From: ebiederm@xmission.com (Eric W. Biederman)
To: "Carlos O'Donell" <carlos@systemhalted.org>
Cc: Eric Paris <eparis@redhat.com>, Jakub Jelinek <jakub@redhat.com>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-kernel@vger.kernel.org, libc-alpha@sourceware.org,
dwalsh@redhat.com, dmalcolm@redhat.com, sds@tycho.nsa.gov,
segoon@openwall.com, linux-security-module@vger.kernel.org
Subject: Re: Friendlier EPERM - Request for input
Date: Sun, 20 Jan 2013 16:00:46 -0800 [thread overview]
Message-ID: <871udfmmkx.fsf@xmission.com> (raw)
In-Reply-To: <50EDEC85.5060802@systemhalted.org> (Carlos O'Donell's message of "Wed, 09 Jan 2013 17:17:41 -0500")
Carlos O'Donell <carlos@systemhalted.org> writes:
> On 01/09/2013 04:09 PM, Eric Paris wrote:
>> On Wed, 2013-01-09 at 21:59 +0100, Jakub Jelinek wrote:
>>> On Wed, Jan 09, 2013 at 12:53:40PM -0800, Casey Schaufler wrote:
>>>> I'm suggesting that the string returned by get_extended_error_info()
>>>> ought to be the audit record the system call would generate, regardless
>>>> of whether the audit system would emit it or not.
>>>
>>> What system call would that info be for and would it be reset on next
>>> syscall that succeeded, or also failed?
>>>
>>> The thing is, various functions e.g. perform some syscall, save errno, do
>>> some other syscall, and if they decide that the first syscall should be what
>>> determines the whole function's errno, just restore errno from the saved
>>> value and return. Similarly, various functions just set errno upon
>>> detecting some error condition in userspace.
>>> There is no 1:1 mapping between many libc library calls and syscalls.
>>> So, when would it be safe to call this new get_extended_error_info function
>>> and how to determine to which syscall it was relevant?
>
> I asked the same questions as Jakub asked but in a slightly different
> formulation (http://cygwin.com/ml/libc-alpha/2013-01/msg00267.html).
>
>> I was thinking of it to be the last kernel error. So if the first and
>> that second operation caused the kernel to want to make available
>> extended errno information you would end up with the second. I see this
>> is an informative piece of information, not normative. Not a
>> replacement for errno. I'm hoping for a best effort way to provide
>> extended errno information.
>
> IMO Casey's answer is the right solution i.e. whatever the errno
> behaviour was.
Let me propose a different mechanism for getting this to user space
that gives you a save/restore ability.
When a system call returns with an error we return the error code
in one register and leave the rest of the registers that calling
conventions allow us to stomp unchanged.
On i386 (probabaly our most constraint architecture) that gives us
4 32bit registers or 16 bytes/characters to play with.
Returning either an exteneded error number or a short
string in those extra bytes should be very doable, and largely
backwards compatible.
Then in userspace for those applications who care you can
have a "struct exteneded_error" that holds the extra information.
To use that information I expect you want something like:
char *explain_error(int (*failed_func)(...), int errno, struct extended_error *error);
Where explain_error could possibly deduce things even if there
is no side channel information in the kernel. (i.e. You got EPERM
because the permissions are 0700 and you don't own the file.)
Having the core information returned in registers (that are saved by
signal handling) and having a structure of a fixed size that you can
save and restore should help.
Eric
next prev parent reply other threads:[~2013-01-21 0:01 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-09 16:04 Friendlier EPERM - Request for input Eric Paris
2013-01-09 19:43 ` Eric Paris
2013-01-09 20:14 ` Casey Schaufler
2013-01-09 20:32 ` Eric Paris
2013-01-09 20:53 ` Casey Schaufler
2013-01-09 20:59 ` Jakub Jelinek
2013-01-09 21:09 ` Eric Paris
2013-01-09 22:17 ` Carlos O'Donell
2013-01-21 0:00 ` Eric W. Biederman [this message]
2013-01-21 0:59 ` Eric W. Biederman
2013-01-21 1:09 ` Mike Frysinger
2013-01-09 21:12 ` Casey Schaufler
2013-01-09 21:13 ` Eric Paris
2013-01-09 21:36 ` Casey Schaufler
2013-01-10 15:14 ` Tetsuo Handa
2013-01-10 16:34 ` Eric Paris
2013-01-11 13:00 ` Mimi Zohar
2013-01-12 5:08 ` Tetsuo Handa
2013-01-27 14:16 ` Rich Kulawiec
2013-01-12 7:23 ` Rob Landley
2013-01-12 20:27 ` Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871udfmmkx.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=carlos@systemhalted.org \
--cc=casey@schaufler-ca.com \
--cc=dmalcolm@redhat.com \
--cc=dwalsh@redhat.com \
--cc=eparis@redhat.com \
--cc=jakub@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=segoon@openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox