diff options
| author | Dmitry V. Levin <ldv@altlinux.org> | 2019-07-14 12:20:47 -0400 |
|---|---|---|
| committer | Christian Brauner <christian@brauner.io> | 2019-07-14 14:36:12 -0400 |
| commit | 028b6e8a89de9133a869bb4cd1bc72445b1ec8ca (patch) | |
| tree | 1f7464eb4b1f64d20def0019a2818e8c3e9c2c74 | |
| parent | 964a4eacef67503a1154f7e0a75f52fbdce52022 (diff) | |
clone: fix CLONE_PIDFD support
The introduction of clone3 syscall accidentally broke CLONE_PIDFD
support in traditional clone syscall on compat x86 and those
architectures that use do_fork to implement clone syscall.
This bug was found by strace test suite.
Link: https://strace.io/logs/strace/2019-07-12
Fixes: 7f192e3cd316 ("fork: add clone3")
Bisected-and-tested-by: Anatoly Pugachev <matorola@gmail.com>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Link: https://lore.kernel.org/r/20190714162047.GB10389@altlinux.org
Signed-off-by: Christian Brauner <christian@brauner.io>
| -rw-r--r-- | arch/x86/ia32/sys_ia32.c | 4 | ||||
| -rw-r--r-- | include/linux/sched/task.h | 1 | ||||
| -rw-r--r-- | kernel/fork.c | 17 |
3 files changed, 20 insertions, 2 deletions
diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c index 64a6c952091e..21790307121e 100644 --- a/arch/x86/ia32/sys_ia32.c +++ b/arch/x86/ia32/sys_ia32.c | |||
| @@ -239,6 +239,7 @@ COMPAT_SYSCALL_DEFINE5(x86_clone, unsigned long, clone_flags, | |||
| 239 | { | 239 | { |
| 240 | struct kernel_clone_args args = { | 240 | struct kernel_clone_args args = { |
| 241 | .flags = (clone_flags & ~CSIGNAL), | 241 | .flags = (clone_flags & ~CSIGNAL), |
| 242 | .pidfd = parent_tidptr, | ||
| 242 | .child_tid = child_tidptr, | 243 | .child_tid = child_tidptr, |
| 243 | .parent_tid = parent_tidptr, | 244 | .parent_tid = parent_tidptr, |
| 244 | .exit_signal = (clone_flags & CSIGNAL), | 245 | .exit_signal = (clone_flags & CSIGNAL), |
| @@ -246,5 +247,8 @@ COMPAT_SYSCALL_DEFINE5(x86_clone, unsigned long, clone_flags, | |||
| 246 | .tls = tls_val, | 247 | .tls = tls_val, |
| 247 | }; | 248 | }; |
| 248 | 249 | ||
| 250 | if (!legacy_clone_args_valid(&args)) | ||
| 251 | return -EINVAL; | ||
| 252 | |||
| 249 | return _do_fork(&args); | 253 | return _do_fork(&args); |
| 250 | } | 254 | } |
diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h index 109a0df5af39..0497091e40c1 100644 --- a/include/linux/sched/task.h +++ b/include/linux/sched/task.h | |||
| @@ -89,6 +89,7 @@ extern void exit_files(struct task_struct *); | |||
| 89 | extern void exit_itimers(struct signal_struct *); | 89 | extern void exit_itimers(struct signal_struct *); |
| 90 | 90 | ||
| 91 | extern long _do_fork(struct kernel_clone_args *kargs); | 91 | extern long _do_fork(struct kernel_clone_args *kargs); |
| 92 | extern bool legacy_clone_args_valid(const struct kernel_clone_args *kargs); | ||
| 92 | extern long do_fork(unsigned long, unsigned long, unsigned long, int __user *, int __user *); | 93 | extern long do_fork(unsigned long, unsigned long, unsigned long, int __user *, int __user *); |
| 93 | struct task_struct *fork_idle(int); | 94 | struct task_struct *fork_idle(int); |
| 94 | struct mm_struct *copy_init_mm(void); | 95 | struct mm_struct *copy_init_mm(void); |
diff --git a/kernel/fork.c b/kernel/fork.c index 8f3e2d97d771..ef1e05a68827 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
| @@ -2406,6 +2406,16 @@ long _do_fork(struct kernel_clone_args *args) | |||
| 2406 | return nr; | 2406 | return nr; |
| 2407 | } | 2407 | } |
| 2408 | 2408 | ||
| 2409 | bool legacy_clone_args_valid(const struct kernel_clone_args *kargs) | ||
| 2410 | { | ||
| 2411 | /* clone(CLONE_PIDFD) uses parent_tidptr to return a pidfd */ | ||
| 2412 | if ((kargs->flags & CLONE_PIDFD) && | ||
| 2413 | (kargs->flags & CLONE_PARENT_SETTID)) | ||
| 2414 | return false; | ||
| 2415 | |||
| 2416 | return true; | ||
| 2417 | } | ||
| 2418 | |||
| 2409 | #ifndef CONFIG_HAVE_COPY_THREAD_TLS | 2419 | #ifndef CONFIG_HAVE_COPY_THREAD_TLS |
| 2410 | /* For compatibility with architectures that call do_fork directly rather than | 2420 | /* For compatibility with architectures that call do_fork directly rather than |
| 2411 | * using the syscall entry points below. */ | 2421 | * using the syscall entry points below. */ |
| @@ -2417,6 +2427,7 @@ long do_fork(unsigned long clone_flags, | |||
| 2417 | { | 2427 | { |
| 2418 | struct kernel_clone_args args = { | 2428 | struct kernel_clone_args args = { |
| 2419 | .flags = (clone_flags & ~CSIGNAL), | 2429 | .flags = (clone_flags & ~CSIGNAL), |
| 2430 | .pidfd = parent_tidptr, | ||
| 2420 | .child_tid = child_tidptr, | 2431 | .child_tid = child_tidptr, |
| 2421 | .parent_tid = parent_tidptr, | 2432 | .parent_tid = parent_tidptr, |
| 2422 | .exit_signal = (clone_flags & CSIGNAL), | 2433 | .exit_signal = (clone_flags & CSIGNAL), |
| @@ -2424,6 +2435,9 @@ long do_fork(unsigned long clone_flags, | |||
| 2424 | .stack_size = stack_size, | 2435 | .stack_size = stack_size, |
| 2425 | }; | 2436 | }; |
| 2426 | 2437 | ||
| 2438 | if (!legacy_clone_args_valid(&args)) | ||
| 2439 | return -EINVAL; | ||
| 2440 | |||
| 2427 | return _do_fork(&args); | 2441 | return _do_fork(&args); |
| 2428 | } | 2442 | } |
| 2429 | #endif | 2443 | #endif |
| @@ -2505,8 +2519,7 @@ SYSCALL_DEFINE5(clone, unsigned long, clone_flags, unsigned long, newsp, | |||
| 2505 | .tls = tls, | 2519 | .tls = tls, |
| 2506 | }; | 2520 | }; |
| 2507 | 2521 | ||
| 2508 | /* clone(CLONE_PIDFD) uses parent_tidptr to return a pidfd */ | 2522 | if (!legacy_clone_args_valid(&args)) |
| 2509 | if ((clone_flags & CLONE_PIDFD) && (clone_flags & CLONE_PARENT_SETTID)) | ||
| 2510 | return -EINVAL; | 2523 | return -EINVAL; |
| 2511 | 2524 | ||
| 2512 | return _do_fork(&args); | 2525 | return _do_fork(&args); |