From: Sukadev Bhattiprolu <sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
To: Andrew Morton <akpm-3NddpPZAyC0@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>,
serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Alexey Dobriyan
<adobriyan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>,
hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org,
Nathan Lynch <nathanl-V7BBcbaFuwjMbYB6QlFGEg@public.gmane.org>,
haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org,
Matt Helsley <matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>,
arnd-r2nGTMty4D4@public.gmane.org,
roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
mtk.manpages-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
Subject: [v13][PATCH 06/12] Check invalid clone flags
Date: Wed, 25 Nov 2009 10:59:03 -0800 [thread overview]
Message-ID: <20091125185903.GG30858@us.ibm.com> (raw)
In-Reply-To: <20091125185543.GA30858-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
From: Sukadev Bhattiprolu <sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
Subject: [v13][PATCH 06/12] Check invalid clone flags
As pointed out by Oren Laadan, we want to ensure that unused bits in the
clone-flags remain unused and available for future. To ensure this, define
a mask of clone-flags and check the flags in the clone() system calls.
Changelog[v9]:
- Include the unused clone-flag (CLONE_UNUSED) to VALID_CLONE_FLAGS
to avoid breaking any applications that may have set it. IOW, this
patch/check only applies to clone-flags bits 33 and higher.
Changelog[v8]:
- New patch in set
Signed-off-by: Sukadev Bhattiprolu <sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
---
include/linux/sched.h | 12 ++++++++++++
kernel/fork.c | 3 +++
2 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 75e6e60..a4d2c23 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -29,6 +29,18 @@
#define CLONE_NEWNET 0x40000000 /* New network namespace */
#define CLONE_IO 0x80000000 /* Clone io context */
+#define CLONE_UNUSED 0x00001000 /* Can be reused ? */
+
+#define VALID_CLONE_FLAGS (CSIGNAL | CLONE_VM | CLONE_FS | CLONE_FILES |\
+ CLONE_SIGHAND | CLONE_UNUSED | CLONE_PTRACE |\
+ CLONE_VFORK | CLONE_PARENT | CLONE_THREAD |\
+ CLONE_NEWNS | CLONE_SYSVSEM | CLONE_SETTLS |\
+ CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID |\
+ CLONE_DETACHED | CLONE_UNTRACED |\
+ CLONE_CHILD_SETTID | CLONE_STOPPED |\
+ CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER |\
+ CLONE_NEWPID | CLONE_NEWNET | CLONE_IO)
+
/*
* Scheduling policies
*/
diff --git a/kernel/fork.c b/kernel/fork.c
index 72c76a1..317adcf 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -982,6 +982,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
struct task_struct *p;
int cgroup_callbacks_done = 0;
+ if (clone_flags & ~VALID_CLONE_FLAGS)
+ return ERR_PTR(-EINVAL);
+
if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
return ERR_PTR(-EINVAL);
--
1.6.0.4
WARNING: multiple messages have this Message-ID (diff)
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org, Oren Laadan <orenl@cs.columbia.edu>,
serue@us.ibm.com, "Eric W. Biederman" <ebiederm@xmission.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Pavel Emelyanov <xemul@openvz.org>,
hpa@zytor.com, Nathan Lynch <nathanl@austin.ibm.com>,
haveblue@us.ibm.com, Matt Helsley <matthltc@us.ibm.com>,
arnd@arndb.de, roland@redhat.com, mtk.manpages@googlemail.com,
linux-api@vger.kernel.org,
Containers <containers@lists.linux-foundation.org>
Subject: [v13][PATCH 06/12] Check invalid clone flags
Date: Wed, 25 Nov 2009 10:59:03 -0800 [thread overview]
Message-ID: <20091125185903.GG30858@us.ibm.com> (raw)
In-Reply-To: <20091125185543.GA30858@us.ibm.com>
From: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Subject: [v13][PATCH 06/12] Check invalid clone flags
As pointed out by Oren Laadan, we want to ensure that unused bits in the
clone-flags remain unused and available for future. To ensure this, define
a mask of clone-flags and check the flags in the clone() system calls.
Changelog[v9]:
- Include the unused clone-flag (CLONE_UNUSED) to VALID_CLONE_FLAGS
to avoid breaking any applications that may have set it. IOW, this
patch/check only applies to clone-flags bits 33 and higher.
