Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp14200rdb;
        Fri, 29 Sep 2023 14:56:29 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFNqK+HWLkPOhHW+7qh0tNLNFIyih6t+LNox4nvsg052wEjjLubGgqxd386dvorqqep90fE
X-Received: by 2002:a05:6a20:96c7:b0:148:6ebd:2834 with SMTP id hq7-20020a056a2096c700b001486ebd2834mr4459231pzc.34.1696024589545;
        Fri, 29 Sep 2023 14:56:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696024589; cv=none;
        d=google.com; s=arc-20160816;
        b=rM67vO7blnXNR06SGaQAtkYW+KnZ56X1VqDjVsBoXbN/DaiJWCmQouUNXxvyqfthfD
         MvYebYG14n/V0U05SpQJmI9QPgI7zr0C6RvbwyZP2YKlp9r3hS6/ZOH8wbCZp1VFz20r
         bLMhvwth0dR09dOxJ/GZkO2J5rOsWzb7wTMn71mfuuHCG21M+GcnjFe/cMMm0N6SdgL0
         +2OvW4JWTSd4Hvda2U+LSS3IfkTBsbMJesKH7EDBWyKYjPVRmVsC2lM3Y2c6Xc5uq3c6
         IkRaq9IjMIn3jofvff5Vmexr9WMW7XJ/6hn9sb86V9Ok12umSHdIOjSIhXUmVb9mxndm
         l9bw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=m25Yzr9CC4eZhfakx0oo78KGRAEAUVnUwgN8BxtgWcU=;
        fh=Yg4FXg7mPdqaK19nqf8/xW1y8R8+91Rvf/hfXpg+Kf0=;
        b=ks7thCMDaFgkPuA8lEoQd5fbu9hJST0BexQVwKHMalsifnCMq3PfKgGX1C2ecBpUW9
         qINOc8SOkSShJptamKftAvHsNWAGDVPODk2/2CXx2iN+FaCmAu30tQxMBu7BpqKuc2AP
         cxZ0tPk6iboMIYxy1MMzgXK80jABRn8pxua+mPM+OXfmu+dmBffeRBqc2pwYECvTkE/j
         sHDZyDnKYxTRw11iNm+jng6IpnNP+HIKj+ir387T7fhlOLheN18LNB4x8QGldK1yfxcD
         ik8b1n0DGFs8X31trBAGlLWaON4t02SM1WhBZI30dC1EjNLcWhwpj+zWJpq5PIqtWTUa
         6cmw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=U5IDW8MP;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2])
        by mx.google.com with ESMTPS id a3-20020a63cd43000000b00573f89ac5a1si21711401pgj.102.2023.09.29.14.56.28
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 29 Sep 2023 14:56:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=U5IDW8MP;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by agentk.vger.email (Postfix) with ESMTP id C6D4882A8352;
	Fri, 29 Sep 2023 13:10:03 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233219AbjI2UJ5 (ORCPT <rfc822;sshegde.linux@gmail.com>
        + 99 others); Fri, 29 Sep 2023 16:09:57 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56816 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231429AbjI2UJz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 29 Sep 2023 16:09:55 -0400
Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D761DE
        for <linux-kernel@vger.kernel.org>; Fri, 29 Sep 2023 13:09:54 -0700 (PDT)
Received: by mail-pf1-x433.google.com with SMTP id d2e1a72fcca58-68bed2c786eso11868133b3a.0
        for <linux-kernel@vger.kernel.org>; Fri, 29 Sep 2023 13:09:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1696018193; x=1696622993; darn=vger.kernel.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=m25Yzr9CC4eZhfakx0oo78KGRAEAUVnUwgN8BxtgWcU=;
        b=U5IDW8MP9cWFq4BwF3NGZLk0OqFeHft2BlTd78wPmHQGddSdC5oTBZ5t463dc+9yhV
         qNIrqdrx/TZISb15ebHJMmXZeNCWszYq6CgIrS0cx+jDzi/E4Y/J8e+yGwbn/YZ0NHWx
         vd85YI5pSOJ5Zsv4HPAgOKnlae3ZbUtHxy/7I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1696018193; x=1696622993;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=m25Yzr9CC4eZhfakx0oo78KGRAEAUVnUwgN8BxtgWcU=;
        b=jEdrq0fZ1a1YvDRCeCYEgF1TcU8UNwuXhFQY0cZPthdXVDiJlKHWUHSecmZwxoXxzR
         fjHTEJHZtWd7ZW2CaRWl7w7d2OnWaCFmA129KLKv4aExSR+CLX5n5mNqC8aFss3jtRoS
         W2aSSHHkz9ZDBVEBwa/HCFU5aNUiHSW4LrgAQXa187Ky+/Dy+uoeAe4wYabxjAQqAxW2
         nKPwkhDMZsT3gUo5rWe+H2RKb6O4GnkGTz/q6cT0aGhF0Eid1SOc7ihP2dLGqjL570Px
         sUAzQdpVdBtA1MFH7TMWLtJ3GartqLZlHnHu4bJVAFBgysY/HBdTBQLtKkpegLchCAlu
         DD6A==
X-Gm-Message-State: AOJu0YzNZKOM2nKrnIIDPV9WLkig7NkTkrtM7vgOB2NvI9Xrd+LHXuHF
        M8ZwWfN5zRHF+8td/z49G7uEsw==
X-Received: by 2002:a05:6a21:19f:b0:13c:988c:e885 with SMTP id le31-20020a056a21019f00b0013c988ce885mr6001485pzb.56.1696018193583;
        Fri, 29 Sep 2023 13:09:53 -0700 (PDT)
Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241])
        by smtp.gmail.com with ESMTPSA id e22-20020a62aa16000000b0068fba4800cfsm15307592pff.56.2023.09.29.13.09.52
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 29 Sep 2023 13:09:53 -0700 (PDT)
Date:   Fri, 29 Sep 2023 13:09:52 -0700
From:   Kees Cook <keescook@chromium.org>
To:     Brian Geffon <bgeffon@google.com>
Cc:     Christian Brauner <brauner@kernel.org>,
        "Rafael J . Wysocki" <rafael@kernel.org>,
        Matthias Kaehlcke <mka@chromium.org>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Frederic Weisbecker <frederic@kernel.org>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] pid: Allow frozen userspace to reboot from non-init pid
 ns
Message-ID: <202309291304.9AC4F5CFB@keescook>
References: <20230929174442.1635558-1-bgeffon@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230929174442.1635558-1-bgeffon@google.com>
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Fri, 29 Sep 2023 13:10:03 -0700 (PDT)

On Fri, Sep 29, 2023 at 01:44:42PM -0400, Brian Geffon wrote:
> When the system has a frozen userspace, for example, during hibernation
> the child reaper task will also be frozen. Attmepting to deliver a
> signal to it to handle the reboot(2) will ultimately lead to the system
> hanging unless userspace is thawed.
> 
> This change checks if the current task is the suspending task and if so
> it will allow it to proceed with a reboot from the non-init pid ns.

I don't know the code flow too well here, but shouldn't init_pid_ns
always be doing the reboot regardless of anything else?

Also how is this syscall running if current is frozen? This feels weird
to me... shouldn't the frozen test be against pid_ns->child_reaper
instead of current?

-Kees

-- 
Kees Cook