Re: [PATCH] scm: fold __scm_send() into scm_send()

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Andrew Morton <akpm@osdl.org>
To: Chris Wright <chrisw@sous-sol.org>
Cc: cxzhang@watson.ibm.com, netdev@axxeo.de, chrisw@sous-sol.org,
	ioe-lkml@rameria.de, davem@davemloft.net,
	linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH] scm: fold __scm_send() into scm_send()
Date: Mon, 20 Mar 2006 14:31:03 -0800	[thread overview]
Message-ID: <20060320143103.31b7d933.akpm@osdl.org> (raw)
In-Reply-To: <20060320213636.GT15997@sorel.sous-sol.org>

Chris Wright <chrisw@sous-sol.org> wrote:
>
> * Chris Wright (chrisw@sous-sol.org) wrote:
> > * Ingo Oeser (netdev@axxeo.de) wrote:
> > > Hi Chris,
> > > 
> > > Andrew Morton wrote:
> > > > Ingo Oeser <ioe-lkml@rameria.de> wrote:
> > > > >
> > > > >  -int scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
> > > > >  -{
> > > > >  -	struct task_struct *p = current;
> > > > >  -	scm->creds = (struct ucred) {
> > > > >  -		.uid = p->uid,
> > > > >  -		.gid = p->gid,
> > > > >  -		.pid = p->tgid
> > > > >  -	};
> > > > >  -	scm->fp = NULL;
> > > > >  -	scm->sid = security_sk_sid(sock->sk, NULL, 0);
> > > > >  -	scm->seq = 0;
> > > > >  -	if (msg->msg_controllen <= 0)
> > > > >  -		return 0;
> > > > >  -	return __scm_send(sock, msg, scm);
> > > > >  -}
> > > > 
> > > > It's worth noting that scm_send() will call security_sk_sid() even if
> > > > (msg->msg_controllen <= 0).
> > > 
> > > Chris, do you know if this is needed in this case?
> > 
> > This whole thing is looking broken.  I'm still trying to find the original
> > patch which caused the series of broken patches on top.
> 
> OK, it starts here from Catherine's patch:
> 
> include/net/scm.h::scm_recv()
> +	if (test_bit(SOCK_PASSSEC, &sock->flags)) {
> +		err = security_sid_to_context(scm->sid, &scontext, &scontext_len);
> +		if (!err)
> + 			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, scontext_len, scontext);
> + }
> 
> Catherine, the security_sid_to_context() is a raw SELinux function which
> crept into core code and should not have been there.  The fallout fixes
> included conditionally exporting security_sid_to_context, and finally
> scm_send/recv unlining.

Yes.  So we're OK up the uninlining, right?

>  The end result in -mm looks broken to me.
> Specifically, it now does:
> 
> 	ucred->uid = tsk->uid;
> 	ucred->gid = tsk->gid;
> 	ucred->pid = tsk->tgid;
> 	scm->fp = NULL;
> 	scm->seq = 0;
> 	if (msg->msg_controllen <= 0)
> 		return 0;
> 
> 	scm->sid = security_sk_sid(sock->sk, NULL, 0);
> 
> The point of Catherine's original patch was to make sure there's always
> a security identifier associated with AF_UNIX messages.  So receiver
> can always check it (same as having credentials even w/out sender
> control message passing them).  Now we will have garbage for sid.

This answers the question I've been asking all and sundry for a week, thanks ;)

So:

- scm-fold-__scm_send-into-scm_send.patch is OK

- scm_send-speedup.patch is wrong

- Catherine's patch introduces a possibly-significant performance
  problem: we're now calling the expensive-on-SELinux security_sk_sid()
  more frequently than we used to.

- That "initialise scm->creds via a temporary struct" trick still
  generates bad code.


I actually have enough to be going on with here - I'll drop it all.

next prev parent reply	other threads:[~2006-03-20 22:31 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <200603130139.k2D1dpSQ021279@shell0.pdx.osdl.net>
     [not found] ` <20060312.180802.13404061.davem@davemloft.net>
2006-03-13 20:05   ` [PATCH] scm: fold __scm_send() into scm_send() Ingo Oeser
2006-03-13 20:22     ` Benjamin LaHaise
2006-03-13 22:13       ` Andrew Morton
2006-03-14  1:31     ` Andrew Morton
2006-03-20 11:44       ` Ingo Oeser
2006-03-20 20:18         ` Chris Wright
2006-03-20 21:36           ` Chris Wright
2006-03-20 22:31             ` Andrew Morton [this message]
2006-03-20 23:15               ` Chris Wright
2006-03-21 13:32                 ` Stephen Smalley
2006-03-21 13:42                   ` Stephen Smalley
2006-04-06 17:52                     ` Xiaolan Zhang
2006-03-20 23:28             ` David S. Miller
2006-03-20 23:43               ` Chris Wright
2006-03-21  0:37               ` James Morris
2006-03-21  0:50                 ` David S. Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060320143103.31b7d933.akpm@osdl.org \
    --to=akpm@osdl.org \
    --cc=chrisw@sous-sol.org \
    --cc=cxzhang@watson.ibm.com \
    --cc=davem@davemloft.net \
    --cc=ioe-lkml@rameria.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@axxeo.de \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).