subject:"\[Kernel\-packages\] \[Bug 1755857\] Re\: devpts\: handle bind\-mounts"

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

2019-07-24 Thread Brad Figg

** Tags added: cscc

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755857

Title:
devpts: handle bind-mounts

Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released

Bug description:
Hey everyone,

I sent a few patches to fix a regression caused by wrong behavior in
the devpts filesystem when used with the TIOCGPTPEER ioctl() we
implemented a while back. The context and reproducer can be taken from
my following commit message. The required patches are in Greg's tree
and are:

1.
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=7d71109df186d630a41280670c8d71d0cf9b0da9
2.
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=a319b01d9095da6f6c54bd20c1f1300762506255
3.
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=4e15f760a43c7cb88e2b7ad6882501ccab5de29f
4.
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=ce290a19609d5ecd4a240a4750e0ed9a476cf015

devpts: resolve devpts bind-mounts
Most libcs will still look at /dev/ptmx when opening the master fd of a pty
device. When /dev/ptmx is a bind-mount of /dev/pts/ptmx and the TIOCGPTPEER
ioctl() is used to safely retrieve a file descriptor for the slave side of
the pty based on the master fd, the /proc/self/fd/{0,1,2} symlinks will
point to /. A very simply reproducer for this issue presupposing a libc
that uses TIOCGPTPEER in its openpty() implementation is:

unshare --mount
mount --bind /dev/pts/ptmx /dev/ptmx
chmod 666 /dev/ptmx
script
ls -al /proc/self/fd/0

Having bind-mounts of /dev/pts/ptmx to /dev/ptmx not working correctly is a
regression. In addition, it is also a fairly common scenario in containers
employing user namespaces.

The reason for the current failure is that the kernel tries to verify the
useability of the devpts filesystem without resolving the /dev/ptmx
bind-mount first. This will lead it to detect that the dentry is escaping
its bind-mount. The reason is that while the devpts filesystem mounted at
/dev/pts has the devtmpfs mounted at /dev as its parent mount:

21 -- -- / /dev
-- 21 -- / /dev/pts

devtmpfs and devpts are on different devices

-- -- 0:6 / /dev
-- -- 0:20 / /dev/pts

This has the consequence that the pathname of the parent directory of the
devpts filesystem mount at /dev/pts is /. So if /dev/ptmx is a bind-mount
of /dev/pts/ptmx then the /dev/ptmx bind-mount and the devpts mount at
/dev/pts will end up being located on the same device which is recorded in
the superblock of their vfsmount. This means the parent directory of the
/dev/ptmx bind-mount will be /ptmx:

-- -- /ptmx /dev/ptmx

Without the bind-mount resolution patch the kernel will now perform the
bind-mount escape check directly on /dev/ptmx. The function responsible for
this is devpts_ptmx_path() which calls pts_path() which in turn calls
path_parent_directory(). Based on the above explanation,
path_parent_directory() will yield / as the parent directory for the
/dev/ptmx bind-mount and not the expected /dev. Thus, the kernel detects
that /dev/ptmx is escaping its bind-mount and will set /proc//fd/
to /.

This patch changes the logic to first resolve any bind-mounts. After the
bind-mounts have been resolved (i.e. we have traced it back to the
associated devpts mount) devpts_ptmx_path() can be called. In order to
guarantee correct path generation for the slave file descriptor the kernel
now requires that a pts directory is found in the parent directory of the
ptmx bind-mount. This implies that when doing bind-mounts the ptmx
bind-mount and the devpts mount should have a common parent directory. A
valid example is:

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /dev/ptmx

an invalid example is:

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx

This allows us to support:
- calling open on ptmx devices located inside non-standard devpts mounts:
mount -t devpts devpts /mnt
master = open("/mnt/ptmx", ...);
slave = ioctl(master, TIOCGPTPEER, ...);
- calling open on ptmx devices located outside the devpts mount with a
common ancestor directory:
mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /dev/ptmx
master = open("/dev/ptmx", ...);
slave = ioctl(master, TIOCGPTPEER, ...);

while failing on ptmx devices located outside the devpts mount without a
common ancestor directory:
mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx
master = open("/ptmx", ...);
slave = ioctl(master, TIOCGPTPEER, ...);

in which case save path generation cannot be guaranteed.

