From nobody Mon Apr  6 00:09:41 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 77F9DC6FA82
	for <linux-kernel@archiver.kernel.org>; Tue, 13 Sep 2022 10:26:56 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231542AbiIMK03 (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 13 Sep 2022 06:26:29 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54102 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229765AbiIMKZ6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 13 Sep 2022 06:25:58 -0400
Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com
 [IPv6:2607:f8b0:4864:20::64a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5ED335C377
        for <linux-kernel@vger.kernel.org>;
 Tue, 13 Sep 2022 03:25:57 -0700 (PDT)
Received: by mail-pl1-x64a.google.com with SMTP id
 b11-20020a170902d50b00b0017828988079so5104210plg.21
        for <linux-kernel@vger.kernel.org>;
 Tue, 13 Sep 2022 03:25:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date;
        bh=oQ9VKh7lKBpZzXj2SDeGJNjqxKiaiW5G7hAjfWWdBTU=;
        b=ilkl91q2khqrM3k6yYYhdoXWllgFVjk+BgNjetxjvxzPRTIgHR+e1BH5du9ZjCT5Gg
         /Rp4txgH4Xld1+h9SuxGB+lChOxQaox28ihex1kPfKOnOXW/9sYFoBcyqhMwf/GDY399
         1fvGa8XUDGMUpI2shvEAIo9bnobtIA9uDkUtTeTTdky/mos6Gav7XOhceAa39YP9bCkd
         bretutUYIfD+ivU4LgLuwoWuD01AE79HdShW3Vd3hLh7gm6P82vDnuEvyDYgV0mvsw9q
         loK4+nLST/kSXDPpVYcydTfYe94VUTFfZ34R87l6VQlA0cokTPGKdy3dy1leMCSZSv7d
         r3tg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date;
        bh=oQ9VKh7lKBpZzXj2SDeGJNjqxKiaiW5G7hAjfWWdBTU=;
        b=z8eLOTMXd7rvhdfzPHu1y4wSG1ILAl01cRQ8ec6Sv2iS8mXGTZxLokIrixxFiQArSF
         6VEno/oyWAscLGsfGGcs/fVTrSTBgcPhKkFKRh6+GT/2G6Ypu4vrZVUpbeq1tvbRa5UK
         UXChdL833s3acuIH52Hv47Scp0zXr/gtmoluqAbe4QaxhmcetoCAktUEYCerO+BSP4OH
         HfbwouQBvyLtQgY+UG+6aNDz1u6gHX/EDPf7s4EWCXtat6loBLqRnr2wAcjKxy4zyKjm
         uhFtyhVPF9sgqh1Nyl5idE5e+GfVnMhtry7rEqOZZb2Ii6hoiAtE+4wJV1Lok8SiB2QH
         hWKg==
X-Gm-Message-State: ACgBeo0dMQrz1aTKUyQiCl2SjPmHHuH8SO8UDYyGBac8+f9ykyTAHC0n
        lDNcE1g0Z3OHgpwCak0qZdjbOWeVl+o=
X-Google-Smtp-Source: 
 AA6agR53NFC+FFC/wR5mAUlraCx09UxbNHyp1072SP0dv97lm+UTTmNdIVY7aC86t7sP/EZ9RqsOpL6xm/E=
X-Received: from avagin.kir.corp.google.com
 ([2620:15c:29:204:d94b:8d9d:2b23:6608])
 (user=avagin job=sendgmr) by 2002:a17:90b:4f44:b0:1f5:1310:9e7f with SMTP id
 pj4-20020a17090b4f4400b001f513109e7fmr3219470pjb.235.1663064756794; Tue, 13
 Sep 2022 03:25:56 -0700 (PDT)
Date: Tue, 13 Sep 2022 03:25:50 -0700
In-Reply-To: <20220913102551.1121611-1-avagin@google.com>
Mime-Version: 1.0
References: <20220913102551.1121611-1-avagin@google.com>
X-Mailer: git-send-email 2.37.2.789.g6183377224-goog
Message-ID: <20220913102551.1121611-2-avagin@google.com>
Subject: [PATCH 1/2] Revert "selftests/timens: add a test for vfork+exit"
From: Andrei Vagin <avagin@google.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, Andrei Vagin <avagin@google.com>,
        Andrei Vagin <avagin@gmail.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The next patch reverts the code that this test verified.

