From: Rodrigo Campos <rodrigo@sdfg.com.ar>
Date: Tue, 14 Mar 2023 11:45:06 +0000 (+0100)
Subject: vfs: Fix race condition on get_userns_fd()
X-Git-Tag: v2023.03.19~8
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f4f0038d5c48a15b6bd2ff23b2b4723c996de030;p=xfstests-dev.git

vfs: Fix race condition on get_userns_fd()

There is a race when we clone: we call a function that just returns
while at the same time we try to get the userns via /proc/pid/ns/user.
The thing is that when the function returns, in the kernel do_exit()
from kernel/exit.c is called, which calls exit_task_namespaces() to destroy
the namespaces.

So, let's wait indefinitely there and add an _exit() call to avoid
warnings. We are already sending a SIGKILL to this pid, so nothing else
remaining to not leak the process.

Signed-off-by: Rodrigo Campos <rodrigo@sdfg.com.ar>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Zorro Lang <zlang@kernel.org>
---

diff --git a/src/vfs/utils.c b/src/vfs/utils.c
index ea7536c1..2331a3b7 100644
--- a/src/vfs/utils.c
+++ b/src/vfs/utils.c
@@ -60,7 +60,9 @@ pid_t do_clone(int (*fn)(void *), void *arg, int flags)
 
 static int get_userns_fd_cb(void *data)
 {
-	return 0;
+	for (;;)
+		pause();
+	_exit(0);
 }
 
 int wait_for_pid(pid_t pid)