From: Sukadev Bhattiprolu <sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
To: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
Cc: Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
Subject: [v10][PATCH 6/9] Check invalid clone flags
Date: Sun, 1 Nov 2009 12:45:13 -0800 [thread overview]
Message-ID: <20091101204513.GE23168@us.ibm.com> (raw)
In-Reply-To: <20091101204132.GA22116-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
From: Sukadev Bhattiprolu <sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Date: Tue, 20 Oct 2009 21:52:40 -0700
Subject: [v10][PATCH 6/9] Check invalid clone flags
As pointed out by Oren Laadan, we want to ensure that unused bits in the
clone-flags remain unused and available for future. To ensure this, define
a mask of clone-flags and check the flags in the clone() system calls.
Changelog[v9]:
- Include the unused clone-flag (CLONE_UNUSED) to VALID_CLONE_FLAGS
to avoid breaking any applications that may have set it. IOW, this
patch/check only applies to clone-flags bits 33 and higher.
Changelog[v8]:
- New patch in set
Signed-off-by: Sukadev Bhattiprolu <sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
---
include/linux/sched.h | 12 ++++++++++++
kernel/fork.c | 3 +++
2 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 75e6e60..6b319a0 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -29,6 +29,18 @@
#define CLONE_NEWNET 0x40000000 /* New network namespace */
#define CLONE_IO 0x80000000 /* Clone io context */
+#define CLONE_UNUSED 0x00001000 /* Can be reused ? */
+
+#define VALID_CLONE_FLAGS (CSIGNAL | CLONE_VM | CLONE_FS | CLONE_FILES |\
+ CLONE_SIGHAND | CLONE_UNUSED | CLONE_PTRACE |\
+ CLONE_VFORK | CLONE_PARENT | CLONE_THREAD |\
+ CLONE_NEWNS | CLONE_SYSVSEM | CLONE_SETTLS |\
+ CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID |\
+ CLONE_DETACHED | CLONE_UNTRACED |\
+ CLONE_CHILD_SETTID | CLONE_STOPPED |\
+ CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER |\
+ CLONE_NEWPID | CLONE_NEWNET| CLONE_IO)
+
/*
* Scheduling policies
*/
diff --git a/kernel/fork.c b/kernel/fork.c
index c8a06de..11f77ed 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -982,6 +982,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
struct task_struct *p;
int cgroup_callbacks_done = 0;
+ if (clone_flags & ~VALID_CLONE_FLAGS)
+ return ERR_PTR(-EINVAL);
+
if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
return ERR_PTR(-EINVAL);
--
1.6.0.4
next prev parent reply other threads:[~2009-11-01 20:45 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-01 20:41 [v10][PATCH] Implement clone_with_pids() syscall Sukadev Bhattiprolu
[not found] ` <20091101204132.GA22116-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-11-01 20:42 ` [v10][PATCH 1/9] Factor out code to allocate pidmap page Sukadev Bhattiprolu
2009-11-01 20:43 ` [v10][PATCH 2/9] Have alloc_pidmap() return actual error code Sukadev Bhattiprolu
2009-11-01 20:44 ` [v10][PATCH 3/9] Define set_pidmap() function Sukadev Bhattiprolu
2009-11-01 20:44 ` [v10][PATCH 4/9] Add target_pids parameter to alloc_pid() Sukadev Bhattiprolu
2009-11-01 20:44 ` [v10][PATCH 5/9] Add target_pids parameter to copy_process() Sukadev Bhattiprolu
2009-11-01 20:45 ` Sukadev Bhattiprolu [this message]
2009-11-01 20:45 ` [v10][PATCH 7/9] Define do_fork_with_pids() Sukadev Bhattiprolu
2009-11-01 20:45 ` [v10][PATCH 8/9] Define clone_with_pids() syscall Sukadev Bhattiprolu
[not found] ` <20091101204548.GG23168-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-11-02 18:09 ` Oren Laadan
[not found] ` <4AEF2077.5080107-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-11-03 6:44 ` Sukadev Bhattiprolu
[not found] ` <20091103064454.GA22483-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-11-03 8:46 ` Arnd Bergmann
2009-11-03 16:16 ` Dave Hansen
2009-11-03 17:16 ` Sukadev Bhattiprolu
2009-11-04 0:32 ` Sukadev Bhattiprolu
2009-11-01 20:46 ` [v10][PATCH 9/9] Document " Sukadev Bhattiprolu
2009-11-02 18:10 ` [v10][PATCH] Implement " Oren Laadan
[not found] ` <4AEF207F.3000904-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-11-02 20:17 ` Sukadev Bhattiprolu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091101204513.GE23168@us.ibm.com \
--to=sukadev-23vcf4htsmix0ybbhkvfkdbpr1lh4cv8@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.