To manage notifications about this bug go to:
https://bugs.launchpad

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

2019-02-14 Thread Brad Figg

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
bionic' to 'verification-done-bionic'. If the problem still exists,
change the tag 'verification-needed-bionic' to 'verification-failed-
bionic'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!

** Tags added: verification-needed-bionic

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755857

Title:
devpts: handle bind-mounts

Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released

Bug description:
Hey everyone,

unshare --mount
mount --bind /dev/pts/ptmx /dev/ptmx
chmod 666 /dev/ptmx
script
ls -al /proc/self/fd/0

Having bind-mounts of /dev/pts/ptmx to /dev/ptmx not working correctly is a
regression. In addition, it is also a fairly common scenario in containers
employing user namespaces.

21 -- -- / /dev
-- 21 -- / /dev/pts

devtmpfs and devpts are on different devices

-- -- 0:6 / /dev
-- -- 0:20 / /dev/pts

-- -- /ptmx /dev/ptmx

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /dev/ptmx

an invalid example is:

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

2019-02-14 Thread Andy Whitcroft

This bug was erroneously marked for verification in bionic; verification
is not required and verification-needed-bionic is being removed.

** Tags removed: verification-needed-bionic

** Tags added: verification-done-bionic

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755857

Title:
devpts: handle bind-mounts

Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released

Bug description:
Hey everyone,

unshare --mount
mount --bind /dev/pts/ptmx /dev/ptmx
chmod 666 /dev/ptmx
script
ls -al /proc/self/fd/0

Having bind-mounts of /dev/pts/ptmx to /dev/ptmx not working correctly is a
regression. In addition, it is also a fairly common scenario in containers
employing user namespaces.

21 -- -- / /dev
-- 21 -- / /dev/pts

devtmpfs and devpts are on different devices

-- -- 0:6 / /dev
-- -- 0:20 / /dev/pts

-- -- /ptmx /dev/ptmx

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /dev/ptmx

an invalid example is:

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx

while failing on ptmx devices located outside the devpts mount without a
common ancestor directory:
mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

2019-02-14 Thread Andy Whitcroft

** Tags removed: verification-needed-bionic
** Tags added: kernel-fixup-verification-needed-bionic

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755857

Title:
  devpts: handle bind-mounts

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released

Bug description:
  Hey everyone,

  I sent a few patches to fix a regression caused by wrong behavior in
  the devpts filesystem when used with the TIOCGPTPEER ioctl() we
  implemented a while back. The context and reproducer can be taken from
  my following commit message. The required patches are in Greg's tree
  and are:

  1. 
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=7d71109df186d630a41280670c8d71d0cf9b0da9
  2. 
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=a319b01d9095da6f6c54bd20c1f1300762506255
  3. 
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=4e15f760a43c7cb88e2b7ad6882501ccab5de29f
  4. 
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=ce290a19609d5ecd4a240a4750e0ed9a476cf015

  devpts: resolve devpts bind-mounts
  Most libcs will still look at /dev/ptmx when opening the master fd of a pty
  device. When /dev/ptmx is a bind-mount of /dev/pts/ptmx and the TIOCGPTPEER
  ioctl() is used to safely retrieve a file descriptor for the slave side of
  the pty based on the master fd, the /proc/self/fd/{0,1,2} symlinks will
  point to /. A very simply reproducer for this issue presupposing a libc
  that uses TIOCGPTPEER in its openpty() implementation is:

  unshare --mount
  mount --bind /dev/pts/ptmx /dev/ptmx
  chmod 666 /dev/ptmx
  script
  ls -al /proc/self/fd/0

  Having bind-mounts of /dev/pts/ptmx to /dev/ptmx not working correctly is a
  regression. In addition, it is also a fairly common scenario in containers
  employing user namespaces.

