From: Kees Cook <keescook@chromium.org>
To: Sargun Dhillon <sargun@sargun.me>
Cc: LKML <linux-kernel@vger.kernel.org>,
Tycho Andersen <tycho@tycho.ws>,
Matt Denton <mpdenton@google.com>, Jann Horn <jannh@google.com>,
Chris Palmer <palmer@google.com>,
Aleksa Sarai <cyphar@cyphar.com>,
Robert Sesek <rsesek@google.com>,
Christian Brauner <christian.brauner@ubuntu.com>,
Linux Containers <containers@lists.linux-foundation.org>,
Giuseppe Scrivano <gscrivan@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH v3 0/4] Add seccomp notifier ioctl that enables adding fds
Date: Wed, 3 Jun 2020 19:44:03 -0700 [thread overview]
Message-ID: <202006031923.C8017E342A@keescook> (raw)
In-Reply-To: <CAMp4zn-8iSozHvgqXBPKz-ux7HH6T4Dj9p0fA3fs_e7ZwEPZRg@mail.gmail.com>
On Wed, Jun 03, 2020 at 04:56:59PM -0700, Sargun Dhillon wrote:
> On Wed, Jun 3, 2020 at 4:42 PM Kees Cook <keescook@chromium.org> wrote:
> >
> > On Tue, Jun 02, 2020 at 06:10:40PM -0700, Sargun Dhillon wrote:
> > > Sargun Dhillon (4):
> > > fs, net: Standardize on file_receive helper to move fds across
> > > processes
> > > pid: Use file_receive helper to copy FDs
> >
> > The fixes (that should add open-coded cgroups stuff) should be separate
> > patches so they can be backported.
> Patch 1/4, and 2/4 are separated so they can be backported. Patch 1 should
> go into long term, and patch 2 should land in stable.
>
> Do you see anything in 1/4, and 2/4 that shouldn't be there?
So, my thinking was to open code the fixes to minimize the code churn
in the -stable trees and isolate logical changes. However, in looking
at the commits (3.6, 3.8) and the age of the rest of the nearby code in
SCM_RIGHTS (3.7), and the actual oldest supported kernel release (3.16),
I guess it would be better to split it like you've done.
> > The helper doesn't take the __user pointer I thought we'd agreed it
> > should to avoid changing any SCM_RIGHTS behaviors?
> >
> It doesn't change the SCM_RIGHTS behaviour because it continues
> to have the logic which allocates the file descriptor outside of the
> helper.
> 1. Allocate FD (this happens in scm.c)
> 2. Copy FD # to userspace (this happens in scm.c)
> 3. Receive FD (this happens in the new helper)
Sorry, I was not writing very clearly: I was meaning to have said:
I was expecting the helper to take the __user pointer (like I thought
we agreed[1]) so we could both avoid changing SCM_RIGHTS behavior and
avoid copy/pasting of the get_unused/put_unused code in 3 places. (I
get into this more in the other thread[2]).
So, let's finalize this decision in the thread at [2]. Again, sorry I
wasted your time due to my confusion!
-Kees
[1] Apologies, I misread your "1" in [3] to be "suggestion 1" from the
quoted text from me in that email, rather than the "[1]" it was,
which was a link to your counter-proposal. And then I wasted your
time by saying "agreed".
