[CRIU] [PATCH] check: try to call clone with CLONE_NEWPID and CLONE_PARENT

Andrey Vagin avagin at openvz.org
Tue Jun 30 04:12:07 PDT 2015


This combination was forbidden in 3.12
commit 40a0d32d1eaffe6aac7324ca92604b6b3977eb0e :
"fork: unify and tighten up CLONE_NEWUSER/CLONE_NEWPID checks"

and then it was permited again in 3.13:
commit 1f7f4dde5c945f41a7abc2285be43d918029ecc5
fork:  Allow CLONE_PARENT after setns(CLONE_NEWPID)

Cc: Adrian Reber <adrian at lisas.de>
Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 cr-check.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/cr-check.c b/cr-check.c
index 7cf796a..bf1b729 100644
--- a/cr-check.c
+++ b/cr-check.c
@@ -688,6 +688,33 @@ static int check_fdinfo_lock(void)
 	return 0;
 }
 
+struct clone_arg {
+	/*
+	 * Reserve some space for clone() to locate arguments
+	 * and retcode in this place
+	 */
+	char stack[128] __attribute__((aligned (8)));
+	char stack_ptr[0];
+};
+
+static int clone_cb(void *_arg) {
+	exit(0);
+}
+
+static int check_clone_parent_vs_pid()
+{
+	struct clone_arg ca;
+	pid_t pid;
+
+	pid = clone(clone_cb, ca.stack_ptr, CLONE_NEWPID | CLONE_PARENT, &ca);
+	if (pid < 0) {
+		pr_err("CLONE_PARENT | CLONE_NEWPID don't work together\n");
+		return -1;
+	}
+
+	return 0;
+}
+
 static int (*chk_feature)(void);
 
 int cr_check(void)
@@ -741,6 +768,7 @@ int cr_check(void)
 	ret |= check_mnt_id();
 	ret |= check_aio_remap();
 	ret |= check_fdinfo_lock();
+	ret |= check_clone_parent_vs_pid();
 
 out:
 	if (!ret)
-- 
2.1.0



More information about the CRIU mailing list