From: Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
To: David Laight <David.Laight-ZS65k/vG3HxXrIkS9f7CXA@public.gmane.org>
Cc: 'Sargun Dhillon' <sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>,
Christian Brauner
<christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>,
"containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org"
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Giuseppe Scrivano
<gscrivan-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Robert Sesek <rsesek-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Chris Palmer <palmer-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Jann Horn <jannh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
"linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Matt Denton <mpdenton-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
"linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
"cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"David S . Miller"
<davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
Subject: Re: [PATCH v3 1/4] fs, net: Standardize on file_receive helper to move fds across processes
Date: Wed, 10 Jun 2020 20:02:42 -0700 [thread overview]
Message-ID: <202006102001.E9779DFA5B@keescook> (raw)
In-Reply-To: <40d76a9a4525414a8c9809cd29a7ba8e-1XygrNkDbNvwg4NCKwmqgw@public.gmane.org>
On Wed, Jun 10, 2020 at 08:48:45AM +0000, David Laight wrote:
> From: Sargun Dhillon
> > Sent: 10 June 2020 09:13
> In essence the 'copy_to_user' is done by the wrapper code.
> The code filling in the CMSG buffer can be considered to be
> writing a kernel buffer.
>
> IIRC other kernels (eg NetBSD) do the copies for ioctl() requests
> in the ioctl syscall wrapper.
> The IOW/IOR/IOWR flags have to be right.
Yeah, this seems like it'd make a lot more sense (and would have easily
caught the IOR/IOW issue pointed out later in the thread). I wonder how
insane it would be to try to fix that globally in the kernel...
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: David Laight <David.Laight@ACULAB.COM>
Cc: 'Sargun Dhillon' <sargun@sargun.me>,
Christian Brauner <christian.brauner@ubuntu.com>,
"containers@lists.linux-foundation.org"
<containers@lists.linux-foundation.org>,
Giuseppe Scrivano <gscrivan@redhat.com>,
Robert Sesek <rsesek@google.com>,
Chris Palmer <palmer@google.com>, Jann Horn <jannh@google.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Matt Denton <mpdenton@google.com>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
Tejun Heo <tj@kernel.org>, Al Viro <viro@zeniv.linux.org.uk>,
"cgroups@vger.kernel.org" <cgroups@vger.kernel.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>,
"David S . Miller" <davem@davemloft.net>
Subject: Re: [PATCH v3 1/4] fs, net: Standardize on file_receive helper to move fds across processes
Date: Wed, 10 Jun 2020 20:02:42 -0700 [thread overview]
Message-ID: <202006102001.E9779DFA5B@keescook> (raw)
In-Reply-To: <40d76a9a4525414a8c9809cd29a7ba8e@AcuMS.aculab.com>
On Wed, Jun 10, 2020 at 08:48:45AM +0000, David Laight wrote:
> From: Sargun Dhillon
> > Sent: 10 June 2020 09:13
> In essence the 'copy_to_user' is done by the wrapper code.
> The code filling in the CMSG buffer can be considered to be
> writing a kernel buffer.
>
> IIRC other kernels (eg NetBSD) do the copies for ioctl() requests
> in the ioctl syscall wrapper.
> The IOW/IOR/IOWR flags have to be right.
Yeah, this seems like it'd make a lot more sense (and would have easily
caught the IOR/IOW issue pointed out later in the thread). I wonder how
insane it would be to try to fix that globally in the kernel...
