From: "Serge E. Hallyn" <serge.hallyn@canonical.com>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: "Serge E. Hallyn" <serge@hallyn.com>, Greg KH <greg@kroah.com>,
Oleg Nesterov <oleg@redhat.com>,
lkml <linux-kernel@vger.kernel.org>,
richard@nod.at, Andrew Morton <akpm@google.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Tejun Heo <tj@kernel.org>,
linux-usb@vger.kernel.org
Subject: Re: [PATCH resend] user namespace: usb: make usb urbs user namespace aware (v2)
Date: Fri, 23 Sep 2011 11:06:53 -0500 [thread overview]
Message-ID: <20110923160653.GB3502@sergelap> (raw)
In-Reply-To: <Pine.LNX.4.44L0.1109231137380.2059-100000@iolanthe.rowland.org>
Quoting Alan Stern (stern@rowland.harvard.edu):
> On Fri, 23 Sep 2011, Serge E. Hallyn wrote:
>
> > (re-sending to Cc: Greg and linux-usb)
> >
> > Add to the dev_state and alloc_async structures the user namespace
> > corresponding to the uid and euid. Pass these to kill_pid_info_as_uid(),
> > which can then implement a proper, user-namespace-aware uid check.
> >
> > Changelog:
> > Sep 20: Per Oleg's suggestion: Instead of caching and passing user namespace,
> > uid, and euid each separately, pass a struct cred.
>
> This should be broken up into two separate patches: One to add
> kill_pid_info_as_cred() and the other to modify the usbfs driver.
It seems like that would make the first patch harder to review (since
it won't just show the changes from kill_pid_info_as_uid to
kill_pid_info_as_cred), but I'll go ahead and split it up. I assume
kill_pid_info_as_uid should be removed in a third patch?
> > --- a/drivers/usb/core/devio.c
> > +++ b/drivers/usb/core/devio.c
>
> > @@ -393,9 +395,8 @@ static void async_compled ted(struct urb *urb)
> > struct dev_state *ps = as->ps;
> > struct siginfo sinfo;
> > struct pid *pid = NULL;
> > - uid_t uid = 0;
> > - uid_t euid = 0;
> > u32 secid = 0;
> > + const struct cred *cred = NULL;
> > int signr;
> >
> > spin_lock(&ps->lock);
> > @@ -408,8 +409,7 @@ static void async_completed(struct urb *urb)
> > sinfo.si_code = SI_ASYNCIO;
> > sinfo.si_addr = as->userurb;
> > pid = as->pid;
> > - uid = as->uid;
> > - euid = as->euid;
> > + cred = as->cred;
> > secid = as->secid;
> > }
> > snoop(&urb->dev->dev, "urb complete\n");
> > @@ -423,8 +423,7 @@ static void async_completed(struct urb *urb)
> > spin_unlock(&ps->lock);
> >
> > if (signr)
> > - kill_pid_info_as_uid(sinfo.si_signo, &sinfo, pid, uid,
> > - euid, secid);
> > + kill_pid_info_as_cred(sinfo.si_signo, &sinfo, pid, cred, secid);
>
> This continues a bug that already exists in the current code. Once
> ps->lock is released, there is no guarantee that the async structure
> will still exist. It may already have been freed, and the reference to
Yikes. That makes sense. I'll fix that for the cred and the pid as well
then?
> as->cred may already have been dropped. That's why the local copies
> have to be made above. cred shouldn't be a simple copy of as->cred; it
> should also increment the reference count.
>
> > @@ -706,8 +705,7 @@ static int usbdev_open(struct inode *inode, struct file *file)
> > init_waitqueue_head(&ps->wait);
> > ps->discsignr = 0;
> > ps->disc_pid = get_pid(task_pid(current));
> > - ps->disc_uid = cred->uid;
> > - ps->disc_euid = cred->euid;
> > + ps->cred = get_cred(cred);
>
> You might as well get rid of the "cred" local variable. It isn't used
> for anything except this assignment.
>
> Alan Stern
Thanks for looking, Alan.