  The reason for the current failure is that the kernel tries to verify the
  useability of the devpts filesystem without resolving the /dev/ptmx
  bind-mount first. This will lead it to detect that the dentry is escaping
  its bind-mount. The reason is that while the devpts filesystem mounted at
  /dev/pts has the devtmpfs mounted at /dev as its parent mount:

  21 -- -- / /dev
  -- 21 -- / /dev/pts

  devtmpfs and devpts are on different devices

  -- -- 0:6  / /dev
  -- -- 0:20 / /dev/pts

  This has the consequence that the pathname of the parent directory of the
  devpts filesystem mount at /dev/pts is /. So if /dev/ptmx is a bind-mount
  of /dev/pts/ptmx then the /dev/ptmx bind-mount and the devpts mount at
  /dev/pts will end up being located on the same device which is recorded in
  the superblock of their vfsmount. This means the parent directory of the
  /dev/ptmx bind-mount will be /ptmx:

  -- --  /ptmx /dev/ptmx

  Without the bind-mount resolution patch the kernel will now perform the
  bind-mount escape check directly on /dev/ptmx. The function responsible for
  this is devpts_ptmx_path() which calls pts_path() which in turn calls
  path_parent_directory(). Based on the above explanation,
  path_parent_directory() will yield / as the parent directory for the
  /dev/ptmx bind-mount and not the expected /dev. Thus, the kernel detects
  that /dev/ptmx is escaping its bind-mount and will set /proc//fd/
  to /.

  This patch changes the logic to first resolve any bind-mounts. After the
  bind-mounts have been resolved (i.e. we have traced it back to the
  associated devpts mount) devpts_ptmx_path() can be called. In order to
  guarantee correct path generation for the slave file descriptor the kernel
  now requires that a pts directory is found in the parent directory of the
  ptmx bind-mount. This implies that when doing bind-mounts the ptmx
  bind-mount and the devpts mount should have a common parent directory. A
  valid example is:

  mount -t devpts devpts /dev/pts
  mount --bind /dev/pts/ptmx /dev/ptmx

  an invalid example is:

  mount -t devpts devpts /dev/pts
  mount --bind /dev/pts/ptmx /ptmx

  This allows us to support:
  - calling open on ptmx devices located inside non-standard devpts mounts:
mount -t devpts devpts /mnt
master = open("/mnt/ptmx", ...);
slave = ioctl(master, TIOCGPTPEER, ...);
  - calling open on ptmx devices located outside the devpts mount with a
common ancestor directory:
mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /dev/ptmx
master = open("/dev/ptmx", ...);
slave = ioctl(master, TIOCGPTPEER, ...);

  while failing on ptmx devices located outside the devpts mount without a
  common ancestor directory:
mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx
master = open("/ptmx", ...);
slave = ioctl(master, TIOCGPTPEER, ...);

  in which case save path generation cannot be gu

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

2019-02-14 Thread Brad Figg

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!

** Tags added: verification-needed-bionic

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755857

Title:
devpts: handle bind-mounts

Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released

Bug description:
Hey everyone,

unshare --mount
mount --bind /dev/pts/ptmx /dev/ptmx
chmod 666 /dev/ptmx
script
ls -al /proc/self/fd/0

Having bind-mounts of /dev/pts/ptmx to /dev/ptmx not working correctly is a
regression. In addition, it is also a fairly common scenario in containers
employing user namespaces.

21 -- -- / /dev
-- 21 -- / /dev/pts

devtmpfs and devpts are on different devices

-- -- 0:6 / /dev
-- -- 0:20 / /dev/pts

-- -- /ptmx /dev/ptmx

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /dev/ptmx

an invalid example is:

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

2018-03-26 Thread Launchpad Bug Tracker

This bug was fixed in the package linux - 4.15.0-13.14

---
linux (4.15.0-13.14) bionic; urgency=medium

  * linux: 4.15.0-13.14 -proposed tracker (LP: #1756408)

  * devpts: handle bind-mounts (LP: #1755857)
- SAUCE: devpts: hoist out check for DEVPTS_SUPER_MAGIC
- SAUCE: devpts: resolve devpts bind-mounts
- SAUCE: devpts: comment devpts_mntget()
- SAUCE: selftests: add devpts selftests

  * [bionic][arm64] d-i: add hisi_sas_v3_hw to scsi-modules (LP: #1756103)
- d-i: add hisi_sas_v3_hw to scsi-modules

