'Re: [v9][PATCH 6/9] Check invalid clone flags'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-api
Subject:    Re: [v9][PATCH 6/9] Check invalid clone flags
From:       Oren Laadan <orenl () librato ! com>
Date:       2009-10-25 17:08:16
Message-ID: 4AE48600.8030800 () librato ! com
[Download RAW message or body]



Sukadev Bhattiprolu wrote:
> Subject: [v9][PATCH 6/9] Check invalid clone flags
> 
> As pointed out by Oren Laadan, we want to ensure that unused bits in the
> clone-flags remain unused and available for future. To ensure this, define
> a mask of clone-flags and check the flags in the clone() system calls.
> 
> Changelog[v9]:
> 	- Include the unused clone-flag (CLONE_UNUSED) to VALID_CLONE_FLAGS
> 	  to avoid breaking any applications that may have set it. IOW, this
> 	  patch/check only applies to clone-flags bits 33 and higher.
> 
> Changelog[v8]:
> 	- New patch in set
> 
> Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>

Acked-by: Oren Laadan <orenl@cs.columbia.edu>

> ---
>  include/linux/sched.h |   12 ++++++++++++
>  kernel/fork.c         |    3 +++
>  2 files changed, 15 insertions(+), 0 deletions(-)
> 
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index 75e6e60..6b319a0 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -29,6 +29,18 @@
>  #define CLONE_NEWNET		0x40000000	/* New network namespace */
>  #define CLONE_IO		0x80000000	/* Clone io context */
>  
> +#define CLONE_UNUSED        	0x00001000	/* Can be reused ? */
> +
> +#define VALID_CLONE_FLAGS	(CSIGNAL | CLONE_VM | CLONE_FS | CLONE_FILES |\
> +				 CLONE_SIGHAND | CLONE_UNUSED | CLONE_PTRACE |\
> +				 CLONE_VFORK  | CLONE_PARENT | CLONE_THREAD  |\
> +				 CLONE_NEWNS  | CLONE_SYSVSEM | CLONE_SETTLS |\
> +				 CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID  |\
> +				 CLONE_DETACHED | CLONE_UNTRACED             |\
> +				 CLONE_CHILD_SETTID | CLONE_STOPPED          |\
> +				 CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER |\
> +				 CLONE_NEWPID | CLONE_NEWNET| CLONE_IO)
> +
>  /*
>   * Scheduling policies
>   */
> diff --git a/kernel/fork.c b/kernel/fork.c
> index c8a06de..11f77ed 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -982,6 +982,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
>  	struct task_struct *p;
>  	int cgroup_callbacks_done = 0;
>  
> +	if (clone_flags & ~VALID_CLONE_FLAGS)
> +		return ERR_PTR(-EINVAL);
> +
>  	if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
>  		return ERR_PTR(-EINVAL);
>  
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic