryaRcIKNLV2i5
 xeZB+7jBqpexQuyFTIQ8neHD3dFGs91YDNzCu3oLd9ILPrRYvGVXP6bAAVfyDxD+/RCT5RGNJ
 L2KOWv1uRQCuisSH
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 09/10/2018 17:19, Laurent Vivier wrote:
> Le 09/10/2018 à 17:16, Tycho Andersen a écrit :
>> On Tue, Oct 09, 2018 at 12:37:52PM +0200, Laurent Vivier wrote:
>>> @@ -80,18 +74,32 @@ static int entry_count;
>>>   */
>>>  #define MAX_REGISTER_LENGTH 1920
>>>  
>>> +static struct binfmt_namespace *binfmt_ns(struct user_namespace *ns)
>>> +{
>>> +	struct binfmt_namespace *b_ns;
>>> +
>>> +	while (ns) {
>>> +		b_ns = READ_ONCE(ns->binfmt_ns);
>>> +		if (b_ns)
>>> +			return b_ns;
>>> +		ns = ns->parent;
>>> +	}
>>> +	WARN_ON_ONCE(1);
>>
>> It looks like we warn here,
>>
>>> @@ -133,17 +141,18 @@ static int load_misc_binary(struct linux_binprm *bprm)
>>>  	struct file *interp_file = NULL;
>>>  	int retval;
>>>  	int fd_binary = -1;
>>> +	struct binfmt_namespace *ns = binfmt_ns(current_user_ns());
>>>  
>>>  	retval = -ENOEXEC;
>>> -	if (!enabled)
>>> +	if (!ns->enabled)
>>
>> ...but then in cases like this we immediately dereference the pointer
>> anyways and crash. Can we return some other error code here in the !ns
>> case so we don't crash?
> 
> My concern here is I don't want to add code to check an error case that
> cannot happen. The first namespace binfmt_ns pointer is initialized with
> &init_binfmt_ns, so the return value cannot be NULL.

Perhaps it could be reasonable to return &init_binfmt_ns rather than
NULL in this case?

Thanks,
Laurent