  * [Bionic][ARM64] enable ROCE and HNS3 driver support for hip08 SoC
(LP: #1756097)
- RDMA/hns: Refactor eq code for hip06
- RDMA/hns: Add eq support of hip08
- RDMA/hns: Add detailed comments for mb() call
- RDMA/hns: Add rq inline data support for hip08 RoCE
- RDMA/hns: Update the usage of sr_max and rr_max field
- RDMA/hns: Set access flags of hip08 RoCE
- RDMA/hns: Filter for zero length of sge in hip08 kernel mode
- RDMA/hns: Fix QP state judgement before sending work requests
- RDMA/hns: Assign dest_qp when deregistering mr
- RDMA/hns: Fix endian problems around imm_data and rkey
- RDMA/hns: Assign the correct value for tx_cqn
- RDMA/hns: Create gsi qp in hip08
- RDMA/hns: Add gsi qp support for modifying qp in hip08
- RDMA/hns: Fill sq wqe context of ud type in hip08
- RDMA/hns: Assign zero for pkey_index of wc in hip08
- RDMA/hns: Update the verbs of polling for completion
- RDMA/hns: Set the guid for hip08 RoCE device
- net: hns3: Refactor of the reset interrupt handling logic
- net: hns3: Add reset service task for handling reset requests
- net: hns3: Refactors the requested reset & pending reset handling code
- net: hns3: Add HNS3 VF IMP(Integrated Management Proc) cmd interface
- net: hns3: Add mailbox support to VF driver
- net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support
- net: hns3: Add HNS3 VF driver to kernel build framework
- net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC
- net: hns3: Add mailbox support to PF driver
- net: hns3: Change PF to add ring-vect binding & resetQ to mailbox
- net: hns3: Add mailbox interrupt handling to PF driver
- net: hns3: add support to query tqps number
- net: hns3: add support to modify tqps number
- net: hns3: change the returned tqp number by ethtool -x
- net: hns3: free the ring_data structrue when change tqps
- net: hns3: get rss_size_max from configuration but not hardcode
- net: hns3: add a mask initialization for mac_vlan table
- net: hns3: add vlan offload config command
- net: hns3: add ethtool related offload command
- net: hns3: add handling vlan tag offload in bd
- net: hns3: cleanup mac auto-negotiation state query
- net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg
- net: hns3: add support for set_pauseparam
- net: hns3: add support to update flow control settings after autoneg
- net: hns3: add Asym Pause support to phy default features
- net: hns3: add support for querying advertised pause frame by ethtool ethx
- net: hns3: Increase the default depth of bucket for TM shaper
- net: hns3: change TM sched mode to TC-based mode when SRIOV enabled
- net: hns3: hns3_get_channels() can be static
- net: hns3: Add ethtool interface for vlan filter
- net: hns3: Disable VFs change rxvlan offload status
- net: hns3: Unify the strings display of packet statistics
- net: hns3: Fix spelling errors
- net: hns3: Remove repeat statistic of rx_errors
- net: hns3: Modify the update period of packet statistics
- net: hns3: Mask the packet statistics query when NIC is down
- net: hns3: Fix an error of total drop packet statistics
- net: hns3: Fix a loop index error of tqp statistics query
- net: hns3: Fix an error macro definition of HNS3_TQP_STAT
- net: hns3: Remove a useless member of struct hns3_stats
- net: hns3: Add packet statistics of netdev
- net: hns3: Fix a response data read error of tqp statistics query
- net: hns3: fix for updating fc_mode_last_time
- net: hns3: fix for setting MTU
- net: hns3: fix for changing MTU
- net: hns3: add MTU initialization for hardware
- net: hns3: fix for not setting pause parameters
- net: hns3: remove redundant semicolon
- net: hns3: Add more packet size statisctics
- Revert "net: hns3: Add packet statistics of netdev"
- net: hns3: report the function type the same line with 
hns3_nic_get_stats64
- net: hns3: add ethtool_ops.get_channels support for VF
- net: hns3: remove TSO config command from VF driver
- net: hns3: add ethtool_ops.get_coalesce support to PF
- net: hns3: add ethtool_ops.set_coalesce support to PF
- net: hns3: refactor interrupt coalescing init function
- net: hns3: refactor GL update function
- net: hns3: remove unused

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

2018-03-16 Thread Thadeu Lima de Souza Cascardo

** Changed in: linux (Ubuntu Bionic)
Status: Triaged => Fix Committed

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755857

Title:
devpts: handle bind-mounts

Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Bionic:
Fix Committed

Bug description:
Hey everyone,

unshare --mount
mount --bind /dev/pts/ptmx /dev/ptmx
chmod 666 /dev/ptmx
script
ls -al /proc/self/fd/0

Having bind-mounts of /dev/pts/ptmx to /dev/ptmx not working correctly is a
regression. In addition, it is also a fairly common scenario in containers
employing user namespaces.