This reverts commit 6342140db6609a0c7d34f68c52b2947468e0e630.

Signed-off-by: Andrei Vagin <avagin@gmail.com>
---
 tools/testing/selftests/timens/Makefile     |  2 +-
 tools/testing/selftests/timens/vfork_exec.c | 90 ---------------------
 2 files changed, 1 insertion(+), 91 deletions(-)
 delete mode 100644 tools/testing/selftests/timens/vfork_exec.c

diff --git a/tools/testing/selftests/timens/Makefile b/tools/testing/selfte=
sts/timens/Makefile
index f0d51d4d2c87..3a5936cc10ab 100644
--- a/tools/testing/selftests/timens/Makefile
+++ b/tools/testing/selftests/timens/Makefile
@@ -1,4 +1,4 @@
-TEST_GEN_PROGS :=3D timens timerfd timer clock_nanosleep procfs exec futex=
 vfork_exec
+TEST_GEN_PROGS :=3D timens timerfd timer clock_nanosleep procfs exec futex
 TEST_GEN_PROGS_EXTENDED :=3D gettime_perf
=20
 CFLAGS :=3D -Wall -Werror -pthread
diff --git a/tools/testing/selftests/timens/vfork_exec.c b/tools/testing/se=
lftests/timens/vfork_exec.c
deleted file mode 100644
index e6ccd900f30a..000000000000
--- a/tools/testing/selftests/timens/vfork_exec.c
+++ /dev/null
@@ -1,90 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-#define _GNU_SOURCE
-#include <errno.h>
-#include <fcntl.h>
-#include <sched.h>
-#include <stdio.h>
-#include <stdbool.h>
-#include <sys/stat.h>
-#include <sys/syscall.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <time.h>
-#include <unistd.h>
-#include <string.h>
-
-#include "log.h"
-#include "timens.h"
-
-#define OFFSET (36000)
-
-int main(int argc, char *argv[])
-{
-	struct timespec now, tst;
-	int status, i;
-	pid_t pid;
-
-	if (argc > 1) {
-		if (sscanf(argv[1], "%ld", &now.tv_sec) !=3D 1)
-			return pr_perror("sscanf");
-
-		for (i =3D 0; i < 2; i++) {
-			_gettime(CLOCK_MONOTONIC, &tst, i);
-			if (abs(tst.tv_sec - now.tv_sec) > 5)
-				return pr_fail("%ld %ld\n", now.tv_sec, tst.tv_sec);
-		}
-		return 0;
-	}
-
-	nscheck();
-
-	ksft_set_plan(1);
-
-	clock_gettime(CLOCK_MONOTONIC, &now);
-
-	if (unshare_timens())
-		return 1;
-
-	if (_settime(CLOCK_MONOTONIC, OFFSET))
-		return 1;
-
-	for (i =3D 0; i < 2; i++) {
-		_gettime(CLOCK_MONOTONIC, &tst, i);
-		if (abs(tst.tv_sec - now.tv_sec) > 5)
-			return pr_fail("%ld %ld\n",
-					now.tv_sec, tst.tv_sec);
-	}
-
-	pid =3D vfork();
-	if (pid < 0)
-		return pr_perror("fork");
-
-	if (pid =3D=3D 0) {
-		char now_str[64];
-		char *cargv[] =3D {"exec", now_str, NULL};
-		char *cenv[] =3D {NULL};
-
-		// Check that we are still in the source timens.
-		for (i =3D 0; i < 2; i++) {
-			_gettime(CLOCK_MONOTONIC, &tst, i);
-			if (abs(tst.tv_sec - now.tv_sec) > 5)
-				return pr_fail("%ld %ld\n",
-						now.tv_sec, tst.tv_sec);
-		}
-
-		/* Check for proper vvar offsets after execve. */
-		snprintf(now_str, sizeof(now_str), "%ld", now.tv_sec + OFFSET);
-		execve("/proc/self/exe", cargv, cenv);
-		return pr_perror("execve");
-	}
-
-	if (waitpid(pid, &status, 0) !=3D pid)
-		return pr_perror("waitpid");
-
-	if (status)
-		ksft_exit_fail();
-
-	ksft_test_result_pass("exec\n");
-	ksft_exit_pass();
-	return 0;
-}
--=20
2.37.2.789.g6183377224-goog
From nobody Mon Apr  6 00:09:41 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CFEE3C6FA89
