mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-10 07:50:04 +00:00
execve reverts for v6.0-rc7
- Remove the recent "unshare time namespace on vfork+exec" feature (Andrei Vagin) -----BEGIN PGP SIGNATURE----- iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmMoxpIWHGtlZXNjb29r QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJpd/D/9V7iLUZoquMvXFonv//sRH21P+ u7vH03q0X4lSov73jdjizq8znZl9RVO14IYi+6lQE8VHyOjzjBoTALRPnirNCyGa Ia8P+LPaOHDTDQmGqt+9xmPKp3z0qwrpWWyTrFHLo7GRzWtI0QjQsSlgUTIz7jCw dSwLRWN6n7d3hzNzFWt9VUOOlzpip8NTcnAbC9YA5dPFLO85+wZ4ZpMYYfFJMcQj N/Zm63lrqAU0wy7EhonkKJQDjgRP/zYUs6VJMejHqYl951SrZJ+DgXEGaAwR14Sz IZAUhSM5Fl8alhkrcmlkiy9A5P014iVRR6AaSyeT2616fac97wY1EWHxvBMqzNsB AJJqjPHoN+mc8cqt9lMyIhbmS8WkTuyTHziEcFyyTVsNYGYN6x9hVVZalqPrl8o3 Y3zC6MfRK33JNVB2GZVUzsf5EZC3mjz9VJKKmLwYmG4X7/JOvIVCiW123b060T7z b49PzI+0rTG8SHTk1I/T8NpWuvLRTCglzZK06q971uyT80xPoGD/HmSpmm+86dHs k3WV2qBoz31Eaoewa3NJqn6pBxQLy9WAZP6rJb3aQSFwDRCuvKO4CUpHAXILt5U+ SoarR5445zVzY3NYHaf/3BRsEnCQS06U67ma0lAmMWk4J3ehFOY0DrRqtLJ02iwd sKJD/KnKC+IEcLjrAA== =yFGx -----END PGP SIGNATURE----- Merge tag 'execve-v6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull execve reverts from Kees Cook: "The recent work to support time namespace unsharing turns out to have some undesirable corner cases, so rather than allowing the API to stay exposed for another release, it'd be best to remove it ASAP, with the replacement getting another cycle of testing. Nothing is known to use this yet, so no userspace breakage is expected. For more details, see: https://lore.kernel.org/lkml/ed418e43ad28b8688cfea2b7c90fce1c@ispras.ru Summary: - Remove the recent 'unshare time namespace on vfork+exec' feature (Andrei Vagin)" * tag 'execve-v6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: Revert "fs/exec: allow to unshare a time namespace on vfork+exec" Revert "selftests/timens: add a test for vfork+exit"
This commit is contained in:
commit
f489921dba
@ -65,7 +65,6 @@
|
||||
#include <linux/io_uring.h>
|
||||
#include <linux/syscall_user_dispatch.h>
|
||||
#include <linux/coredump.h>
|
||||
#include <linux/time_namespace.h>
|
||||
|
||||
#include <linux/uaccess.h>
|
||||
#include <asm/mmu_context.h>
|
||||
@ -979,12 +978,10 @@ static int exec_mmap(struct mm_struct *mm)
|
||||
{
|
||||
struct task_struct *tsk;
|
||||
struct mm_struct *old_mm, *active_mm;
|
||||
bool vfork;
|
||||
int ret;
|
||||
|
||||
/* Notify parent that we're no longer interested in the old VM */
|
||||
tsk = current;
|
||||
vfork = !!tsk->vfork_done;
|
||||
old_mm = current->mm;
|
||||
exec_mm_release(tsk, old_mm);
|
||||
if (old_mm)
|
||||
@ -1029,10 +1026,6 @@ static int exec_mmap(struct mm_struct *mm)
|
||||
tsk->mm->vmacache_seqnum = 0;
|
||||
vmacache_flush(tsk);
|
||||
task_unlock(tsk);
|
||||
|
||||
if (vfork)
|
||||
timens_on_fork(tsk->nsproxy, tsk);
|
||||
|
||||
if (old_mm) {
|
||||
mmap_read_unlock(old_mm);
|
||||
BUG_ON(active_mm != old_mm);
|
||||
|
@ -2047,11 +2047,8 @@ static __latent_entropy struct task_struct *copy_process(
|
||||
/*
|
||||
* If the new process will be in a different time namespace
|
||||
* do not allow it to share VM or a thread group with the forking task.
