Re: [PATCH] audit: Use struct net not pid_t to remember the network namespce to reply in

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Richard Guy Briggs <rgb@redhat.com>
Cc: Eric Paris <eparis@redhat.com>,
	linux-audit@redhat.com, linux-kernel@vger.kernel.org,
	Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] audit: Use struct net not pid_t to remember the network namespce to reply in
Date: Fri, 28 Feb 2014 20:34:52 -0800	[thread overview]
Message-ID: <87fvn2r0yb.fsf@xmission.com> (raw)
In-Reply-To: <20140301011142.GK16640@madcap2.tricolour.ca> (Richard Guy Briggs's message of "Fri, 28 Feb 2014 20:11:42 -0500")

Richard Guy Briggs <rgb@redhat.com> writes:

> On 14/02/28, Eric W. Biederman wrote:
>> While reading through 3.14-rc1 I found a pretty siginficant mishandling
>> of network namespaces in the recent audit changes.
>> 
>> In struct audit_netlink_list and audit_reply add a reference to the
>> network namespace of the caller and remove the userspace pid of the
>> caller.  This cleanly remembers the callers network namespace, and
>> removes a huge class of races and nasty failure modes that can occur
>> when attempting to relook up the callers network namespace from a pid_t
>> (including the caller's network namespace changing, pid wraparound, and
>> the pid simply not being present).
>
> Ok, so I see that avoiding pid_t in struct audit_reply and struct
> audit_netlink_list is necessary.  Why not switch to struct pid?
>
> How does this patch solve a caller's network namespace changing?

This solves the callers network namespace changing or the caller going
away entirely (a much more serious concern) because we capture the
network namespace at the time of the request when the caller is in the
kernel.  I would have simply captured the socket we want to reply on but
there did not appear to be a good way to do that.

Reading through it again capturing current->nsproxy->net_ns is striclty
wrong.  We should be capturing sock_net(NETLINK_CB(skb).sk).  The
network namespace of the requesting socket.  That handles even weird
cases of passing file descriptors between processes in different network
namespaces.  (An incremental patch to change to code to selct the
network namespace of the requesting socket to follow in a moment).

Still what my patch implements today at least means we won't oops the
kernel if the audit process exits early, and causes get_net_ns_by_pid
to return NULL.

This whole code path is so crazy because what we really should be doing
is sending the packets in nonblocking mode and just dropping packets
if the receiving socket does not have enough socket buvffers.

Eric

next prev parent reply	other threads:[~2014-03-01  4:35 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-28 18:49 [PATCH] audit: Use struct net not pid_t to remember the network namespce to reply in Eric W. Biederman
2014-03-01  1:11 ` Richard Guy Briggs
2014-03-01  4:34   ` Eric W. Biederman [this message]
2014-03-01  4:36     ` [PATCH] audit: Send replies in the proper network namespace Eric W. Biederman
2014-03-01  4:50       ` [RFC][PATCH] audit: Simplify by assuming the callers socket buffer is large enough Eric W. Biederman
2014-03-04 21:30         ` Andrew Morton
2014-03-04 21:51           ` David Miller
2014-03-04 22:41             ` Eric W. Biederman
2014-03-04 22:50               ` Andrew Morton
2014-03-10  3:06                 ` [GIT PULL] namespaces fixes for 3.14-rcX Eric W. Biederman
2014-03-10 13:59                   ` Eric Paris
2014-03-10 19:56                     ` Eric W. Biederman
2014-03-16 18:36                       ` Richard Guy Briggs
2014-03-05  0:21               ` [RFC][PATCH] audit: Simplify by assuming the callers socket buffer is large enough David Miller
2014-03-05 16:59                 ` Steve Grubb
2014-03-05 18:06                   ` Eric W. Biederman
2014-03-07 22:52                     ` Eric Paris
2014-03-08  0:48                       ` David Miller
2014-03-08  3:27                         ` Steve Grubb
2014-03-08  6:34                           ` David Miller
2014-03-08  3:56                         ` Eric Paris
2014-03-10 19:30                       ` David Miller
2014-03-10 21:57                         ` Eric Paris
2014-03-16 18:19       ` [PATCH] audit: Send replies in the proper network namespace Richard Guy Briggs
2014-03-16 19:13         ` Richard Guy Briggs
2014-03-16 18:15 ` [PATCH] audit: Use struct net not pid_t to remember the network namespce to reply in Richard Guy Briggs
2014-03-16 19:12   ` Richard Guy Briggs

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87fvn2r0yb.fsf@xmission.com \
    --to=ebiederm@xmission.com \
    --cc=akpm@linux-foundation.org \
    --cc=eparis@redhat.com \
    --cc=linux-audit@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rgb@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox