[LTP] [PATCH v2] syscalls/clone09.c: add kernel version check

Jan Stancek jstancek@redhat.com
Fri Sep 22 10:57:40 CEST 2017



----- Original Message -----
> 1) On all kernels which support CONFIG_NET_NS, clone(2) only could return
>    EINVAL due to disabled CONFIG_NET_NS instead of unknown flags.  Please
>    see the following kernel code in net/core/net_namespace.c:
>    --------------------------------------------------------------------
>    struct net *copy_net_ns(unsigned long flags, struct net *old_net)
>    ...
>         #ifndef CONFIG_NET_NS
>                 return ERR_PTR(-EINVAL);
>         #endif
>    --------------------------------------------------------------------
> 
>    The support is introduced in kernel:
>    '9dd776b ("[NET]: Add network namespace clone & unshare support.")'
> 
> 2) Usually, a syscall flags should always include a check of the following
>    form in its implementation:
>    ---------------------------------
>    if (flags & ~(FL_XXX | FL_YYY))
>         return -EINVAL;
>    ---------------------------------
> 
>    This check could verify unknown flags, but clone(2) does not have the
>    check and just returns 0, this issue has been around for several years,
>    and it is hardly to be fixed since doing so would break existing
>    applications.
> 
>    Please see the following URL for detailed information:
>    https://lwn.net/Articles/588444/
> 
>    It is hard to make out whether CLONE_NEWNET is supported or not by
>    returned value and errno.
> 
>    According to above reasons and clone()'s manpage, i think we should
>    add kernel version check to skip this case on an old kernel and update
>    description about EINVAL.
> 

Pushed.

Thanks,
Jan


More information about the ltp mailing list