-serge
next prev parent reply other threads:[~2011-09-23 16:07 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-19 21:45 [PATCH] user namespace: make signal.c respect user namespaces Serge E. Hallyn
2011-09-19 21:47 ` [PATCH] user namespace: usb: make usb urbs user namespace aware Serge E. Hallyn
2011-09-20 13:17 ` Oleg Nesterov
2011-09-20 13:33 ` Serge E. Hallyn
2011-09-21 5:01 ` [PATCH] user namespace: usb: make usb urbs user namespace aware (v2) Serge E. Hallyn
2011-09-21 18:31 ` Oleg Nesterov
2011-09-21 19:12 ` Serge E. Hallyn
2011-09-21 19:18 ` Greg KH
2011-09-23 1:27 ` [PATCH resend] " Serge E. Hallyn
2011-09-23 15:48 ` Alan Stern
2011-09-23 16:06 ` Serge E. Hallyn [this message]
2011-09-23 16:21 ` Alan Stern
2011-09-23 17:22 ` Serge E. Hallyn
2011-09-23 18:35 ` Alan Stern
2011-09-20 12:22 ` [PATCH] user namespace: make signal.c respect user namespaces Oleg Nesterov
2011-09-20 12:44 ` Serge E. Hallyn
2011-09-20 13:41 ` Oleg Nesterov
2011-09-20 14:39 ` [PATCH 0/2] (Was: user namespace: make signal.c respect user namespaces) Oleg Nesterov
2011-09-20 14:39 ` [PATCH 1/2] creds: kill __task_cred()->task_is_dead() check Oleg Nesterov
2011-09-20 15:14 ` drivers/staging/usbip/ abuses task_is_dead/exit_state Oleg Nesterov
2011-09-20 18:38 ` Greg KH
2012-03-06 17:39 ` ping: " Oleg Nesterov
2012-03-06 19:30 ` Tobias Klauser
2012-03-08 18:57 ` Oleg Nesterov
2012-03-13 11:45 ` Tobias Klauser
2012-03-13 18:07 ` [PATCH] staging: usbip: fix the usage of kthread_stop() Oleg Nesterov
2012-04-01 23:17 ` Oleg Nesterov
2012-04-02 8:11 ` Tobias Klauser
2011-09-20 15:28 ` [PATCH 1/2] creds: kill __task_cred()->task_is_dead() check Paul E. McKenney
2011-09-20 15:40 ` Oleg Nesterov
2011-09-20 15:48 ` Paul E. McKenney
2011-09-20 16:27 ` David Howells
2011-09-20 14:39 ` [PATCH 2/2] creds: __task_cred(current) doesn't need rcu_read_lock_held() Oleg Nesterov
2011-09-20 15:07 ` Serge Hallyn
2011-09-20 15:35 ` Oleg Nesterov
2011-09-20 16:19 ` David Howells
2011-09-20 16:38 ` Oleg Nesterov
2011-09-20 16:50 ` David Howells
2011-09-20 17:13 ` Oleg Nesterov
2011-09-20 15:39 ` [PATCH] user namespace: make signal.c respect user namespaces Serge Hallyn
2011-09-20 16:24 ` Oleg Nesterov
2011-09-20 16:45 ` Serge E. Hallyn
2011-09-20 18:17 ` Oleg Nesterov
2011-09-21 5:00 ` [PATCH] user namespace: make signal.c respect user namespaces (v2) Serge E. Hallyn
2011-09-20 17:48 ` [PATCH] user namespace: make signal.c respect user namespaces Oleg Nesterov
2011-09-20 18:53 ` Serge E. Hallyn
2011-09-21 17:53 ` Oleg Nesterov
2011-09-22 15:23 ` Serge Hallyn
2011-09-23 16:31 ` Serge E. Hallyn
2011-09-23 17:36 ` Oleg Nesterov
2011-09-23 21:20 ` Serge E. Hallyn
2011-09-24 16:37 ` Oleg Nesterov
2011-09-25 20:17 ` Serge E. Hallyn
2011-09-26 16:06 ` Oleg Nesterov
2011-09-27 14:28 ` Serge Hallyn
2011-09-27 14:38 ` Oleg Nesterov
2011-09-27 15:27 ` Serge Hallyn
2011-09-27 17:12 ` Oleg Nesterov
2011-10-04 17:42 ` Serge E. Hallyn
2011-10-09 19:00 ` Oleg Nesterov
2011-10-11 13:08 ` Serge E. Hallyn
2011-10-08 20:02 ` Serge E. Hallyn
2011-10-09 19:03 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110923160653.GB3502@sergelap \
--to=serge.hallyn@canonical.com \
--cc=akpm@google.com \
--cc=ebiederm@xmission.com \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=richard@nod.at \
--cc=serge@hallyn.com \
--cc=stern@rowland.harvard.edu \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.