From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5CEDBC433EF
	for <linux-mm@archiver.kernel.org>; Wed, 15 Jun 2022 07:38:09 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id D4A006B0072; Wed, 15 Jun 2022 03:38:08 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id CF9BA6B0073; Wed, 15 Jun 2022 03:38:08 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id BC22E6B0074; Wed, 15 Jun 2022 03:38:08 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id AE1C46B0072
	for <linux-mm@kvack.org>; Wed, 15 Jun 2022 03:38:08 -0400 (EDT)
Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay06.hostedemail.com (Postfix) with ESMTP id 827C335974
	for <linux-mm@kvack.org>; Wed, 15 Jun 2022 07:38:08 +0000 (UTC)
X-FDA: 79579666656.20.00A42F5
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
	by imf19.hostedemail.com (Postfix) with ESMTP id E705F1A0085
	for <linux-mm@kvack.org>; Wed, 15 Jun 2022 07:38:07 +0000 (UTC)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ams.source.kernel.org (Postfix) with ESMTPS id 20888B81C6E;
	Wed, 15 Jun 2022 07:38:06 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0F388C34115;
	Wed, 15 Jun 2022 07:38:02 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1655278684;
	bh=pnJOadH0YoVYYLx7ob0PUxPv2n/UnPgyF8EolnCZrbY=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=RvOGNKRRwXhGy2FvnDnMyyiJiDF8bAs6H34OrzJlqLwvtNizOdtmDrEs09uRlG1+t
	 NtdGkOxBtCfc1q7/7FKQ8AeyKzIwID/6CkjxKgN2le0Gd01dtDo57qiUdCr7PfrvWF
	 jnEMGPHkHFCq4/+V+hF21ZtjN5r3wbFOlDLV2l+y5k7mIM5ahtcEWAfmvgm5TUWAKS
	 8HQUDnR8ZeEjdzzjMyMsPBEXK6+gn0M1AVzHRJS2b4U9zPjnCmk+gY6JVw6zYoUE+5
	 aN5Wf0f92EEgFpIswA50vKygBlA3kzt3L7zlub5AMLYYnyy6ZRuC/DtpAO4clfqIBp
	 w77byS+JdT4Mw==
Date: Wed, 15 Jun 2022 09:37:59 +0200
From: Christian Brauner <brauner@kernel.org>
To: Andrei Vagin <avagin@gmail.com>
Cc: linux-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com>,
	Florian Weimer <fweimer@redhat.com>, linux-mm@kvack.org,
	Eric Biederman <ebiederm@xmission.com>,
	Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH 1/2] fs/exec: allow to unshare a time namespace on
 vfork+exec
Message-ID: <20220615073759.ps63einipnptgpnk@wittgenstein>
References: <20220613060723.197407-1-avagin@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20220613060723.197407-1-avagin@gmail.com>
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655278688; a=rsa-sha256;
	cv=none;
	b=n5glvRjGFR9RndbcnH1TZ9pVKkwY9+8hvvwdzYFDcfP2K6UPp1Rtjkb0eEvMbN0cy+zfpi
	JAVF1UxQOvJH58sAlveVPC36U3NJhwE8OUgzmXaXvSfWwwcnMzePR1R38XCUwW0m3KHa1J
	9qTndt1iyxHSgYpj8GG3U0HPYScKaYE=
ARC-Authentication-Results: i=1;
	imf19.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=RvOGNKRR;
	spf=pass (imf19.hostedemail.com: domain of brauner@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=brauner@kernel.org;
	dmarc=pass (policy=none) header.from=kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1655278688;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=pTEN2x9+WUQxvEz4mYhFwJlLwC14hZMgZcahSDrx6Vs=;
	b=3VtH/WAIowg9LNEl9XrLB+cPv53T54fPjr5i9hs9h465WVsVK7koedWkeDtYLi8Bgppn3n
	sm+x0fmrQdTmPqqbzA/QXRTVVgjK+uR8Q/DRjuJki3EBM/IJ9eWf443eKrPobUtO7GKCD4
	9con9yTdX6skUcnPMnvl9L/zyRqAPcQ=
X-Rspam-User: 
X-Rspamd-Server: rspam01
X-Rspamd-Queue-Id: E705F1A0085
X-Stat-Signature: ptde68o7eqf1jg4hpgouemzpz8fhfcg5
Authentication-Results: imf19.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=RvOGNKRR;
	spf=pass (imf19.hostedemail.com: domain of brauner@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=brauner@kernel.org;
	dmarc=pass (policy=none) header.from=kernel.org
X-HE-Tag: 1655278687-297683
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Sun, Jun 12, 2022 at 11:07:22PM -0700, Andrei Vagin wrote:
> Right now, a new process can't be forked in another time namespace
> if it shares mm with its parent. It is prohibited, because each time
> namespace has its own vvar page that is mapped into a process address
> space.
> 
> When a process calls exec, it gets a new mm and so it could be "legal"
> to switch time namespace in that case. This was not implemented and
> now if we want to do this, we need to add another clone flag to not
> break backward compatibility.
> 
> We don't have any user requests to switch times on exec except the
> vfork+exec combination, so there is no reason to add a new clone flag.
> As for vfork+exec, this should be safe to allow switching timens with
> the current clone flag. Right now, vfork (CLONE_VFORK | CLONE_VM) fails
> if a child is forked into another time namespace. With this change,
> vfork creates a new process in parent's timens, and the following exec
> does the actual switch to the target time namespace.
> 
> Suggested-by: Florian Weimer <fweimer@redhat.com>
> Signed-off-by: Andrei Vagin <avagin@gmail.com>
> ---

Looks good,
Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org>