Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp677329ybz; Wed, 15 Apr 2020 16:29:58 -0700 (PDT) X-Google-Smtp-Source: APiQypLGcE03WhhfBuWvRy+OafpRS0QWJCACX8/XTXlrR32yr3jhkEwAksL7O8oO5/qLqLw7mVVe X-Received: by 2002:aa7:c152:: with SMTP id r18mr26852622edp.378.1586993398396; Wed, 15 Apr 2020 16:29:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586993398; cv=none; d=google.com; s=arc-20160816; b=YvE2/OJk7W8TPnzqscd6/tGL0z+opX7GnNLNOp/cUCf1TN1FuGetQ+B3hBtCLTEBR7 zayiUHdmoCOCfwt/8ZAx35/W1Nq4T154GFI9dZOwKsiLR8GM+vKCQ/gbO2DFKTB4Iw4E 3Uz1JolddIEB807NTKcyl9L0JmtPYGlkpLMg4Vcbk3Ac6hjRvFtbK0U6oIClNcwMZnnc EWKwcN7W9byS0MSnkyMXHau7QqW8vNzP1y8cLxKzEz3A5eiDz7mZ/kvOSh6RNW8P2DfG WjSQiDiM1xS0XRN73/j6R1qTclitNqcwx7uGlhCks0v3mSpApg/BikrFQw/KM60eq9hv 7L4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=kQltzY77COJWY2ehUVLn26umR0vXKIPcwvrxOYp6VwQ=; b=PNBUNqLhNlkz1l+39WHRnpKEfmGymxf3h10eKSQaEpjVZr5YOXMBXGbB6O8BFMWf2r vbveEsrJL0sC1tI7sQh3WRHf7V0nm+RaW8XC9h7OXWdnX0hJyIApE0c3PrSd+tn1XWMy LkvxsYFm5ivOhhbirfUsI0AS5SdB6kIRHVzY1507KqZ4RVLx5emo0yUaWyvdyErLVXxd iIr9WCR0xFTg4xGSDiyKY3SWD/ev0vhKcU270Mo6sVlAnQ4pKzgmOQgmyv9tvxOgPyN6 AZFzs/JcW3zqSACY249MabgMf2sUA4i0vBuO5t1GG/TOBGzeMb8uaZsSWYMeg6VG9y2U qm0A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h20si4275161ejt.165.2020.04.15.16.29.34; Wed, 15 Apr 2020 16:29:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2898154AbgDOMjc (ORCPT + 99 others); Wed, 15 Apr 2020 08:39:32 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:60740 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S369922AbgDOMiT (ORCPT ); Wed, 15 Apr 2020 08:38:19 -0400 Received: from ip5f5bd698.dynamic.kabel-deutschland.de ([95.91.214.152] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jOhJ2-0004cX-9y; Wed, 15 Apr 2020 12:38:16 +0000 Date: Wed, 15 Apr 2020 14:38:15 +0200 From: Christian Brauner To: Eugene Syromiatnikov Cc: linux-kernel@vger.kernel.org, Christian Brauner , Andrew Morton , Ingo Molnar , Tejun Heo , Oleg Nesterov , Johannes Weiner , Li Zefan , Peter Zijlstra , cgroups@vger.kernel.org, "Dmitry V. Levin" Subject: Re: [PATCH] clone3: fix cgroup argument sanity check Message-ID: <20200415123815.qrc7m2ddboh645uo@wittgenstein> References: <20200412202533.GA29554@asgard.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200412202533.GA29554@asgard.redhat.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Apr 12, 2020 at 10:25:33PM +0200, Eugene Syromiatnikov wrote: > Checking that cgroup field value of struct clone_args is less than 0 > is useless, as it is defined as unsigned 64-bit integer. Moreover, > it doesn't catch the situations where its higher bits are lost during > the assignment to the cgroup field of the cgroup field of the internal > struct kernel_clone_args (where it is declared as signed 32-bit > integer), so it is still possible to pass garbage there. A check > against INT_MAX solves both these issues. > > Fixes: ef2c41cf38a7559b ("clone3: allow spawning processes into cgroups") > Signed-off-by: Eugene Syromiatnikov > Acked-by: Christian Brauner Applied, thanks! Christian