	for <linux-kernel@archiver.kernel.org>; Tue, 13 Sep 2022 10:26:56 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231592AbiIMK0g (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 13 Sep 2022 06:26:36 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54114 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231336AbiIMK0A (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 13 Sep 2022 06:26:00 -0400
Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com
 [IPv6:2607:f8b0:4864:20::1049])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 313D55A15C
        for <linux-kernel@vger.kernel.org>;
 Tue, 13 Sep 2022 03:25:59 -0700 (PDT)
Received: by mail-pj1-x1049.google.com with SMTP id
 z9-20020a17090a468900b00202fdb32ba1so537224pjf.1
        for <linux-kernel@vger.kernel.org>;
 Tue, 13 Sep 2022 03:25:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date;
        bh=jlhxEjacrUXFFi1ZtwUhaZWjvyeFcTUPpP6i3fefSGA=;
        b=f8DwEOjF8b59P9liAfzm1E6WgZtwDe9js4oTGS4Vpmdj0dv6wtgIaNVPbhko8S4ijL
         fZGjCd9LO1mZ1YNjsgonSY604Q4j75Dqisn+5r7klOXWiVanIjc2fI/i/B+mqSKWEsvm
         jaBYyeyfN5BrFBhVAz26fwB0jpGQCfDImv7RMImNXl4CmOdzcfL/jVF6kUjetHAtO7tC
         3vnqhoT/FCEY3HMwnlzCUVQw/kFCpOF3720yWSkInrVP6B+LBRHRz17rqVRH2HfVxleP
         JwFYHHR+vojyO9/NPXaU0dOgMuIfVF56AVXtxF+za3I1P18lCdESNTMqkkHgc6tpiGl3
         kSFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date;
        bh=jlhxEjacrUXFFi1ZtwUhaZWjvyeFcTUPpP6i3fefSGA=;
        b=LpVHA8ydpzQz+pRqumm/2ruSHj6v8iG5gOVaUXMVBT+b2n+PKzDs0FLY6JS1EIUyHe
         PYLqwxiH/V4D5E2T0YdMhsySHjniA1GZ/3VVrBWMJC+aJBVBWyQHQp6Xd9Ozif8H2B0+
         76y/QlU05dA33GHiKdUJfv/BhVAxLSbussyEEV58Y/Pi4oggdGiQnL7407MGa7kyeNFh
         ZSWjALvcb9CCfCYYcssrpCYyA3OazsrFhy8SOLzqAjP9NvSfnJyDb3oCNJhG0+gjBJzo
         /tWnDN/FWR5Mc7EN3/FhfDE+oklBhTWGYkCbqPVtbHf9pWDxfRGK3ySMb2qP0RfFsvdR
         spNQ==
X-Gm-Message-State: ACgBeo1MatcOG2yi7S38cwVQOf5f3WSeN7ARH4LAf8kuzQmLpooel55j
        Y/qm1rwaSWYg3lTOuohoJDQL7ioMN50=
X-Google-Smtp-Source: 
 AA6agR4tdC6f5JLWMiJU9LqIhVMUHBU74OPe/LWAUhtSbu6hfgNg8El5ogyAuqWknBCQ7INzbCC6BDoeLiw=
X-Received: from avagin.kir.corp.google.com
 ([2620:15c:29:204:d94b:8d9d:2b23:6608])
 (user=avagin job=sendgmr) by 2002:a63:211c:0:b0:431:af8c:77e4 with SMTP id
 h28-20020a63211c000000b00431af8c77e4mr27727839pgh.614.1663064758784; Tue, 13
 Sep 2022 03:25:58 -0700 (PDT)
Date: Tue, 13 Sep 2022 03:25:51 -0700
In-Reply-To: <20220913102551.1121611-1-avagin@google.com>
Mime-Version: 1.0
References: <20220913102551.1121611-1-avagin@google.com>
X-Mailer: git-send-email 2.37.2.789.g6183377224-goog
Message-ID: <20220913102551.1121611-3-avagin@google.com>
Subject: [PATCH 2/2] Revert "fs/exec: allow to unshare a time namespace on
 vfork+exec"
From: Andrei Vagin <avagin@google.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, Andrei Vagin <avagin@google.com>,
        Andrei Vagin <avagin@gmail.com>,
        Alexey Izbyshev <izbyshev@ispras.ru>,
        Christian Brauner <brauner@kernel.org>,
        Dmitry Safonov <0x7f454c46@gmail.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Florian Weimer <fweimer@redhat.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Andrei Vagin <avagin@gmail.com>