--
Kees Cook
next prev parent reply other threads:[~2020-06-11 3:02 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-03 1:10 [PATCH v3 0/4] Add seccomp notifier ioctl that enables adding fds Sargun Dhillon
[not found] ` <20200603011044.7972-1-sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>
2020-06-03 1:10 ` [PATCH v3 1/4] fs, net: Standardize on file_receive helper to move fds across processes Sargun Dhillon
2020-06-03 1:10 ` Sargun Dhillon
[not found] ` <20200603011044.7972-2-sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>
2020-06-04 1:24 ` Christian Brauner
2020-06-04 1:24 ` Christian Brauner
2020-06-04 2:22 ` Kees Cook
2020-06-04 5:20 ` Sargun Dhillon
2020-06-04 12:52 ` Christian Brauner
2020-06-04 13:28 ` David Laight
2020-06-04 13:28 ` David Laight
2020-06-05 7:54 ` Sargun Dhillon
2020-06-09 19:43 ` Kees Cook
2020-06-09 20:03 ` Christian Brauner
2020-06-09 20:03 ` Christian Brauner
2020-06-09 20:55 ` Kees Cook
2020-06-09 21:27 ` Christian Brauner
[not found] ` <037A305F-B3F8-4CFA-B9F8-CD4C9EF9090B-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
2020-06-10 5:27 ` Kees Cook
2020-06-10 5:27 ` Kees Cook
2020-06-10 8:12 ` Sargun Dhillon
2020-06-10 8:48 ` David Laight
2020-06-10 8:48 ` David Laight
[not found] ` <40d76a9a4525414a8c9809cd29a7ba8e-1XygrNkDbNvwg4NCKwmqgw@public.gmane.org>
2020-06-11 3:02 ` Kees Cook [this message]
2020-06-11 3:02 ` Kees Cook
2020-06-11 7:51 ` David Laight
2020-06-11 7:51 ` David Laight
[not found] ` <20200610081237.GA23425-du9IEJ8oIxHXYT48pCVpJ3c7ZZ+wIVaZYkHkVr5ML8kVGlcevz2xqA@public.gmane.org>
2020-06-10 17:10 ` Kees Cook
2020-06-10 17:10 ` Kees Cook
2020-06-11 2:59 ` Kees Cook
2020-06-11 2:59 ` Kees Cook
2020-06-11 4:41 ` Sargun Dhillon
2020-06-11 4:41 ` Sargun Dhillon
2020-06-11 9:19 ` Christian Brauner
2020-06-11 10:39 ` Sargun Dhillon
2020-06-11 23:23 ` Kees Cook
2020-06-11 10:01 ` Christian Brauner
2020-06-11 10:01 ` Christian Brauner
2020-06-11 11:06 ` Sargun Dhillon
[not found] ` <20200611110630.GB30103-du9IEJ8oIxHXYT48pCVpJ3c7ZZ+wIVaZYkHkVr5ML8kVGlcevz2xqA@public.gmane.org>
2020-06-11 14:42 ` Christian Brauner
2020-06-11 14:42 ` Christian Brauner
2020-06-11 14:56 ` David Laight
2020-06-11 23:49 ` Kees Cook
2020-06-11 23:49 ` Kees Cook
2020-06-12 6:58 ` Kees Cook
2020-06-12 6:58 ` Kees Cook
2020-06-12 8:36 ` David Laight
2020-06-12 8:36 ` David Laight
[not found] ` <94407449bedd4ba58d85446401ff0a42-1XygrNkDbNvwg4NCKwmqgw@public.gmane.org>
2020-06-12 10:46 ` Sargun Dhillon
2020-06-12 10:46 ` Sargun Dhillon
[not found] ` <20200612104629.GA15814-du9IEJ8oIxHXYT48pCVpJ3c7ZZ+wIVaZYkHkVr5ML8kVGlcevz2xqA@public.gmane.org>
2020-06-12 15:13 ` Kees Cook
2020-06-12 15:13 ` Kees Cook
2020-06-12 15:55 ` David Laight
2020-06-12 18:28 ` Christian Brauner
2020-06-12 18:38 ` Kees Cook
2020-06-12 18:42 ` Christian Brauner
2020-06-15 8:27 ` David Laight
2020-06-10 9:30 ` Christian Brauner
2020-06-10 9:30 ` Christian Brauner
2020-06-04 3:39 ` Sargun Dhillon
2020-06-03 1:10 ` [PATCH v3 2/4] pid: Use file_receive helper to copy FDs Sargun Dhillon
2020-06-03 1:10 ` Sargun Dhillon
2020-06-03 1:10 ` [PATCH v3 3/4] seccomp: Introduce addfd ioctl to seccomp user notifier Sargun Dhillon
2020-06-03 1:10 ` [PATCH v3 4/4] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD Sargun Dhillon
2020-06-03 21:25 ` [PATCH v3 0/4] Add seccomp notifier ioctl that enables adding fds Robert Sesek
2020-06-03 23:42 ` Kees Cook
2020-06-03 23:56 ` Sargun Dhillon
2020-06-04 2:44 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202006102001.E9779DFA5B@keescook \
--to=keescook-f7+t8e8rja9g9huczpvpmw@public.gmane.org \
--cc=David.Laight-ZS65k/vG3HxXrIkS9f7CXA@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=gscrivan-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=jannh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mpdenton-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=palmer-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=rsesek-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org \
--cc=stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.