[2] https://lore.kernel.org/lkml/202006031845.F587F85A@keescook/
[3] https://lore.kernel.org/lkml/20200530011054.GA14852@ircssh-2.c.rugged-nimbus-611.internal/
--
Kees Cook
prev parent reply other threads:[~2020-06-04 2:44 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-03 1:10 [PATCH v3 0/4] Add seccomp notifier ioctl that enables adding fds Sargun Dhillon
[not found] ` <20200603011044.7972-1-sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>
2020-06-03 1:10 ` [PATCH v3 1/4] fs, net: Standardize on file_receive helper to move fds across processes Sargun Dhillon
2020-06-03 1:10 ` Sargun Dhillon
[not found] ` <20200603011044.7972-2-sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>
2020-06-04 1:24 ` Christian Brauner
2020-06-04 1:24 ` Christian Brauner
2020-06-04 2:22 ` Kees Cook
2020-06-04 5:20 ` Sargun Dhillon
2020-06-04 12:52 ` Christian Brauner
2020-06-04 13:28 ` David Laight
2020-06-04 13:28 ` David Laight
2020-06-05 7:54 ` Sargun Dhillon
2020-06-09 19:43 ` Kees Cook
2020-06-09 20:03 ` Christian Brauner
2020-06-09 20:03 ` Christian Brauner
2020-06-09 20:55 ` Kees Cook
2020-06-09 21:27 ` Christian Brauner
[not found] ` <037A305F-B3F8-4CFA-B9F8-CD4C9EF9090B-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
2020-06-10 5:27 ` Kees Cook
2020-06-10 5:27 ` Kees Cook
2020-06-10 8:12 ` Sargun Dhillon
2020-06-10 8:48 ` David Laight
2020-06-10 8:48 ` David Laight
[not found] ` <40d76a9a4525414a8c9809cd29a7ba8e-1XygrNkDbNvwg4NCKwmqgw@public.gmane.org>
2020-06-11 3:02 ` Kees Cook
2020-06-11 3:02 ` Kees Cook
2020-06-11 7:51 ` David Laight
2020-06-11 7:51 ` David Laight
[not found] ` <20200610081237.GA23425-du9IEJ8oIxHXYT48pCVpJ3c7ZZ+wIVaZYkHkVr5ML8kVGlcevz2xqA@public.gmane.org>
2020-06-10 17:10 ` Kees Cook
2020-06-10 17:10 ` Kees Cook
2020-06-11 2:59 ` Kees Cook
2020-06-11 2:59 ` Kees Cook
2020-06-11 4:41 ` Sargun Dhillon
2020-06-11 4:41 ` Sargun Dhillon
2020-06-11 9:19 ` Christian Brauner
2020-06-11 10:39 ` Sargun Dhillon
2020-06-11 23:23 ` Kees Cook
2020-06-11 10:01 ` Christian Brauner
2020-06-11 10:01 ` Christian Brauner
2020-06-11 11:06 ` Sargun Dhillon
[not found] ` <20200611110630.GB30103-du9IEJ8oIxHXYT48pCVpJ3c7ZZ+wIVaZYkHkVr5ML8kVGlcevz2xqA@public.gmane.org>
2020-06-11 14:42 ` Christian Brauner
2020-06-11 14:42 ` Christian Brauner
2020-06-11 14:56 ` David Laight
2020-06-11 23:49 ` Kees Cook
2020-06-11 23:49 ` Kees Cook
2020-06-12 6:58 ` Kees Cook
2020-06-12 6:58 ` Kees Cook
2020-06-12 8:36 ` David Laight
2020-06-12 8:36 ` David Laight
[not found] ` <94407449bedd4ba58d85446401ff0a42-1XygrNkDbNvwg4NCKwmqgw@public.gmane.org>
2020-06-12 10:46 ` Sargun Dhillon
2020-06-12 10:46 ` Sargun Dhillon
[not found] ` <20200612104629.GA15814-du9IEJ8oIxHXYT48pCVpJ3c7ZZ+wIVaZYkHkVr5ML8kVGlcevz2xqA@public.gmane.org>
2020-06-12 15:13 ` Kees Cook
2020-06-12 15:13 ` Kees Cook
2020-06-12 15:55 ` David Laight
2020-06-12 18:28 ` Christian Brauner
2020-06-12 18:38 ` Kees Cook
2020-06-12 18:42 ` Christian Brauner
2020-06-15 8:27 ` David Laight
2020-06-10 9:30 ` Christian Brauner
2020-06-10 9:30 ` Christian Brauner
2020-06-04 3:39 ` Sargun Dhillon
2020-06-03 1:10 ` [PATCH v3 2/4] pid: Use file_receive helper to copy FDs Sargun Dhillon
2020-06-03 1:10 ` Sargun Dhillon
2020-06-03 1:10 ` [PATCH v3 3/4] seccomp: Introduce addfd ioctl to seccomp user notifier Sargun Dhillon
2020-06-03 1:10 ` [PATCH v3 4/4] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD Sargun Dhillon
2020-06-03 21:25 ` [PATCH v3 0/4] Add seccomp notifier ioctl that enables adding fds Robert Sesek
2020-06-03 23:42 ` Kees Cook
2020-06-03 23:56 ` Sargun Dhillon
2020-06-04 2:44 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202006031923.C8017E342A@keescook \
--to=keescook@chromium.org \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux-foundation.org \
--cc=cyphar@cyphar.com \
--cc=gregkh@linuxfoundation.org \
--cc=gscrivan@redhat.com \
--cc=jannh@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mpdenton@google.com \
--cc=palmer@google.com \
--cc=rsesek@google.com \
--cc=sargun@sargun.me \
--cc=tycho@tycho.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.