From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 5 Mar 2021 18:50:28 +0000 (+0100)
Subject: start: handle CLONE_PIDFD on arm64
X-Git-Tag: lxc-5.0.0~261^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=abd80bded6f39ef72f0206751c1553befd50d599;p=thirdparty%2Flxc.git

start: handle CLONE_PIDFD on arm64

Reported-by: Ondrej Kubik <ondrej.kubik@canonical.com>
Cc: stable-4.0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 301b81aeb..f2737a2de 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1714,7 +1714,26 @@ static int lxc_spawn(struct lxc_handler *handler)
 		/* Kernel might be too old for clone3(). */
 		if (handler->pid < 0) {
 			SYSTRACE("Failed to spawn container via clone3()");
+
+		/*
+		 * In contrast to all other architectures arm64 verifies that
+		 * the argument we use to retrieve the pidfd with is
+		 * initialized to 0. But we need to be able to initialize it to
+		 * a negative value such as our customary -EBADF so we can
+		 * detect whether this kernel supports pidfds. If the syscall
+		 * returns and the pidfd variable is set to something >= 0 then
+		 * we know this is a kernel supporting pidfds. But if we can't
+		 * set it to -EBADF then this won't work since 0 is a valid
+		 * file descriptor too. And since legacy clone silently ignores
+		 * unknown flags we are left without any way to detect support
+		 * for pidfds. So let's special-case arm64 to not fail starting
+		 * containers.
+		 */
+		#if defined(__aarch64__)
+			handler->pid = lxc_raw_legacy_clone(handler->clone_flags & ~CLONE_PIDFD, NULL);
+		#else
 			handler->pid = lxc_raw_legacy_clone(handler->clone_flags, &handler->pidfd);
+		#endif
 		}
 
 		if (handler->pid < 0) {