vfs: Fix race condition on get_userns_fd()

There is a race when we clone: we call a function that just returns
while at the same time we try to get the userns via /proc/pid/ns/user.
The thing is that when the function returns, in the kernel do_exit()
from kernel/exit.c is called, which calls exit_task_namespaces() to destroy
the namespaces.

So, let's wait indefinitely there and add an _exit() call to avoid
warnings. We are already sending a SIGKILL to this pid, so nothing else
remaining to not leak the process.

Signed-off-by: Rodrigo Campos <rodrigo@sdfg.com.ar>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Zorro Lang <zlang@kernel.org>

diff --git a/src/vfs/utils.c b/src/vfs/utils.c
index ea7536c17c0fbad45e08981db6fa4f40b8624342..2331a3b7cbcad3ba16be6bdd9494d475c68f5bf1 100644 (file)
--- a/src/vfs/utils.c
+++ b/src/vfs/utils.c
@@ -60,7 +60,9 @@ pid_t do_clone(int (*fn)(void *), void *arg, int flags)
 
 static int get_userns_fd_cb(void *data)
 {
-       return 0;
+       for (;;)
+               pause();
+       _exit(0);
 }
 
 int wait_for_pid(pid_t pid)