Changelog[v8]:
- New patch in set
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
---
include/linux/sched.h | 12 ++++++++++++
kernel/fork.c | 3 +++
2 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 75e6e60..a4d2c23 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -29,6 +29,18 @@
#define CLONE_NEWNET 0x40000000 /* New network namespace */
#define CLONE_IO 0x80000000 /* Clone io context */
+#define CLONE_UNUSED 0x00001000 /* Can be reused ? */
+
+#define VALID_CLONE_FLAGS (CSIGNAL | CLONE_VM | CLONE_FS | CLONE_FILES |\
+ CLONE_SIGHAND | CLONE_UNUSED | CLONE_PTRACE |\
+ CLONE_VFORK | CLONE_PARENT | CLONE_THREAD |\
+ CLONE_NEWNS | CLONE_SYSVSEM | CLONE_SETTLS |\
+ CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID |\
+ CLONE_DETACHED | CLONE_UNTRACED |\
+ CLONE_CHILD_SETTID | CLONE_STOPPED |\
+ CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER |\
+ CLONE_NEWPID | CLONE_NEWNET | CLONE_IO)
+
/*
* Scheduling policies
*/
diff --git a/kernel/fork.c b/kernel/fork.c
index 72c76a1..317adcf 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -982,6 +982,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
struct task_struct *p;
int cgroup_callbacks_done = 0;
+ if (clone_flags & ~VALID_CLONE_FLAGS)
+ return ERR_PTR(-EINVAL);
+
if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
return ERR_PTR(-EINVAL);
--
1.6.0.4
next prev parent reply other threads:[~2009-11-25 18:59 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-25 18:55 [v13][PATCH 00/12] Implement eclone() system call Sukadev Bhattiprolu
2009-11-25 18:55 ` Sukadev Bhattiprolu
2009-11-25 18:58 ` [v13][PATCH 04/12] Add target_pids parameter to alloc_pid() Sukadev Bhattiprolu
2009-11-25 18:58 ` [v13][PATCH 05/12] Add target_pids parameter to copy_process() Sukadev Bhattiprolu
2009-11-25 18:59 ` [v13][PATCH 08/12] Implement sys_eclone for x86 Sukadev Bhattiprolu
2009-11-25 19:00 ` [v13][PATCH 10/12] Implement sys_eclone for s390 Sukadev Bhattiprolu
[not found] ` <20091125185543.GA30858-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-11-25 18:56 ` [v13][PATCH 01/12] Factor out code to allocate pidmap page Sukadev Bhattiprolu
2009-11-25 18:56 ` Sukadev Bhattiprolu
2009-11-25 18:56 ` Sukadev Bhattiprolu
2009-11-25 18:57 ` [v13][PATCH 02/12] Have alloc_pidmap() return actual error code Sukadev Bhattiprolu
2009-11-25 18:57 ` Sukadev Bhattiprolu
2009-11-25 18:57 ` Sukadev Bhattiprolu
2009-11-25 18:58 ` [v13][PATCH 03/12] Define set_pidmap() function Sukadev Bhattiprolu
2009-11-25 18:58 ` Sukadev Bhattiprolu
2009-11-25 18:58 ` Sukadev Bhattiprolu
2009-11-25 18:58 ` [v13][PATCH 04/12] Add target_pids parameter to alloc_pid() Sukadev Bhattiprolu
2009-11-25 18:58 ` [v13][PATCH 05/12] Add target_pids parameter to copy_process() Sukadev Bhattiprolu
2009-11-25 18:59 ` [v13][PATCH 06/12] Check invalid clone flags Sukadev Bhattiprolu
2009-11-25 18:59 ` Sukadev Bhattiprolu [this message]
2009-11-25 18:59 ` Sukadev Bhattiprolu
2009-11-25 18:59 ` [v13][PATCH 07/12] Define do_fork_with_pids() Sukadev Bhattiprolu
2009-11-25 18:59 ` Sukadev Bhattiprolu
2009-11-25 18:59 ` Sukadev Bhattiprolu
2009-11-25 18:59 ` [v13][PATCH 08/12] Implement sys_eclone for x86 Sukadev Bhattiprolu
2009-11-25 18:59 ` [v13][PATCH 09/12] Implement sys_eclone for x86_64 Sukadev Bhattiprolu
2009-11-25 18:59 ` Sukadev Bhattiprolu
2009-11-25 18:59 ` Sukadev Bhattiprolu
2009-11-25 19:00 ` [v13][PATCH 10/12] Implement sys_eclone for s390 Sukadev Bhattiprolu
2009-11-25 19:00 ` [v13][PATCH 11/12] Implement sys_eclone for powerpc Sukadev Bhattiprolu
2009-11-25 19:00 ` Sukadev Bhattiprolu
2009-11-25 19:00 ` Sukadev Bhattiprolu
2009-11-25 19:02 ` [v13][PATCH 12/12] Document sys_eclone Sukadev Bhattiprolu
2009-11-25 19:02 ` Sukadev Bhattiprolu
2009-11-25 19:02 ` Sukadev Bhattiprolu
-- strict thread matches above, loose matches on Subject: below --
2009-11-24 20:04 [v13][PATCH 00/12] Implement eclone() system call Sukadev Bhattiprolu
[not found] ` <20091124200449.GA24400-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-11-24 20:08 ` [v13][PATCH 06/12] Check invalid clone flags Sukadev Bhattiprolu
2009-11-24 20:08 ` Sukadev Bhattiprolu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091125185903.GG30858@us.ibm.com \
--to=sukadev-23vcf4htsmix0ybbhkvfkdbpr1lh4cv8@public.gmane.org \
--cc=adobriyan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=akpm-3NddpPZAyC0@public.gmane.org \
--cc=arnd-r2nGTMty4D4@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=mtk.manpages-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org \
--cc=nathanl-V7BBcbaFuwjMbYB6QlFGEg@public.gmane.org \
--cc=orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org \
--cc=roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.