21 -- -- / /dev
-- 21 -- / /dev/pts

devtmpfs and devpts are on different devices

-- -- 0:6 / /dev
-- -- 0:20 / /dev/pts

-- -- /ptmx /dev/ptmx

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /dev/ptmx

an invalid example is:

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx

in which case save path generation cannot be guaranteed.

To manage

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

2018-03-15 Thread Christian Brauner

TIOCGPTPEER was introduced in 4.13 so if we could backport it to the kernels we
still support that would be great.
The patches will likely also be included in upstream stable updates.

Thanks!
Christian

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755857

Title:
devpts: handle bind-mounts

Status in linux package in Ubuntu:
Triaged
Status in linux source package in Bionic:
Triaged

Bug description:
Hey everyone,

unshare --mount
mount --bind /dev/pts/ptmx /dev/ptmx
chmod 666 /dev/ptmx
script
ls -al /proc/self/fd/0

Having bind-mounts of /dev/pts/ptmx to /dev/ptmx not working correctly is a
regression. In addition, it is also a fairly common scenario in containers
employing user namespaces.

21 -- -- / /dev
-- 21 -- / /dev/pts

devtmpfs and devpts are on different devices

-- -- 0:6 / /dev
-- -- 0:20 / /dev/pts

-- -- /ptmx /dev/ptmx

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /dev/ptmx

an invalid example is:

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx

while failing on ptmx devices located outside the devpts mount without a
common ancestor directory:
mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx
master = open("/ptmx", ...);

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

2018-03-15 Thread Joseph Salisbury

Are these patches only needed in Bionic, or do you need them in prior
releases as well?

** Also affects: linux (Ubuntu Bionic)
   Importance: Undecided
   Status: Confirmed

** Changed in: linux (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Bionic)
   Status: Confirmed => Triaged

** Tags added: bionic kernel-da-key

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755857

Title:
  devpts: handle bind-mounts

Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Bionic:
  Triaged

Bug description:
  Hey everyone,

  I sent a few patches to fix a regression caused by wrong behavior in
  the devpts filesystem when used with the TIOCGPTPEER ioctl() we
  implemented a while back. The context and reproducer can be taken from
  my following commit message. The required patches are in Greg's tree
  and are:

  1. 
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=7d71109df186d630a41280670c8d71d0cf9b0da9
  2. 
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=a319b01d9095da6f6c54bd20c1f1300762506255
  3. 
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=4e15f760a43c7cb88e2b7ad6882501ccab5de29f
  4. 
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=ce290a19609d5ecd4a240a4750e0ed9a476cf015

  devpts: resolve devpts bind-mounts
  Most libcs will still look at /dev/ptmx when opening the master fd of a pty
  device. When /dev/ptmx is a bind-mount of /dev/pts/ptmx and the TIOCGPTPEER
  ioctl() is used to safely retrieve a file descriptor for the slave side of
  the pty based on the master fd, the /proc/self/fd/{0,1,2} symlinks will
  point to /. A very simply reproducer for this issue presupposing a libc
  that uses TIOCGPTPEER in its openpty() implementation is:

  unshare --mount
  mount --bind /dev/pts/ptmx /dev/ptmx
  chmod 666 /dev/ptmx
  script
  ls -al /proc/self/fd/0

  Having bind-mounts of /dev/pts/ptmx to /dev/ptmx not working correctly is a
  regression. In addition, it is also a fairly common scenario in containers
  employing user namespaces.

