* [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
@ 2023-03-13 11:32 Alexander Mikhalitsyn
2023-03-13 11:40 ` Aleksandr Mikhalitsyn
2023-03-15 8:30 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 5+ messages in thread
From: Alexander Mikhalitsyn @ 2023-03-13 11:32 UTC (permalink / raw)
To: davem
Cc: linux-kernel, netdev, Alexander Mikhalitsyn, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, Leon Romanovsky
Currently, kernel would set MSG_CTRUNC flag if msg_control buffer
wasn't provided and SO_PASSCRED was set or if there was pending SCM_RIGHTS.
For some reason we have no corresponding check for SO_PASSSEC.
In the recvmsg(2) doc we have:
MSG_CTRUNC
indicates that some control data was discarded due to lack
of space in the buffer for ancillary data.
So, we need to set MSG_CTRUNC flag for all types of SCM.
This change can break applications those don't check MSG_CTRUNC flag.
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Leon Romanovsky <leon@kernel.org>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
v2:
- commit message was rewritten according to Eric's suggestion
---
include/net/scm.h | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/include/net/scm.h b/include/net/scm.h
index 1ce365f4c256..585adc1346bd 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -105,16 +105,27 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc
}
}
}
+
+static inline bool scm_has_secdata(struct socket *sock)
+{
+ return test_bit(SOCK_PASSSEC, &sock->flags);
+}
#else
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
{ }
+
+static inline bool scm_has_secdata(struct socket *sock)
+{
+ return false;
+}
#endif /* CONFIG_SECURITY_NETWORK */
static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
struct scm_cookie *scm, int flags)
{
if (!msg->msg_control) {
- if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp)
+ if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp ||
+ scm_has_secdata(sock))
msg->msg_flags |= MSG_CTRUNC;
scm_destroy(scm);
return;
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC 2023-03-13 11:32 [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC Alexander Mikhalitsyn @ 2023-03-13 11:40 ` Aleksandr Mikhalitsyn 2023-03-13 20:43 ` Paul Moore 2023-03-15 8:30 ` patchwork-bot+netdevbpf 1 sibling, 1 reply; 5+ messages in thread From: Aleksandr Mikhalitsyn @ 2023-03-13 11:40 UTC (permalink / raw) To: davem Cc: linux-kernel, netdev, Eric Dumazet, Jakub Kicinski, Paolo Abeni, Leon Romanovsky, paul, jmorris, serge +CC security subsystem folks On Mon, Mar 13, 2023 at 12:32 PM Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> wrote: > > Currently, kernel would set MSG_CTRUNC flag if msg_control buffer > wasn't provided and SO_PASSCRED was set or if there was pending SCM_RIGHTS. > > For some reason we have no corresponding check for SO_PASSSEC. > > In the recvmsg(2) doc we have: > MSG_CTRUNC > indicates that some control data was discarded due to lack > of space in the buffer for ancillary data. > > So, we need to set MSG_CTRUNC flag for all types of SCM. > > This change can break applications those don't check MSG_CTRUNC flag. > > Cc: "David S. Miller" <davem@davemloft.net> > Cc: Eric Dumazet <edumazet@google.com> > Cc: Jakub Kicinski <kuba@kernel.org> > Cc: Paolo Abeni <pabeni@redhat.com> > Cc: Leon Romanovsky <leon@kernel.org> > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > > v2: > - commit message was rewritten according to Eric's suggestion > --- > include/net/scm.h | 13 ++++++++++++- > 1 file changed, 12 insertions(+), 1 deletion(-) > > diff --git a/include/net/scm.h b/include/net/scm.h > index 1ce365f4c256..585adc1346bd 100644 > --- a/include/net/scm.h > +++ b/include/net/scm.h > @@ -105,16 +105,27 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc > } > } > } > + > +static inline bool scm_has_secdata(struct socket *sock) > +{ > + return test_bit(SOCK_PASSSEC, &sock->flags); > +} > #else > static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) > { } > + > +static inline bool scm_has_secdata(struct socket *sock) > +{ > + return false; > +} > #endif /* CONFIG_SECURITY_NETWORK */ > > static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, > struct scm_cookie *scm, int flags) > { > if (!msg->msg_control) { > - if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp) > + if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp || > + scm_has_secdata(sock)) > msg->msg_flags |= MSG_CTRUNC; > scm_destroy(scm); > return; > -- > 2.34.1 > ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC 2023-03-13 11:40 ` Aleksandr Mikhalitsyn @ 2023-03-13 20:43 ` Paul Moore 2023-03-14 11:06 ` Aleksandr Mikhalitsyn 0 siblings, 1 reply; 5+ messages in thread From: Paul Moore @ 2023-03-13 20:43 UTC (permalink / raw) To: Aleksandr Mikhalitsyn Cc: davem, linux-kernel, netdev, Eric Dumazet, Jakub Kicinski, Paolo Abeni, Leon Romanovsky, jmorris, serge, linux-security-module, selinux On Mon, Mar 13, 2023 at 7:40 AM Aleksandr Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> wrote: > > +CC security subsystem folks > > On Mon, Mar 13, 2023 at 12:32 PM Alexander Mikhalitsyn > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > Currently, kernel would set MSG_CTRUNC flag if msg_control buffer > > wasn't provided and SO_PASSCRED was set or if there was pending SCM_RIGHTS. > > > > For some reason we have no corresponding check for SO_PASSSEC. > > > > In the recvmsg(2) doc we have: > > MSG_CTRUNC > > indicates that some control data was discarded due to lack > > of space in the buffer for ancillary data. > > > > So, we need to set MSG_CTRUNC flag for all types of SCM. > > > > This change can break applications those don't check MSG_CTRUNC flag. Unless I'm missing something I don't think this will actually result in a userspace visible change as put_cmsg() already has a number of checks which set the MSG_CTRUNC flag if necessary (including if no control buffer is passed, e.g. msg_control == NULL). Regardless, it looks fine to me. Acked-by: Paul Moore <paul@paul-moore.com> > > Cc: "David S. Miller" <davem@davemloft.net> > > Cc: Eric Dumazet <edumazet@google.com> > > Cc: Jakub Kicinski <kuba@kernel.org> > > Cc: Paolo Abeni <pabeni@redhat.com> > > Cc: Leon Romanovsky <leon@kernel.org> > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > > > > v2: > > - commit message was rewritten according to Eric's suggestion > > --- > > include/net/scm.h | 13 ++++++++++++- > > 1 file changed, 12 insertions(+), 1 deletion(-) > > > > diff --git a/include/net/scm.h b/include/net/scm.h > > index 1ce365f4c256..585adc1346bd 100644 > > --- a/include/net/scm.h > > +++ b/include/net/scm.h > > @@ -105,16 +105,27 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc > > } > > } > > } > > + > > +static inline bool scm_has_secdata(struct socket *sock) > > +{ > > + return test_bit(SOCK_PASSSEC, &sock->flags); > > +} > > #else > > static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) > > { } > > + > > +static inline bool scm_has_secdata(struct socket *sock) > > +{ > > + return false; > > +} > > #endif /* CONFIG_SECURITY_NETWORK */ > > > > static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, > > struct scm_cookie *scm, int flags) > > { > > if (!msg->msg_control) { > > - if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp) > > + if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp || > > + scm_has_secdata(sock)) > > msg->msg_flags |= MSG_CTRUNC; > > scm_destroy(scm); > > return; > > -- > > 2.34.1 -- paul-moore.com ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC 2023-03-13 20:43 ` Paul Moore @ 2023-03-14 11:06 ` Aleksandr Mikhalitsyn 0 siblings, 0 replies; 5+ messages in thread From: Aleksandr Mikhalitsyn @ 2023-03-14 11:06 UTC (permalink / raw) To: Paul Moore Cc: davem, linux-kernel, netdev, Eric Dumazet, Jakub Kicinski, Paolo Abeni, Leon Romanovsky, jmorris, serge, linux-security-module, selinux On Mon, Mar 13, 2023 at 9:43 PM Paul Moore <paul@paul-moore.com> wrote: > > On Mon, Mar 13, 2023 at 7:40 AM Aleksandr Mikhalitsyn > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > +CC security subsystem folks > > > > On Mon, Mar 13, 2023 at 12:32 PM Alexander Mikhalitsyn > > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > > > Currently, kernel would set MSG_CTRUNC flag if msg_control