From: Serge Hallyn <serge.hallyn@ubuntu.com>
To: Chen Gang <gang.chen@asianux.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Serge Hallyn <serge.hallyn@canonical.com>,
Oleg Nesterov <oleg@redhat.com>,
Andy Lutomirski <luto@amacapital.net>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] kernel: user_namespace: always set the return parameter 'new_cred' when call unshare_userns() successfully.
Date: Tue, 20 Aug 2013 09:10:32 -0500 [thread overview]
Message-ID: <20130820141032.GA4766@sergelap> (raw)
In-Reply-To: <5212DA37.1090101@asianux.com>
Quoting Chen Gang (gang.chen@asianux.com):
> When unshare_userns() succeed, recommend to always set the return
> parameter which may be used by caller.
>
> The caller has rights to call it with 'new_cred' uninitialized, if
> succeed, the caller can assume the 'new_cred' has been initialized.
But the only existing caller (sys_unshare) does in fact initialize it to
NULL. So while this patch does no harm, is it necessary?
> Signed-off-by: Chen Gang <gang.chen@asianux.com>
> ---
> include/linux/user_namespace.h | 1 +
> kernel/user_namespace.c | 4 +++-
> 2 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
> index b6b215f..3159af5 100644
> --- a/include/linux/user_namespace.h
> +++ b/include/linux/user_namespace.h
> @@ -75,6 +75,7 @@ static inline int unshare_userns(unsigned long unshare_flags,
> {
> if (unshare_flags & CLONE_NEWUSER)
> return -EINVAL;
> + *new_cred = NULL;
> return 0;
> }
>
> diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
> index 6e50a44..6b90818 100644
> --- a/kernel/user_namespace.c
> +++ b/kernel/user_namespace.c
> @@ -107,8 +107,10 @@ int unshare_userns(unsigned long unshare_flags, struct cred **new_cred)
> struct cred *cred;
> int err = -ENOMEM;
>
> - if (!(unshare_flags & CLONE_NEWUSER))
> + if (!(unshare_flags & CLONE_NEWUSER)) {
> + *new_cred = NULL;
> return 0;
> + }
>
> cred = prepare_creds();
> if (cred) {
> --
> 1.7.7.6
next prev parent reply other threads:[~2013-08-20 14:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-20 2:53 [PATCH] kernel: user_namespace: always set the return parameter 'new_cred' when call unshare_userns() successfully Chen Gang
2013-08-20 14:10 ` Serge Hallyn [this message]
2013-08-20 14:37 ` Oleg Nesterov
2013-08-21 4:15 ` Chen Gang
2013-08-21 11:57 ` Oleg Nesterov
2013-08-22 1:30 ` Chen Gang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130820141032.GA4766@sergelap \
--to=serge.hallyn@ubuntu.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=gang.chen@asianux.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oleg@redhat.com \
--cc=serge.hallyn@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.