This reverts commit 133e2d3e81de5d9706cab2dd1d52d231c27382e5.

Alexey pointed out a few undesirable side effects of the reverted change.
First, it doesn't take into account that CLONE_VFORK can be used with
CLONE_THREAD. Second, a child process doesn't enter a target time name-spac=
e,
if its parent dies before the child calls exec. It happens because the pare=
nt
clears vfork_done.

Eric W. Biederman suggests installing a time namespace as a task gets a new=
 mm.
It includes all new processes cloned without CLONE_VM and all tasks that ca=
ll
exec(). This is an user API change, but we think there aren't users that de=
pend
on the old behavior.

It is too late to make such changes in this release, so let's roll back
this patch and introduce the right one in the next release.

Cc: Alexey Izbyshev <izbyshev@ispras.ru>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Dmitry Safonov <0x7f454c46@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
---
 fs/exec.c        | 7 -------
 kernel/fork.c    | 5 +----
 kernel/nsproxy.c | 3 +--
 3 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/fs/exec.c b/fs/exec.c
index 9a5ca7b82bfc..d046dbb9cbd0 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -65,7 +65,6 @@
 #include <linux/io_uring.h>
 #include <linux/syscall_user_dispatch.h>
 #include <linux/coredump.h>
-#include <linux/time_namespace.h>
=20
 #include <linux/uaccess.h>
 #include <asm/mmu_context.h>
@@ -979,12 +978,10 @@ static int exec_mmap(struct mm_struct *mm)
 {
 	struct task_struct *tsk;
 	struct mm_struct *old_mm, *active_mm;
-	bool vfork;
 	int ret;
=20
 	/* Notify parent that we're no longer interested in the old VM */
 	tsk =3D current;
-	vfork =3D !!tsk->vfork_done;
 	old_mm =3D current->mm;
 	exec_mm_release(tsk, old_mm);
 	if (old_mm)
@@ -1029,10 +1026,6 @@ static int exec_mmap(struct mm_struct *mm)
 	tsk->mm->vmacache_seqnum =3D 0;
 	vmacache_flush(tsk);
 	task_unlock(tsk);
-
-	if (vfork)
-		timens_on_fork(tsk->nsproxy, tsk);
-
 	if (old_mm) {
 		mmap_read_unlock(old_mm);
 		BUG_ON(active_mm !=3D old_mm);
diff --git a/kernel/fork.c b/kernel/fork.c
index 8a9e92068b15..2b6bd511c6ed 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2047,11 +2047,8 @@ static __latent_entropy struct task_struct *copy_pro=
cess(
 	/*
 	 * If the new process will be in a different time namespace
 	 * do not allow it to share VM or a thread group with the forking task.
-	 *
-	 * On vfork, the child process enters the target time namespace only
-	 * after exec.
 	 */
-	if ((clone_flags & (CLONE_VM | CLONE_VFORK)) =3D=3D CLONE_VM) {
+	if (clone_flags & (CLONE_THREAD | CLONE_VM)) {
 		if (nsp->time_ns !=3D nsp->time_ns_for_children)
 			return ERR_PTR(-EINVAL);
 	}
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index b4cbb406bc28..eec72ca962e2 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -179,8 +179,7 @@ int copy_namespaces(unsigned long flags, struct task_st=
ruct *tsk)
 	if (IS_ERR(new_ns))
 		return  PTR_ERR(new_ns);
=20
-	if ((flags & CLONE_VM) =3D=3D 0)
-		timens_on_fork(new_ns, tsk);
+	timens_on_fork(new_ns, tsk);
=20
 	tsk->nsproxy =3D new_ns;
 	return 0;
--=20
2.37.2.789.g6183377224-goog