[v9][PATCH 6/9] Check invalid clone flags
Oren Laadan
orenl at librato.com
Sun Oct 25 10:08:16 PDT 2009
Sukadev Bhattiprolu wrote:
> Subject: [v9][PATCH 6/9] Check invalid clone flags
>
> As pointed out by Oren Laadan, we want to ensure that unused bits in the
> clone-flags remain unused and available for future. To ensure this, define
> a mask of clone-flags and check the flags in the clone() system calls.
>
> Changelog[v9]:
> - Include the unused clone-flag (CLONE_UNUSED) to VALID_CLONE_FLAGS
> to avoid breaking any applications that may have set it. IOW, this
> patch/check only applies to clone-flags bits 33 and higher.
>
> Changelog[v8]:
> - New patch in set
>
> Signed-off-by: Sukadev Bhattiprolu <sukadev at linux.vnet.ibm.com>
Acked-by: Oren Laadan <orenl at cs.columbia.edu>
> ---
> include/linux/sched.h | 12 ++++++++++++
> kernel/fork.c | 3 +++
> 2 files changed, 15 insertions(+), 0 deletions(-)
>
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index 75e6e60..6b319a0 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -29,6 +29,18 @@
> #define CLONE_NEWNET 0x40000000 /* New network namespace */
> #define CLONE_IO 0x80000000 /* Clone io context */
>
> +#define CLONE_UNUSED 0x00001000 /* Can be reused ? */
> +
> +#define VALID_CLONE_FLAGS (CSIGNAL | CLONE_VM | CLONE_FS | CLONE_FILES |\
> + CLONE_SIGHAND | CLONE_UNUSED | CLONE_PTRACE |\
> + CLONE_VFORK | CLONE_PARENT | CLONE_THREAD |\
> + CLONE_NEWNS | CLONE_SYSVSEM | CLONE_SETTLS |\
> + CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID |\
> + CLONE_DETACHED | CLONE_UNTRACED |\
> + CLONE_CHILD_SETTID | CLONE_STOPPED |\
> + CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER |\
> + CLONE_NEWPID | CLONE_NEWNET| CLONE_IO)
> +
> /*
> * Scheduling policies
> */
> diff --git a/kernel/fork.c b/kernel/fork.c
> index c8a06de..11f77ed 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -982,6 +982,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
> struct task_struct *p;
> int cgroup_callbacks_done = 0;
>
> + if (clone_flags & ~VALID_CLONE_FLAGS)
> + return ERR_PTR(-EINVAL);
> +
> if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
> return ERR_PTR(-EINVAL);
>
More information about the Containers
mailing list