From patchwork Sat Jan 16 00:59:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: DJ Delorie X-Patchwork-Id: 41728 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 699CB385F029; Sat, 16 Jan 2021 00:59:20 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 699CB385F029 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1610758760; bh=fiunc/e7zTQuJbQzC+YT5NaOoQqT4XLHrhzAza2KRdY=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=mPHAlZsc6hBZ+JXickHyulJ6963IPUxlZbGpDrzzAswExvzpdCHgZx2xTLSmVppc0 1GM5OYC9PWHy4dbiMEHMqXF5j5J43tgV1foLOXgIeSoJTlwED7aAMQiDEcJ6Q4nRsv bkQvCPX9j8yNYZgrUvxLy35yxc4FQ2unuUTbWVto= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by sourceware.org (Postfix) with ESMTP id 10C4B385E021 for ; Sat, 16 Jan 2021 00:59:18 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 10C4B385E021 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-568-wh7o3p5JOVyVpMyJP17ZoQ-1; Fri, 15 Jan 2021 19:59:14 -0500 X-MC-Unique: wh7o3p5JOVyVpMyJP17ZoQ-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 883FA801FAE for ; Sat, 16 Jan 2021 00:59:13 +0000 (UTC) Received: from greed.delorie.com (ovpn-113-151.rdu2.redhat.com [10.10.113.151]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 546AF5D9C6 for ; Sat, 16 Jan 2021 00:59:13 +0000 (UTC) Received: from greed.delorie.com.redhat.com (localhost [127.0.0.1]) by greed.delorie.com (8.14.7/8.14.7) with ESMTP id 10G0xCjL013582 for ; Fri, 15 Jan 2021 19:59:12 -0500 Date: Fri, 15 Jan 2021 19:59:12 -0500 Message-Id: To: libc-alpha@sourceware.org Subject: nsswitch: do not reload if "/" changes X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: DJ Delorie via Libc-alpha From: DJ Delorie Reply-To: DJ Delorie Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" [Note: I tried putting this functionality in the file_change_detection module, but that didn't have enough persistence.] [Note: tested by instrumenting test-container.c and observing the instrumentation with test containers on the root fs and on a separate fs] https://sourceware.org/bugzilla/show_bug.cgi?id=27077 Before reloading nsswitch.conf, verify that the root directory hasn't changed - if it has, it's likely that we've entered a container and should not trust the nsswitch inside the container nor load any shared objects therein. diff --git a/nss/nss_database.c b/nss/nss_database.c index e719ec0865..580ea7b963 100644 --- a/nss/nss_database.c +++ b/nss/nss_database.c @@ -33,6 +33,11 @@ struct nss_database_state { struct nss_database_data data; __libc_lock_define (, lock); + /* If "/" changes, we switched into a container and do NOT want to + reload anything. This data must be persistent across + reloads. */ + ino64_t root_ino; + ino64_t root_dev; }; @@ -53,6 +58,8 @@ global_state_allocate (void *closure) memset (result->data.services, 0, sizeof (result->data.services)); result->data.initialized = true; result->data.reload_disabled = false; + result->root_ino = 0; + result->root_dev = 0; __libc_lock_init (result->lock); } return result; @@ -356,6 +363,8 @@ nss_database_check_reload_and_get (struct nss_database_state *local, nss_action_list *result, enum nss_database database_index) { + struct stat64 str; + /* Acquire MO is needed because the thread that sets reload_disabled may have loaded the configuration first, so synchronize with the Release MO store there. */ @@ -379,6 +388,25 @@ nss_database_check_reload_and_get (struct nss_database_state *local, __libc_lock_unlock (local->lock); return true; } + + /* Before we reload, verify that "/" hasn't changed. We assume that + errors here are very unlikely, but the chance that we're entering + a container is also very unlikely, so we err on the side of both + very unlikely things not happening at the same time. */ + if (__stat64 ("/", &str) == 0) + { + if (local->root_ino != 0 + && (str.st_ino != local->root_ino + || str.st_dev != local->root_dev)) + { + /* Change detected; disable reloading. */ + atomic_store_release (&local->data.reload_disabled, 1); + __libc_lock_unlock (local->lock); + return true; + } + local->root_ino = str.st_ino; + local->root_dev = str.st_dev; + } __libc_lock_unlock (local->lock); /* Avoid overwriting the global configuration until we have loaded diff --git a/nss/nss_database.h b/nss/nss_database.h index 1f827e6def..f94c629174 100644 --- a/nss/nss_database.h +++ b/nss/nss_database.h @@ -75,6 +75,10 @@ struct nss_database_data nss_action_list services[NSS_DATABASE_COUNT]; int reload_disabled; /* Actually bool; int for atomic access. */ bool initialized; + /* If "/" changes, we switched into a container and do NOT want to + reload anything. */ + ino64_t root_ino; + ino64_t root_dev; }; /* Called by fork in the parent process, before forking. */