Can KEYCTL_SESSION_TO_PARENT be dropped entirely? -- was Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: David Howells <dhowells@redhat.com>
To: Jann Horn <jannh@google.com>,
	Jeffrey Altman <jaltman@auristor.com>,
	openafs-devel@openafs.org
Cc: dhowells@redhat.com, "Paul Moore" <paul@paul-moore.com>,
	"James Morris" <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	"John Johansen" <john.johansen@canonical.com>,
	"Jarkko Sakkinen" <jarkko@kernel.org>,
	"Mickaël Salaün" <mic@digikod.net>,
	"Günther Noack" <gnoack@google.com>,
	"Stephen Smalley" <stephen.smalley.work@gmail.com>,
	"Ondrej Mosnacek" <omosnace@redhat.com>,
	"Casey Schaufler" <casey@schaufler-ca.com>,
	linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org, apparmor@lists.ubuntu.com,
	keyrings@vger.kernel.org, selinux@vger.kernel.org
Subject: Can KEYCTL_SESSION_TO_PARENT be dropped entirely? -- was Re: [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials
Date: Thu, 15 Aug 2024 20:46:28 +0100	[thread overview]
Message-ID: <2494949.1723751188@warthog.procyon.org.uk> (raw)
In-Reply-To: <20240805-remove-cred-transfer-v2-1-a2aa1d45e6b8@google.com>

Jann Horn <jannh@google.com> wrote:

> Rewrite keyctl_session_to_parent() to run task work on the parent
> synchronously, so that any errors that happen in the task work can be
> plumbed back into the syscall return value in the child.

The main thing I worry about is if there's a way to deadlock the child and the
parent against each other.  vfork() for example.

> +	if (task_work_cancel(parent, &ctx.work)) {
> +		/*
> +		 * We got interrupted and the task work was canceled before it
> +		 * could execute.
> +		 * Use -ERESTARTNOINTR instead of -ERESTARTSYS for
> +		 * compatibility - the manpage does not list -EINTR as a
> +		 * possible error for keyctl().
> +		 */

I think returning EINTR is fine, provided that if we return EINTR, the change
didn't happen.  KEYCTL_SESSION_TO_PARENT is only used by the aklog, dlog and
klog* OpenAFS programs AFAIK, and only if "-setpag" is set as a command line
option.  It also won't be effective if you strace the program.

Maybe the AFS people can say whether it's even worth keeping the functionality
rather than just dropping KEYCTL_SESSION_TO_PARENT?

David

next prev parent reply	other threads:[~2024-08-15 19:46 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-05 11:54 [PATCH v2 0/2] get rid of cred_transfer Jann Horn
2024-08-05 11:54 ` [PATCH v2 1/2] KEYS: use synchronous task work for changing parent credentials Jann Horn
2024-08-15 18:10   ` Jarkko Sakkinen
2024-08-15 19:46   ` David Howells [this message]
2024-08-15 19:59     ` Can KEYCTL_SESSION_TO_PARENT be dropped entirely? -- was " Jann Horn
2024-08-16 10:52       ` Jarkko Sakkinen
2024-09-10 20:49       ` Paul Moore
2024-09-16 10:46         ` Paul Moore
2024-09-16 21:14           ` Jann Horn
2024-09-10 21:07   ` Paul Moore
2024-09-10 23:05     ` Jann Horn
2024-08-05 11:54 ` [PATCH v2 2/2] security: remove unused cred_alloc_blank/cred_transfer helpers Jann Horn
2024-08-15 18:12   ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2494949.1723751188@warthog.procyon.org.uk \
    --to=dhowells@redhat.com \
    --cc=apparmor@lists.ubuntu.com \
    --cc=casey@schaufler-ca.com \
    --cc=gnoack@google.com \
    --cc=jaltman@auristor.com \
    --cc=jannh@google.com \
    --cc=jarkko@kernel.org \
    --cc=jmorris@namei.org \
    --cc=john.johansen@canonical.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-afs@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mic@digikod.net \
    --cc=omosnace@redhat.com \
    --cc=openafs-devel@openafs.org \
    --cc=paul@paul-moore.com \
    --cc=selinux@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=stephen.smalley.work@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox