Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp8375238pxb; Fri, 19 Feb 2021 14:53:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJxgB8WVC18LQjKTupD0OQpUmQHk3u/lKcHT3s4KDrcIufbMLNiinavsiOwaULNUmOWT8Apa X-Received: by 2002:aa7:ca57:: with SMTP id j23mr11572094edt.293.1613775206498; Fri, 19 Feb 2021 14:53:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613775206; cv=none; d=google.com; s=arc-20160816; b=RncF9JdhV27LxkHS2yVP99aeVX2jU4/0ptz5Lg/BGqvJEhtHOC83ILVbZWyyfirJXG gPjGH1veBwZyXYW6ZbkLiYG1zTZ8RPgAq+/pL8y89Hvhj5PSS4v19yVEz//GtMUdx+wV 7t9OfatLeWRKCn8ftuy5uHjaOD4niixBdQKAvCMMWiUYTEwpCUV51ErhDqkHqC6BaJ17 5jtq8TtN8HJ3k/CJorYIC7Fc1zUWCeXomfI4kt81OtV9zoL4FqZO17WZh/2zwyncP0Es v85WKri04q5/mGmYyqYsOznOAlAdS9thi0Kgh1X0fQbdo2/d9cvk4nMQrJ9Nm2EzhhMn O7mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=dLEx5IxkmDzNnpGn9LyOJ61DAbo4LncjyDEarBtw330=; b=wKtatU3+8RLt6lLQ9DCppPnRquxPfXKpx7+T2dhYRBZPuFDeR6k76WHhBd3ldY3MdG 39aU7IrBYW0s5QZr/Ac3Xbwyf5T5PoBawQFoOMwVGIoaAFJwUqC8jgmzUkGZl0i5u3SJ qHhFS6unHrfNbZgC59kbg4uFLMRi9QsRthDbYmOdvX26pn1lBTqZYi/Q4vNUIb59birx Fz2AIl+XlR5Q0i9dqR9q6edtJxhlUd4CQso9gZbXlBIlYsVtgCOO727/f2PJJwtDOIe7 +e2+iaTFCKetyRJwR8wIJ5G20vLZ1NpYuORNdY8BirfcV3VDyb9np42eQ+GYtTL9cF3P VqWg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bo20si2814948edb.252.2021.02.19.14.53.00; Fri, 19 Feb 2021 14:53:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229652AbhBSWvQ (ORCPT + 99 others); Fri, 19 Feb 2021 17:51:16 -0500 Received: from vmicros1.altlinux.org ([194.107.17.57]:60876 "EHLO vmicros1.altlinux.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229577AbhBSWvP (ORCPT ); Fri, 19 Feb 2021 17:51:15 -0500 Received: from mua.local.altlinux.org (mua.local.altlinux.org [192.168.1.14]) by vmicros1.altlinux.org (Postfix) with ESMTP id 20AF88A309F; Sat, 20 Feb 2021 01:50:31 +0300 (MSK) Received: by mua.local.altlinux.org (Postfix, from userid 508) id E7F7A7CC8A2; Sat, 20 Feb 2021 01:50:30 +0300 (MSK) Date: Sat, 20 Feb 2021 01:50:30 +0300 From: "Dmitry V. Levin" To: "David S. Miller" Cc: "Eric W. Biederman" , Alexey Gladkov , Gleb Fotengauer-Malinovskiy , Anatoly Pugachev , sparclinux@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] sparc: make copy_thread honor pid namespaces Message-ID: <20210219225030.GA23520@altlinux.org> References: <20210217080000.GA25861@altlinux.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On sparc, fork and clone syscalls have an unusual semantics of returning the pid of the parent process to the child process. Apparently, the implementation did not honor pid namespaces at all, so the child used to get the pid of its parent in the init namespace. Fortunately, most users of these syscalls are not affected by this bug because they use another register to distinguish the parent process from its child, and the pid of the parent process is often discarded. Reproducer: $ gcc -Wall -O2 -xc - <<'EOF' #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include static void test_fork(void) { int pid = syscall(__NR_fork); if (pid < 0) err(1, "fork"); fprintf(stderr, "current: %d, parent: %d, fork returned: %d\n", getpid(), getppid(), pid); int status; if (wait(&status) < 0) { if (errno == ECHILD) _exit(0); err(1, "wait"); } if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) errx(1, "wait: %#x", status); } int main(void) { test_fork(); if (unshare(CLONE_NEWPID | CLONE_NEWUSER) < 0) err(1, "unshare"); test_fork(); return 0; } EOF $ sh -c ./a.out current: 10001, parent: 10000, fork returned: 10002 current: 10002, parent: 10001, fork returned: 10001 current: 10001, parent: 10000, fork returned: 10003 current: 1, parent: 0, fork returned: 10001 This bug was found by strace test suite. Cc: Eric W. Biederman Cc: stable@vger.kernel.org Signed-off-by: Dmitry V. Levin --- v2: Replaced task_active_pid_ns(p) with current->nsproxy->pid_ns_for_children as suggested by Eric. arch/sparc/kernel/process_32.c | 3 ++- arch/sparc/kernel/process_64.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c index a02363735915..3be653e40204 100644 --- a/arch/sparc/kernel/process_32.c +++ b/arch/sparc/kernel/process_32.c @@ -368,7 +368,8 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, unsigned long arg, #endif /* Set the return value for the child. */ - childregs->u_regs[UREG_I0] = current->pid; + childregs->u_regs[UREG_I0] = + task_pid_nr_ns(current, current->nsproxy->pid_ns_for_children); childregs->u_regs[UREG_I1] = 1; /* Set the return value for the parent. */ diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c index 6f8c7822fc06..f53ef5cff46a 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c @@ -629,7 +629,8 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, unsigned long arg, t->utraps[0]++; /* Set the return value for the child. */ - t->kregs->u_regs[UREG_I0] = current->pid; + t->kregs->u_regs[UREG_I0] = + task_pid_nr_ns(current, current->nsproxy->pid_ns_for_children); t->kregs->u_regs[UREG_I1] = 1; /* Set the second return value for the parent. */ -- ldv