From: Linus Torvalds <torvalds@linux-foundation.org>
To: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: "David Herrmann" <dh.herrmann@gmail.com>,
"Willy Tarreau" <w@1wt.eu>,
"David S. Miller" <davem@davemloft.net>,
netdev <netdev@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
"Eric Dumazet" <edumazet@google.com>,
"Марк Коренберг" <socketpair@gmail.com>,
"Tetsuo Handa" <penguin-kernel@i-love.sakura.ne.jp>,
"Simon McVittie" <simon.mcvittie@collabora.co.uk>
Subject: Re: [PATCH v2] unix: properly account for FDs passed over unix sockets
Date: Tue, 2 Feb 2016 11:29:59 -0800 [thread overview]
Message-ID: <CA+55aFw2AwsWbvwp6f8H+eExt_CMfh7VA3od6hto_M0hg9z3Tg@mail.gmail.com> (raw)
In-Reply-To: <56B0F574.5080105@stressinduktion.org>
On Tue, Feb 2, 2016 at 10:29 AM, Hannes Frederic Sowa
<hannes@stressinduktion.org> wrote:
>>
>> Anyway, can someone provide a high-level description of what exactly
>> this patch is supposed to do? Which operation should be limited, who
>> should inflight FDs be accounted on, and which rlimit should be used
>> on each operation? I'm having a hard time auditing existing
>> user-space, given just the scarce description of this commit.
>
> Yes, all your observations are true. I think we need to explicitly
> need to refer to the sending socket while attaching the fds.
I don't think that really helps. Maybe somebody passed a unix domain
socket around, and now we're crediting the wrong socket again.
So how about we actually add a "struct cred *" to the scm_cookie
itself, and we initialize it to "get_current_cred()". And then always
use that.
That way it's always the person who actually does the send (rather
than the opener of the socket _or_ the opener of the file that gets
passed around) that gets credited, and thanks to the cred pointer we
can then de-credit them properly.
Hmm?
Linus
next prev parent reply other threads:[~2016-02-02 19:29 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-10 6:58 [PATCH v2] unix: properly account for FDs passed over unix sockets Willy Tarreau
2016-01-11 5:05 ` David Miller
2016-02-02 17:34 ` David Herrmann
2016-02-02 18:29 ` Hannes Frederic Sowa
2016-02-02 19:29 ` Linus Torvalds [this message]
2016-02-02 20:32 ` Hannes Frederic Sowa
2016-02-02 20:39 ` Willy Tarreau
2016-02-02 21:55 ` Hannes Frederic Sowa
[not found] ` <CA+55aFzqdR80MKupCs+va8vtbTU67Jobax1QAbfWNktQCXFxpA@mail.gmail.com>
2016-02-03 0:57 ` Hannes Frederic Sowa
2016-02-03 1:12 ` Hannes Frederic Sowa
2016-02-02 20:44 ` Linus Torvalds
2016-02-02 20:49 ` Willy Tarreau
2016-02-02 20:53 ` Linus Torvalds
2016-02-02 20:58 ` Willy Tarreau
2016-02-02 20:56 ` Hannes Frederic Sowa
2016-02-03 12:19 ` David Laight
2016-02-03 11:36 ` Simon McVittie
2016-02-03 11:56 ` Hannes Frederic Sowa
2016-02-03 11:56 ` David Herrmann
2016-02-03 12:49 ` Simon McVittie
2016-02-03 14:07 ` Hannes Frederic Sowa
-- strict thread matches above, loose matches on Subject: below --
2016-01-10 6:58 Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+55aFw2AwsWbvwp6f8H+eExt_CMfh7VA3od6hto_M0hg9z3Tg@mail.gmail.com \
--to=torvalds@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=dh.herrmann@gmail.com \
--cc=edumazet@google.com \
--cc=hannes@stressinduktion.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=simon.mcvittie@collabora.co.uk \
--cc=socketpair@gmail.com \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).