Re: [PATCH] Implement decoding of NS_* ioctl commands

Sun, 09 Apr 2017 17:23:23 -0700 

On Fri, Apr 07, 2017 at 09:23:04PM +0700, Nikolay Marchuk wrote:
[...]
> +int
> +nsfs_ioctl(struct tcb *tcp, unsigned int code, kernel_ulong_t arg)
> +{
> +     uid_t uid;
> +     switch (code) {
> +     case NS_GET_USERNS:
> +     case NS_GET_PARENT:
> +             return 1 + RVAL_FD + RVAL_DECODED;
> +     case NS_GET_NSTYPE:
> +             if (entering(tcp))
> +                     return 0;
> +             if (!syserror(tcp)) {
> +                     const char *outstr;
> +                     outstr = xlookup(setns_types, tcp->u_rval);
> +                     if (outstr) {
> +                             tcp->auxstr = outstr;
> +                             return 1 + RVAL_STR;
> +                     }
> +             }
> +             return 1;
> +     case NS_GET_OWNER_UID:
> +             if (entering(tcp))
> +                     return 0;
> +             tprints(", ");
> +             if (!umove_or_printaddr(tcp, arg, &uid)) {
> +                     printuid("[", uid);
> +                     tprints("]");
> +             }
> +             return 1;

printuid takes an unsigned int as uid and other parsers except those
defined in uid.c do not use uid_t.  As the libc's idea of uid_t may differ
from kernel's, let's use unsigned int so far.

[...]
> --- a/tests/gen_tests.in
> +++ b/tests/gen_tests.in
> @@ -123,6 +123,7 @@ ioctl_evdev-v     +ioctl-v.sh
>  ioctl_loop   +ioctl.test
>  ioctl_loop-v +ioctl-v.sh
>  ioctl_mtd    +ioctl.test
> +ioctl_nsfs   -a16 -e trace=ioctl -esignal=none

The grep -v '^ioctl([012],' thing all ioctl*.test scripts do
is not for nothing.  The previous variant was fine but this one
is not going to work with libcs that do ioctl calls on standard
descriptors.

[...]
> +#define STACK_SIZE 1024
> +
> +static void
> +test_user_namespace(void)
> +{
> +     char stack[STACK_SIZE];

Now it's less than a page.

> +     pid_t pid;
> +     int pipefd[2];
> +     int rc, status;
> +
> +     rc = pipe(pipefd);
> +     if (rc == -1)
> +             perror_msg_and_skip("pipe");
> +
> +     pid = clone(child, stack + STACK_SIZE, (CLONE_NEWUSER | CLONE_UNTRACED
> +                 | SIGCHLD), pipefd);

Try tail_alloc(1) + 1 as a child stack address, it should be safer.


-- 
ldv

Attachment: signature.asc
Description: PGP signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Strace-devel mailing list
Strace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/strace-devel

Reply via email to