From: Christian Brauner <christian.brauner@ubuntu.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, Sargun Dhillon <sargun@sargun.me>,
Matt Denton <mpdenton@google.com>,
Christian Brauner <christian@brauner.io>,
Tycho Andersen <tycho@tycho.ws>,
David Laight <David.Laight@ACULAB.COM>,
Christoph Hellwig <hch@lst.de>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Aleksa Sarai <cyphar@cyphar.com>, Jann Horn <jannh@google.com>,
Chris Palmer <palmer@google.com>,
Robert Sesek <rsesek@google.com>,
Giuseppe Scrivano <gscrivan@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andy Lutomirski <luto@amacapital.net>,
Will Drewry <wad@chromium.org>, Shuah Khan <shuah@kernel.org>,
netdev@vger.kernel.org, containers@lists.linux-foundation.org,
linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v6 6/7] seccomp: Introduce addfd ioctl to seccomp user notifier
Date: Thu, 9 Jul 2020 15:08:11 +0200 [thread overview]
Message-ID: <20200709130811.zjyn6ptsd3rss3j4@wittgenstein> (raw)
In-Reply-To: <202007082307.EB5BAD3A0@keescook>
On Wed, Jul 08, 2020 at 11:12:02PM -0700, Kees Cook wrote:
> On Tue, Jul 07, 2020 at 03:30:49PM +0200, Christian Brauner wrote:
> > Hm, maybe change that description to sm like:
> >
> > [...]
>
> Cool, yeah. Thanks! I've tweaked it a little more
>
> > > + /* 24 is original sizeof(struct seccomp_notif_addfd) */
> > > + if (size < 24 || size >= PAGE_SIZE)
> > > + return -EINVAL;
> >
> > Hm, so maybe add the following:
> >
> > #define SECCOMP_NOTIFY_ADDFD_VER0 24
> > #define SECCOMP_NOTIFY_ADDFD_LATEST SECCOMP_NOTIFY_ADDFD_VER0
> >
> > and then place:
> >
> > BUILD_BUG_ON(sizeof(struct seccomp_notify_addfd) < SECCOMP_NOTIFY_ADDFD_VER0);
> > BUILD_BUG_ON(sizeof(struct open_how) != SECCOMP_NOTIFY_ADDFD_LATEST);
>
> Yes, good idea (BTW, did the EA syscall docs land?)
I'll be giving a kernel summit talk about extensible syscalls to come to
some agreement on a few things. After this we'll update the doc patch
we have now and merge it. :)
>
> I've made these SECCOMP_NOTIFY_ADDFD_SIZE_* to match your examples below
> (i.e. I added "SIZE" to what you suggested above).
Yup, sounds good!
>
> > somewhere which is what we do for clone3(), openat2() and others to
> > catch build-time nonsense.
> >
> > include/uapi/linux/perf_event.h:#define PERF_ATTR_SIZE_VER0 64 /* sizeof first published struct */
> > include/uapi/linux/sched.h:#define CLONE_ARGS_SIZE_VER0 64 /* sizeof first published struct */
> > include/uapi/linux/sched/types.h:#define SCHED_ATTR_SIZE_VER0 48 /* sizeof first published struct */
> > include/linux/fcntl.h:#define OPEN_HOW_SIZE_VER0 24 /* sizeof first published struct */
> > include/linux/fcntl.h:#define OPEN_HOW_SIZE_LATEST OPEN_HOW_SIZE_VER0
>
> The ..._SIZE_VER0 and ...LATEST stuff doesn't seem useful to export via
> UAPI. Above, 2 of the 3 export to uapi. Is there a specific rationale
> for which should and which shouldn't?
