From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3D92C433EF for ; Wed, 15 Jun 2022 08:00:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3B4FF6B0072; Wed, 15 Jun 2022 04:00:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3655D6B0074; Wed, 15 Jun 2022 04:00:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 22C4F6B0075; Wed, 15 Jun 2022 04:00:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 139F16B0072 for ; Wed, 15 Jun 2022 04:00:14 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay12.hostedemail.com (Postfix) with ESMTP id C45D6121372 for ; Wed, 15 Jun 2022 08:00:13 +0000 (UTC) X-FDA: 79579722306.18.8B90ED3 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf25.hostedemail.com (Postfix) with ESMTP id 28EDAA009D for ; Wed, 15 Jun 2022 08:00:12 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 6F39EB81CD2; Wed, 15 Jun 2022 08:00:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 504EBC3411C; Wed, 15 Jun 2022 08:00:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1655280010; bh=6o2MLb7XsHU6M7CsxZwl9gU0PjtAnZxBcDJopoaGghk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=J73RlTgReelg60xIHa6SbH9ABCINdG6etM3gufAng5o/7xJta1xs0IfGGfcHazS8m aZAi0dajO7cTixfjIfrGvsbPdYhJCFYIsrjXypRuFrCa7Vmg/UzrE/Ksvc9Z8/GGQM V1R3xHUGZPN6FCJFKR3Z0Q87Ce2r65zodfEQymgxSZkjFIt4+Fw5Zfgrh0yZIiynSe DJCd9mpYcolL8oprd15ZcKNyLzByWqcvxYhfln13h1YzcgiEU1Nd0V/6i3Qt2p7Sw9 31o6UVTbPST+LX8ahzkQsyuIo24AfhVODhfZhWP4BitR75puSJg1yV3Tkqisv3jVR6 0PjWiiItStX1g== Date: Wed, 15 Jun 2022 10:00:00 +0200 From: Christian Brauner To: Florian Weimer Cc: Kees Cook , Andrei Vagin , linux-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com>, linux-mm@kvack.org, Eric Biederman Subject: Re: [PATCH 1/2] fs/exec: allow to unshare a time namespace on vfork+exec Message-ID: <20220615080000.qtxeosohhyfabzmg@wittgenstein> References: <20220613060723.197407-1-avagin@gmail.com> <202206141412.2B0732FF6C@keescook> <874k0mqs5i.fsf@oldenburg.str.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <874k0mqs5i.fsf@oldenburg.str.redhat.com> ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655280013; a=rsa-sha256; cv=none; b=8Gk8Kd4+R21RRR39HpatmSTj4y5x0JFC3UfPq6P889seMWDCeRQH88/oGMZ/rin2EUfzzI lN8kX35VVaAsv6kG7btYlGh/eQs1gg3f7tIqItSwJFVZcZKqGRH4T/A/7EsVqTV+9x62p1 1ahU8IiYaZFnQxIAszUc0MTEkI6Uy4g= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=J73RlTgR; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of brauner@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=brauner@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655280013; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Co2KL3cGGDV+1Dy4bgqNA5umYKbHo7gobbEyZpJ0Ns0=; b=RCLnWeXZ35hrXw0mM287xEabXUpIKMc9J7Eo6yOtX3NMIZZMOMUftDsOPnRQsklaq8I2I5 rNZLtWtCvMc4TrDgS2YiuLBVf5GeOVX6IHzuS6zX2aIEo0CnzmUP1tkvzek0Y22tSl3yRm yrP/p6ZXBQuyHF5RZo4O4SiFZNp/xDM= X-Rspamd-Queue-Id: 28EDAA009D X-Rspam-User: Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=J73RlTgR; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of brauner@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=brauner@kernel.org X-Rspamd-Server: rspam06 X-Stat-Signature: ikqid44eg6bzbsmq78gkcfhkgrwj7yqy X-HE-Tag: 1655280012-115906 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Jun 15, 2022 at 09:53:29AM +0200, Florian Weimer wrote: > * Kees Cook: > > > On Sun, Jun 12, 2022 at 11:07:22PM -0700, Andrei Vagin wrote: > >> Right now, a new process can't be forked in another time namespace > >> if it shares mm with its parent. It is prohibited, because each time > >> namespace has its own vvar page that is mapped into a process address > >> space. > >> > >> When a process calls exec, it gets a new mm and so it could be "legal" > >> to switch time namespace in that case. This was not implemented and > >> now if we want to do this, we need to add another clone flag to not > >> break backward compatibility. > >> > >> We don't have any user requests to switch times on exec except the > >> vfork+exec combination, so there is no reason to add a new clone flag. > >> As for vfork+exec, this should be safe to allow switching timens with > >> the current clone flag. Right now, vfork (CLONE_VFORK | CLONE_VM) fails > >> if a child is forked into another time namespace. With this change, > >> vfork creates a new process in parent's timens, and the following exec > >> does the actual switch to the target time namespace. > > > > This seems like a very special case. None of the other namespaces do > > this, do they? > > I think this started with CLONE_NEWPID, which had a similar delayed > effect with unshare: it happens only after fork, not for the current > process image. I think it's just a limitation of the unshare interface. > Some of the effects simply have to be delayed due to their nature. I tried to give more context in another mail wrt to time namespaces specifically. For pid namespaces one problem would be that it could end up confusing a process about its own pid. This was a more serious problem when the pid cache was still active in glibc; but fwiw systemd still has a pid cache afair. Christian