buffer > > > wasn't provided and SO_PASSCRED was set or if there was pending SCM_RIGHTS. > > > > > > For some reason we have no corresponding check for SO_PASSSEC. > > > > > > In the recvmsg(2) doc we have: > > > MSG_CTRUNC > > > indicates that some control data was discarded due to lack > > > of space in the buffer for ancillary data. > > > > > > So, we need to set MSG_CTRUNC flag for all types of SCM. > > > > > > This change can break applications those don't check MSG_CTRUNC flag. > > Unless I'm missing something I don't think this will actually result > in a userspace visible change as put_cmsg() already has a number of > checks which set the MSG_CTRUNC flag if necessary (including if no > control buffer is passed, e.g. msg_control == NULL). Yes you are right. I found this check suspicious while working on SCM_PIDFD (which is not yet submitted to LKML), I think it is worth fixing that check anyway just for consistency reasons. > > Regardless, it looks fine to me. > > Acked-by: Paul Moore <paul@paul-moore.com> Thanks, Paul! Regards, Alex > > > > Cc: "David S. Miller" <davem@davemloft.net> > > > Cc: Eric Dumazet <edumazet@google.com> > > > Cc: Jakub Kicinski <kuba@kernel.org> > > > Cc: Paolo Abeni <pabeni@redhat.com> > > > Cc: Leon Romanovsky <leon@kernel.org> > > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > > > > > > v2: > > > - commit message was rewritten according to Eric's suggestion > > > --- > > > include/net/scm.h | 13 ++++++++++++- > > > 1 file changed, 12 insertions(+), 1 deletion(-) > > > > > > diff --git a/include/net/scm.h b/include/net/scm.h > > > index 1ce365f4c256..585adc1346bd 100644 > > > --- a/include/net/scm.h > > > +++ b/include/net/scm.h > > > @@ -105,16 +105,27 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc > > > } > > > } > > > } > > > + > > > +static inline bool scm_has_secdata(struct socket *sock) > > > +{ > > > + return test_bit(SOCK_PASSSEC, &sock->flags); > > > +} > > > #else > > > static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) > > > { } > > > + > > > +static inline bool scm_has_secdata(struct socket *sock) > > > +{ > > > + return false; > > > +} > > > #endif /* CONFIG_SECURITY_NETWORK */ > > > > > > static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, > > > struct scm_cookie *scm, int flags) > > > { > > > if (!msg->msg_control) { > > > - if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp) > > > + if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp || > > > + scm_has_secdata(sock)) > > > msg->msg_flags |= MSG_CTRUNC; > > > scm_destroy(scm); > > > return; > > > -- > > > 2.34.1 > > -- > paul-moore.com ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC 2023-03-13 11:32 [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC Alexander Mikhalitsyn 2023-03-13 11:40 ` Aleksandr Mikhalitsyn @ 2023-03-15 8:30 ` patchwork-bot+netdevbpf 1 sibling, 0 replies; 5+ messages in thread From: patchwork-bot+netdevbpf @ 2023-03-15 8:30 UTC (permalink / raw) To: Aleksandr Mikhalitsyn Cc: davem, linux-kernel, netdev, edumazet, kuba, pabeni, leon Hello: This patch was applied to netdev/net-next.git (main) by David S. Miller <davem@davemloft.net>: On Mon, 13 Mar 2023 12:32:11 +0100 you wrote: > Currently, kernel would set MSG_CTRUNC flag if msg_control buffer > wasn't provided and SO_PASSCRED was set or if there was pending SCM_RIGHTS. > > For some reason we have no corresponding check for SO_PASSSEC. > > In the recvmsg(2) doc we have: > MSG_CTRUNC > indicates that some control data was discarded due to lack > of space in the buffer for ancillary data. > > [...] Here is the summary with links: - [net-next,v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC https://git.kernel.org/netdev/net-next/c/a02d83f9947d You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-03-15 8:30 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-03-13 11:32 [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC Alexander Mikhalitsyn 2023-03-13 11:40 ` Aleksandr Mikhalitsyn 2023-03-13 20:43 ` Paul Moore 2023-03-14 11:06 ` Aleksandr Mikhalitsyn 2023-03-15 8:30 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox