Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp6321647ybx;
        Mon, 11 Nov 2019 07:24:06 -0800 (PST)
X-Google-Smtp-Source: APXvYqwkrt633b8Bv23A2tDBdFgOLFoQJ3ISnX2dEun0YHRWrQ9jeylMxyBJmeiPICqs5xQyIcT+
X-Received: by 2002:a17:906:a0f:: with SMTP id w15mr22459622ejf.321.1573485846247;
        Mon, 11 Nov 2019 07:24:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1573485846; cv=none;
        d=google.com; s=arc-20160816;
        b=Af1D3+LcMukRVlUlPNCi+oAvnttqDpbX1AcTovPvNYF8U8RF6rCW89mGkbVK8jkMlH
         CdFxfYcUsiHaMmramXCb9roba0vfnoK6BTNyiXORzbihKO5TMy/++VTwxi7ntAU9iNFe
         UJtu/Mc2iXCcT02wfig6ZWYUy5h7scPSA1qYhHgaAv1srXify45HDOPDCxBX2dNM5RbW
         J0MWX0NbukmPUuPRhxFdOB/0rG+U6z4mSvqmGXrw6ah5oGSosxgDYG3xPk3HA3Eos+sJ
         +rZnSAYES6C9R87Xrp35NmTbdZjyrv+FYAtvAvFAbMvOmh68Cgr0UYzpxHFVVgWNktUB
         /8/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:message-id:in-reply-to:date:references:subject:cc:to
         :from:dkim-signature;
        bh=C1zGHKvwpfTIUGcapQ+PDyzQUKdMx+4TB/qV51A6KfM=;
        b=DTmcDncX8JrDNS+4XgoAmYys4knjHcqngd+E3yFfINp9vR62sTiR0CSP4m6jPZ96Zp
         VNsT/n0OMqRh4soeerO93UmGkRcz7cqM3qs7kaEkGcfVz0PytUacagBnQVV+QTB6Slsa
         V6nQhd9k/21s2DzfNx6/cBskArOrukYnzFS0J8qUkTK+zCV9s1PpHFN7tIY50hKyQrYE
         5qjkDks7XMv0+eOVM8LVZEg5g4/bm9/y01GusZNSl4dKnUQ8Po2qvr3G8Hw0DNtzxIRY
         JYxMHm2cMXHRAJT2NmVKd04MrRH8FWqwEZSReWPCc1MNN4z+IJQmRDRTzlhQkNF4oIfr
         j8Sg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ZYzyx+8k;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k15si9368878ejq.153.2019.11.11.07.23.41;
        Mon, 11 Nov 2019 07:24:06 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ZYzyx+8k;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726932AbfKKPUx (ORCPT <rfc822;ayiehere@gmail.com> + 99 others);
        Mon, 11 Nov 2019 10:20:53 -0500
Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:53271 "EHLO
        us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1726857AbfKKPUw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 11 Nov 2019 10:20:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1573485651;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=C1zGHKvwpfTIUGcapQ+PDyzQUKdMx+4TB/qV51A6KfM=;
        b=ZYzyx+8k88KApyTDKgLQLPjMrXkY7WyCLfrmL/wRjCWkjU8JvFLNWHAJkTZD/zHZiIl7Iw
        +XxcFy7n0nk+RxKe7hwqCJgp34FqP8OF+at4RI2KxovGN5f0oLakv4emNRoZasZiS9p+0f
        FSe0q/hoN0YdnxkwXqv3eAtuQ8c5cyk=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-6-vBGvGzzCMIG6kes1J63o-g-1; Mon, 11 Nov 2019 10:20:48 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6F7F5911AD;
        Mon, 11 Nov 2019 15:20:46 +0000 (UTC)
Received: from oldenburg2.str.redhat.com (dhcp-192-200.str.redhat.com [10.33.192.200])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 2E6F060852;
        Mon, 11 Nov 2019 15:20:38 +0000 (UTC)
From:   Florian Weimer <fweimer@redhat.com>
To:     Jann Horn <jannh@google.com>
Cc:     "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>,
        Christian Brauner <christian@brauner.io>,
        lkml <linux-kernel@vger.kernel.org>,
        linux-man <linux-man@vger.kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Oleg Nesterov <oleg@redhat.com>, Arnd Bergmann <arnd@arndb.de>,
        David Howells <dhowells@redhat.com>,
        Pavel Emelyanov <xemul@virtuozzo.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Adrian Reber <adrian@lisas.de>,
        Andrei Vagin <avagin@gmail.com>,
        Linux API <linux-api@vger.kernel.org>
Subject: Re: For review: documentation of clone3() system call
References: <CAKgNAkjo2WHq+zESU1iuCHJJ0x-fTNrakS9-d1+BjzUuV2uf2Q@mail.gmail.com>
        <87tv7awj4g.fsf@oldenburg2.str.redhat.com>
        <CAG48ez3zpBwU6vHSuY6VoP+Uw_Jz6uxYN1Teg2wSpwZrPmAn-g@mail.gmail.com>
Date:   Mon, 11 Nov 2019 16:20:36 +0100
In-Reply-To: <CAG48ez3zpBwU6vHSuY6VoP+Uw_Jz6uxYN1Teg2wSpwZrPmAn-g@mail.gmail.com>
        (Jann Horn's message of "Mon, 11 Nov 2019 16:15:58 +0100")
Message-ID: <875zjqwibf.fsf@oldenburg2.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-MC-Unique: vBGvGzzCMIG6kes1J63o-g-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

* Jann Horn:

> On Mon, Nov 11, 2019 at 4:03 PM Florian Weimer <fweimer@redhat.com> wrote=
:
>>
>> * Michael Kerrisk:
>>
>> >        Another  difference  for  the  raw clone() system call is that =
the
>> >        stack argument may be NULL, in which case the child uses a  dup=
li=E2=80=90
>> >        cate  of the parent's stack.  (Copy-on-write semantics ensure t=
hat
>> >        the child gets separate copies of stack pages when either  proc=
ess
>> >        modifies  the  stack.)   In  this case, for correct operation, =
the
>> >        CLONE_VM option should not be specified.  (If the child shares =
the
>> >        parent's  memory  because of the use of the CLONE_VM flag, then=
 no
>> >        copy-on-write duplication occurs and chaos is likely to result.=
)
>>
>> I think sharing the stack also works with CLONE_VFORK with CLONE_VM, as
>> long as measures are taken to preserve the return address in a register.
>
> That basically just requires that the userspace function declaration
> for clone3 includes __attribute__((returns_twice)), right?

The clone3 implementation itself would have to store the return address
in a register because at the time of the second return, a return address
on the stack may have been corrupted by the subprocess because what used
to be the stack frame of the clone function has since been reused for
something else.

__attribute__ ((returns_twice)) is likely needed as well, but that
benefits the caller.  It's also not clear that it is sufficient for this
to work in all cases.  (But the mandatory-to-implement vfork function
faces the same problems.)

Thanks,
Florian