  The reason for the current failure is that the kernel tries to verify the
  useability of the devpts filesystem without resolving the /dev/ptmx
  bind-mount first. This will lead it to detect that the dentry is escaping
  its bind-mount. The reason is that while the devpts filesystem mounted at
  /dev/pts has the devtmpfs mounted at /dev as its parent mount:

  21 -- -- / /dev
  -- 21 -- / /dev/pts

  devtmpfs and devpts are on different devices

  -- -- 0:6  / /dev
  -- -- 0:20 / /dev/pts

  This has the consequence that the pathname of the parent directory of the
  devpts filesystem mount at /dev/pts is /. So if /dev/ptmx is a bind-mount
  of /dev/pts/ptmx then the /dev/ptmx bind-mount and the devpts mount at
  /dev/pts will end up being located on the same device which is recorded in
  the superblock of their vfsmount. This means the parent directory of the
  /dev/ptmx bind-mount will be /ptmx:

  -- --  /ptmx /dev/ptmx

  Without the bind-mount resolution patch the kernel will now perform the
  bind-mount escape check directly on /dev/ptmx. The function responsible for
  this is devpts_ptmx_path() which calls pts_path() which in turn calls
  path_parent_directory(). Based on the above explanation,
  path_parent_directory() will yield / as the parent directory for the
  /dev/ptmx bind-mount and not the expected /dev. Thus, the kernel detects
  that /dev/ptmx is escaping its bind-mount and will set /proc//fd/
  to /.

  This patch changes the logic to first resolve any bind-mounts. After the
  bind-mounts have been resolved (i.e. we have traced it back to the
  associated devpts mount) devpts_ptmx_path() can be called. In order to
  guarantee correct path generation for the slave file descriptor the kernel
  now requires that a pts directory is found in the parent directory of the
  ptmx bind-mount. This implies that when doing bind-mounts the ptmx
  bind-mount and the devpts mount should have a common parent directory. A
  valid example is:

  mount -t devpts devpts /dev/pts
  mount --bind /dev/pts/ptmx /dev/ptmx

  an invalid example is:

  mount -t devpts devpts /dev/pts
  mount --bind /dev/pts/ptmx /ptmx

  This allows us to support:
  - calling open on ptmx devices located inside non-standard devpts mounts:
mount -t devpts devpts /mnt
master = open("/mnt/ptmx", ...);
slave = ioctl(master, TIOCGPTPEER, ...);
  - calling open on ptmx devices located outside the devpts mount with a
common ancestor directory:
mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /dev/ptmx
master = open("/dev/ptmx", ...);
slave = ioctl(master, TIOCGPTPEER, ...);

  while failing on ptmx devices located outside the de

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

2018-03-14 Thread Christian Brauner

** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755857

Title:
devpts: handle bind-mounts

Status in linux package in Ubuntu:
Confirmed

Bug description:
Hey everyone,

unshare --mount
mount --bind /dev/pts/ptmx /dev/ptmx
chmod 666 /dev/ptmx
script
ls -al /proc/self/fd/0

Having bind-mounts of /dev/pts/ptmx to /dev/ptmx not working correctly is a
regression. In addition, it is also a fairly common scenario in containers
employing user namespaces.

21 -- -- / /dev
-- 21 -- / /dev/pts

devtmpfs and devpts are on different devices

-- -- 0:6 / /dev
-- -- 0:20 / /dev/pts

-- -- /ptmx /dev/ptmx

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /dev/ptmx

an invalid example is:

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx

in which case save path generation cannot be guaranteed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

2018-03-14 Thread Christian Brauner

Oh sorry, it would be great if we could cherry-pick these as this
currently breaks users. Sorry for all the pre-release extra work this
causes. :)

Christian

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755857

Title:
devpts: handle bind-mounts

Status in linux package in Ubuntu:
Incomplete

Bug description:
Hey everyone,

unshare --mount
mount --bind /dev/pts/ptmx /dev/ptmx
chmod 666 /dev/ptmx
script
ls -al /proc/self/fd/0

Having bind-mounts of /dev/pts/ptmx to /dev/ptmx not working correctly is a
regression. In addition, it is also a fairly common scenario in containers
employing user namespaces.

21 -- -- / /dev
-- 21 -- / /dev/pts

devtmpfs and devpts are on different devices

-- -- 0:6 / /dev
-- -- 0:20 / /dev/pts

-- -- /ptmx /dev/ptmx

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /dev/ptmx

an invalid example is:

mount -t devpts devpts /dev/pts
mount --bind /dev/pts/ptmx /ptmx

in which case save path generation cannot be gu

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

[Kernel-packages] [Bug 1755857] Re: devpts: handle bind-mounts

11 matches

Site Navigation

Mail list logo

Footer information