I think openat2() just didn't think it was useful. I find them helpful
because I often update codebase to the newest struct I know about:
struct clone_args {
__aligned_u64 flags;
__aligned_u64 pidfd;
__aligned_u64 child_tid;
__aligned_u64 parent_tid;
__aligned_u64 exit_signal;
__aligned_u64 stack;
__aligned_u64 stack_size;
__aligned_u64 tls;
/* CLONE_ARGS_SIZE_VER0 64 */
__aligned_u64 set_tid;
__aligned_u64 set_tid_size;
/* CLONE_ARGS_SIZE_VER1 80 */
__aligned_u64 cgroup;
/* CLONE_ARGS_SIZE_VER2 88 */
};
But bumping it means I can't use:
clone3(&clone_args, sizeof(clone));
everywhere in the codebase because I'm fscking over everyone on older
kernels now. :)
Soin various parts of the codebase I will just use:
clone3(&clone_args, CLONE_ARGS_SIZE_VER0);
because I don't care about any of the additional features and I don't
need the kernel to copy any of the other stuff. Then in other parts of
the codebase I want to set_tid so I use:
clone3(&clone_args, CLONE_ARGS_SIZE_VER1);
This way I can also set "templates", i.e.
struct clone_args clone_template1 = {
.flags |= CLONE_CLEAR_SIGHAND,
.exit_signal = SIGCHLD,
.set_tid = 1000,
.set_tid_size = 1,
};
and then use the same struct for:
clone3(&clone_template1, CLONE_ARGS_SIZE_VER0);
clone3(&clone_template1, CLONE_ARGS_SIZE_VER1);
Whereas sizeof(clone_template1) would always give me
CLONE_ARGS_SIZE_VER2.
Christian
next prev parent reply other threads:[~2020-07-09 13:08 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-06 20:17 [PATCH v6 0/7] Add seccomp notifier ioctl that enables adding fds Kees Cook
2020-07-06 20:17 ` [PATCH v6 1/7] net/scm: Regularize compat handling of scm_detach_fds() Kees Cook
2020-07-07 11:41 ` Christian Brauner
2020-07-08 23:46 ` Kees Cook
2020-07-06 20:17 ` [PATCH v6 2/7] fs: Move __scm_install_fd() to __receive_fd() Kees Cook
2020-07-07 6:49 ` Christoph Hellwig
2020-07-07 11:45 ` Christian Brauner
2020-07-06 20:17 ` [PATCH v6 3/7] fs: Add receive_fd() wrapper for __receive_fd() Kees Cook
2020-07-07 6:49 ` Christoph Hellwig
2020-07-07 11:49 ` Christian Brauner
2020-07-08 23:48 ` Kees Cook
2020-07-06 20:17 ` [PATCH v6 4/7] pidfd: Replace open-coded partial receive_fd() Kees Cook
2020-07-07 12:22 ` Christian Brauner
2020-07-08 23:49 ` Kees Cook
2020-07-09 6:35 ` Kees Cook
2020-07-09 12:54 ` Christian Brauner
2020-07-06 20:17 ` [PATCH v6 5/7] fs: Expand __receive_fd() to accept existing fd Kees Cook
2020-07-07 12:38 ` Christian Brauner
2020-07-08 23:52 ` Kees Cook
2020-07-06 20:17 ` [PATCH v6 6/7] seccomp: Introduce addfd ioctl to seccomp user notifier Kees Cook
2020-07-07 13:30 ` Christian Brauner
2020-07-09 6:12 ` Kees Cook
2020-07-09 13:08 ` Christian Brauner [this message]
2020-07-09 6:17 ` [PATCH v6.1 " Kees Cook
2020-07-09 6:22 ` Kees Cook
2020-07-06 20:17 ` [PATCH v6 7/7] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200709130811.zjyn6ptsd3rss3j4@wittgenstein \
--to=christian.brauner@ubuntu.com \
--cc=David.Laight@ACULAB.COM \
--cc=christian@brauner.io \
--cc=containers@lists.linux-foundation.org \
--cc=cyphar@cyphar.com \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=gscrivan@redhat.com \
--cc=hch@lst.de \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kuba@kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mpdenton@google.com \
--cc=netdev@vger.kernel.org \
--cc=palmer@google.com \
--cc=rsesek@google.com \
--cc=sargun@sargun.me \
--cc=shuah@kernel.org \
--cc=tycho@tycho.ws \
--cc=viro@zeniv.linux.org.uk \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.