|
||||
*
|
||||
* On vfork, the child process enters the target time namespace only
|
||||
* after exec.
|
||||
*/
|
||||
if ((clone_flags & (CLONE_VM | CLONE_VFORK)) == CLONE_VM) {
|
||||
if (clone_flags & (CLONE_THREAD | CLONE_VM)) {
|
||||
if (nsp->time_ns != nsp->time_ns_for_children)
|
||||
return ERR_PTR(-EINVAL);
|
||||
}
|
||||
|
@ -179,7 +179,6 @@ int copy_namespaces(unsigned long flags, struct task_struct *tsk)
|
||||
if (IS_ERR(new_ns))
|
||||
return PTR_ERR(new_ns);
|
||||
|
||||
if ((flags & CLONE_VM) == 0)
|
||||
timens_on_fork(new_ns, tsk);
|
||||
|
||||
tsk->nsproxy = new_ns;
|
||||
|
@ -1,4 +1,4 @@
|
||||
TEST_GEN_PROGS := timens timerfd timer clock_nanosleep procfs exec futex vfork_exec
|
||||
TEST_GEN_PROGS := timens timerfd timer clock_nanosleep procfs exec futex
|
||||
TEST_GEN_PROGS_EXTENDED := gettime_perf
|
||||
|
||||
CFLAGS := -Wall -Werror -pthread
|
||||
|
@ -1,90 +0,0 @@
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
#define _GNU_SOURCE
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <sched.h>
|
||||
#include <stdio.h>
|
||||
#include <stdbool.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "log.h"
|
||||
#include "timens.h"
|
||||
|
||||
#define OFFSET (36000)
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
struct timespec now, tst;
|
||||
int status, i;
|
||||
pid_t pid;
|
||||
|
||||
if (argc > 1) {
|
||||
if (sscanf(argv[1], "%ld", &now.tv_sec) != 1)
|
||||
return pr_perror("sscanf");
|
||||
|
||||
for (i = 0; i < 2; i++) {
|
||||
_gettime(CLOCK_MONOTONIC, &tst, i);
|
||||
if (abs(tst.tv_sec - now.tv_sec) > 5)
|
||||
return pr_fail("%ld %ld\n", now.tv_sec, tst.tv_sec);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
nscheck();
|
||||
|
||||
ksft_set_plan(1);
|
||||
|
||||
clock_gettime(CLOCK_MONOTONIC, &now);
|
||||
|
||||
if (unshare_timens())
|
||||
return 1;
|
||||
|
||||
if (_settime(CLOCK_MONOTONIC, OFFSET))
|
||||
return 1;
|
||||
|
||||
for (i = 0; i < 2; i++) {
|
||||
_gettime(CLOCK_MONOTONIC, &tst, i);
|
||||
if (abs(tst.tv_sec - now.tv_sec) > 5)
|
||||
return pr_fail("%ld %ld\n",
|
||||
now.tv_sec, tst.tv_sec);
|
||||
}
|
||||
|
||||
pid = vfork();
|
||||
if (pid < 0)
|
||||
return pr_perror("fork");
|
||||
|
||||
if (pid == 0) {
|
||||
char now_str[64];
|
||||
char *cargv[] = {"exec", now_str, NULL};
|
||||
char *cenv[] = {NULL};
|
||||
|
||||
// Check that we are still in the source timens.
|
||||
for (i = 0; i < 2; i++) {
|
||||
_gettime(CLOCK_MONOTONIC, &tst, i);
|
||||
if (abs(tst.tv_sec - now.tv_sec) > 5)
|
||||
return pr_fail("%ld %ld\n",
|
||||
now.tv_sec, tst.tv_sec);
|
||||
}
|
||||
|
||||
/* Check for proper vvar offsets after execve. */
|
||||
snprintf(now_str, sizeof(now_str), "%ld", now.tv_sec + OFFSET);
|
||||
execve("/proc/self/exe", cargv, cenv);
|
||||
return pr_perror("execve");
|
||||
}
|
||||
|
||||
if (waitpid(pid, &status, 0) != pid)
|
||||
return pr_perror("waitpid");
|
||||
|
||||
if (status)
|
||||
ksft_exit_fail();
|
||||
|
||||
ksft_test_result_pass("exec\n");
|
||||
ksft_exit_pass();
|
||||
return 0;
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user