From: Kees Cook <keescook@chromium.org>
To: Christian Brauner <christian.brauner@ubuntu.com>
Cc: "David S. Miller" <davem@davemloft.net>,
Christoph Hellwig <hch@lst.de>,
Christian Brauner <christian@brauner.io>,
Sargun Dhillon <sargun@sargun.me>,
Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/2] Use __scm_install_fd() more widely
Date: Wed, 10 Jun 2020 10:03:03 -0700 [thread overview]
Message-ID: <202006101001.6738CA0@keescook> (raw)
In-Reply-To: <20200610094735.7ewsvrfhhpioq5xe@wittgenstein>
On Wed, Jun 10, 2020 at 11:47:35AM +0200, Christian Brauner wrote:
> On Tue, Jun 09, 2020 at 09:52:12PM -0700, Kees Cook wrote:
> > Hi,
> >
> > This extends the recent work hch did for scm_detach_fds(), and updates
> > the compat path as well, fixing bugs in the process. Additionally,
> > an effectively incomplete and open-coded __scm_install_fd() is fixed
> > in pidfd_getfd().
>
> Since __scm_detach_fds() becomes something that is available outside of
> net/* should we provide a static inline wrapper under a different name? The
> "socket-level control message" prefix seems a bit odd in pidfd_getfd()
> and - once we make use of it there - seccomp.
>
> I'd suggest we do:
>
> static inline int fd_install_received(struct file *file, unsigned int flags)
> {
> return __scm_install_fd(file, NULL, flags);
> }
>
> which can be called in pidfd_getfd() and once we have other callers that
> want the additional put_user() (e.g. seccomp_ in there we simply add:
>
> static inline fd_install_user(struct file *file, unsigned int flags, int __user *ufd)
> {
> return __scm_install_fd(file, ufd, flags);
> }
>
> and seems the wrappers both could happily live in the fs part of the world?
I combined your and Sargun's suggestions. (It can't live in any more
net/core/scm.c in the case of CONFIG_NET=n, but the wrappers make the
changes much nicer looking.)
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=devel/seccomp/addfd/v3.2
If 0-day doesn't kick anything back on this tree, I'll resend the
series...
--
Kees Cook
next prev parent reply other threads:[~2020-06-10 17:03 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-10 4:52 [PATCH 0/2] Use __scm_install_fd() more widely Kees Cook
2020-06-10 4:52 ` [PATCH 1/2] net/scm: Regularize compat handling of scm_detach_fds() Kees Cook
2020-06-10 4:52 ` [PATCH 2/2] pidfd: Replace open-coded partial __scm_install_fd() Kees Cook
2020-06-10 6:09 ` kernel test robot
2020-06-10 6:36 ` kernel test robot
2020-06-10 16:45 ` Sargun Dhillon
2020-06-10 9:47 ` [PATCH 0/2] Use __scm_install_fd() more widely Christian Brauner
2020-06-10 14:52 ` Kees Cook
2020-06-10 17:03 ` Kees Cook [this message]
2020-06-10 18:38 ` Jakub Kicinski
2020-06-10 19:45 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202006101001.6738CA0@keescook \
--to=keescook@chromium.org \
--cc=christian.brauner@ubuntu.com \
--cc=christian@brauner.io \
--cc=davem@davemloft.net \
--cc=hch@lst.de \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sargun@sargun.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.