From: "Günther Noack" <gnoack3000@gmail.com>
To: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com>
Cc: mic@digikod.net, willemdebruijn.kernel@gmail.com,
linux-security-module@vger.kernel.org, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org, yusongping@huawei.com,
artem.kuzin@huawei.com, konstantin.meskhidze@huawei.com
Subject: Re: [RFC PATCH v2 2/9] landlock: Support TCP listen access-control
Date: Sat, 5 Oct 2024 20:22:54 +0200 [thread overview]
Message-ID: <20241005.e820f4fae74e@gnoack.org> (raw)
In-Reply-To: <47ff2457-59e2-b08e-0bb4-5d7c70be2ad1@huawei-partners.com>
On Sat, Oct 05, 2024 at 08:53:55PM +0300, Mikhail Ivanov wrote:
> On 10/5/2024 7:56 PM, Günther Noack wrote:
> > On Wed, Aug 14, 2024 at 11:01:44AM +0800, Mikhail Ivanov wrote:
> > > + port = htons(inet_sk(sk)->inet_num);
> > > + release_sock(sk);
> > > + return check_access_socket(dom, port, LANDLOCK_ACCESS_NET_LISTEN_TCP);
> >
> > Nit: The last two lines could just be
> >
> > err = check_access_socket(...);
> >
> > and then you would only need the release_sock(sk) call in one place.
> > (And maybe rename the goto label accordingly.)
> This split was done in order to not hold socket lock while doing some
> Landlock-specific logic. It might be identical in performance to
> your suggestion, but I thought that (1) security module should have as
> little impact on network stack as possible and (2) it is more
> clear that locking is performed only for a few socket state checks which
> are not related to the access control.
>
> I'll add this explanation with a comment if you agree that everything is
> correct.
IMHO, when you grab a lock in this function, it is clear that you'd
unconditionally want to release it before you return from the
function, and that in C, the normal way to guarantee unconditional
cleanup work would be to apply the "single exit point" rule.
That being said, the scenario is simple enough here that it's not a
big issue in my eyes. It was more of a minor nit about having more
than one place where the lock has to be released. Either way is fine
(and also should not require excessive comments :)).
> > > +
> > > +release_nocheck:
> > > + release_sock(sk);
> > > + return err;
> > > +}
–Günther
next prev parent reply other threads:[~2024-10-05 18:23 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-14 3:01 [RFC PATCH v2 0/9] Support TCP listen access-control Mikhail Ivanov
2024-08-14 3:01 ` [RFC PATCH v2 1/9] landlock: Refactor current_check_access_socket() access right check Mikhail Ivanov
2024-08-19 21:37 ` Günther Noack
2024-08-20 11:20 ` Mikhail Ivanov
2024-08-14 3:01 ` [RFC PATCH v2 2/9] landlock: Support TCP listen access-control Mikhail Ivanov
2024-10-05 16:56 ` Günther Noack
2024-10-05 17:53 ` Mikhail Ivanov
2024-10-05 18:22 ` Günther Noack [this message]
2024-10-05 18:32 ` Mikhail Ivanov
2024-08-14 3:01 ` [RFC PATCH v2 3/9] selftests/landlock: Support LANDLOCK_ACCESS_NET_LISTEN_TCP Mikhail Ivanov
2024-08-19 21:52 ` Günther Noack
2024-08-20 12:32 ` Mikhail Ivanov
2024-08-20 13:14 ` Günther Noack
2024-08-20 18:27 ` Mikhail Ivanov
2024-09-25 18:31 ` Mickaël Salaün
2024-09-26 11:59 ` Mikhail Ivanov
2024-08-19 21:53 ` Günther Noack
2024-08-20 12:35 ` Mikhail Ivanov
2024-08-14 3:01 ` [RFC PATCH v2 4/9] selftests/landlock: Test listening restriction Mikhail Ivanov
2024-08-20 12:31 ` Günther Noack
2024-08-20 18:46 ` Mikhail Ivanov
2024-09-25 18:31 ` Mickaël Salaün
2024-09-26 13:51 ` Mikhail Ivanov
2024-08-14 3:01 ` [RFC PATCH v2 5/9] selftests/landlock: Test listen on connected socket Mikhail Ivanov
2024-08-20 13:01 ` Günther Noack
2024-08-20 13:42 ` Mikhail Ivanov
2024-08-14 3:01 ` [RFC PATCH v2 6/9] selftests/landlock: Test listening without explicit bind restriction Mikhail Ivanov
2024-08-20 13:02 ` Günther Noack
2024-08-20 13:46 ` Mikhail Ivanov
2024-08-21 11:52 ` Mikhail Ivanov
2024-08-14 3:01 ` [RFC PATCH v2 7/9] selftests/landlock: Test listen on ULP socket without clone method Mikhail Ivanov
2024-08-14 3:01 ` [RFC PATCH v2 8/9] selftests/landlock: Test changing socket backlog with listen(2) Mikhail Ivanov
2024-10-05 16:57 ` Günther Noack
2024-10-05 17:29 ` Mikhail Ivanov
2024-08-14 3:01 ` [RFC PATCH v2 9/9] samples/landlock: Support LANDLOCK_ACCESS_NET_LISTEN Mikhail Ivanov
2024-10-05 16:57 ` Günther Noack
2024-10-05 17:30 ` Mikhail Ivanov
2024-08-20 13:11 ` [RFC PATCH v2 0/9] Support TCP listen access-control Günther Noack
2024-08-20 13:23 ` Günther Noack
2024-08-20 13:53 ` Mikhail Ivanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241005.e820f4fae74e@gnoack.org \
--to=gnoack3000@gmail.com \
--cc=artem.kuzin@huawei.com \
--cc=ivanov.mikhail1@huawei-partners.com \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=willemdebruijn.kernel@gmail.com \
--cc=yusongping@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).