From: Jann Horn <jannh@google.com>
To: Sargun Dhillon <sargun@sargun.me>
Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
Tycho Andersen <tycho@tycho.pizza>,
Christian Brauner <christian@brauner.io>,
Kees Cook <keescook@chromium.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Giuseppe Scrivano <gscrivan@redhat.com>,
Song Liu <songliubraving@fb.com>,
Robert Sesek <rsesek@google.com>,
Containers <containers@lists.linux-foundation.org>,
linux-man <linux-man@vger.kernel.org>,
lkml <linux-kernel@vger.kernel.org>,
Aleksa Sarai <cyphar@cyphar.com>,
Alexei Starovoitov <ast@kernel.org>,
Will Drewry <wad@chromium.org>, bpf <bpf@vger.kernel.org>,
Andy Lutomirski <luto@amacapital.net>
Subject: Re: For review: seccomp_user_notif(2) manual page [v2]
Date: Mon, 2 Nov 2020 21:04:22 +0100 [thread overview]
Message-ID: <CAG48ez2vPUCiZX-swrE2oWx8j-6QCzCRiFGnCPFoGMN+oBFGQw@mail.gmail.com> (raw)
In-Reply-To: <CAMp4zn9Eaq7UQqL4Gk7Cs2O3dj1Gfp8L_YDpWxhvru_kVEBVfw@mail.gmail.com>
On Mon, Nov 2, 2020 at 8:50 PM Sargun Dhillon <sargun@sargun.me> wrote:
> On Mon, Nov 2, 2020 at 11:45 AM Michael Kerrisk (man-pages)
> <mtk.manpages@gmail.com> wrote:
> > Caveats regarding blocking system calls
> > Suppose that the target performs a blocking system call (e.g.,
> > accept(2)) that the supervisor should handle. The supervisor
> > might then in turn execute the same blocking system call.
> >
> > In this scenario, it is important to note that if the target's
> > system call is now interrupted by a signal, the supervisor is not
> > informed of this. If the supervisor does not take suitable steps
> > to actively discover that the target's system call has been
> > canceled, various difficulties can occur. Taking the example of
> > accept(2), the supervisor might remain blocked in its accept(2)
> > holding a port number that the target (which, after the
> > interruption by the signal handler, perhaps closed its listening
> > socket) might expect to be able to reuse in a bind(2) call.
> >
> > Therefore, when the supervisor wishes to emulate a blocking system
> > call, it must do so in such a way that it gets informed if the
> > target's system call is interrupted by a signal handler. For
> > example, if the supervisor itself executes the same blocking
> > system call, then it could employ a separate thread that uses the
> > SECCOMP_IOCTL_NOTIF_ID_VALID operation to check if the target is
> > still blocked in its system call. Alternatively, in the accept(2)
> > example, the supervisor might use poll(2) to monitor both the
> > notification file descriptor (so as as to discover when the
> > target's accept(2) call has been interrupted) and the listening
> > file descriptor (so as to know when a connection is available).
> >
> > If the target's system call is interrupted, the supervisor must
> > take care to release resources (e.g., file descriptors) that it
> > acquired on behalf of the target.
> >
> > Does that seem okay?
> >
> This is far clearer than my explanation. The one thing is that *just*
> poll is not good enough, you would poll, with some timeout, and when
> that timeout is hit, check if all the current notifications are valid,
> as poll isn't woken up when an in progress notification goes off
> AFAIK.
Arguably that's so terrible that it qualifies for being in the BUGS
section of the manpage.
If you want this to be fixed properly, I recommend that someone
implements my proposal from
<https://lore.kernel.org/lkml/CAG48ez1O2H5HDikPO-_o-toXTheU8GnZot9woGDsNRNJqSWesA@mail.gmail.com/>,
unless you can come up with something better.
next prev parent reply other threads:[~2020-11-02 20:06 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-26 9:55 For review: seccomp_user_notif(2) manual page [v2] Michael Kerrisk (man-pages)
2020-10-26 13:54 ` Tycho Andersen
2020-10-26 14:30 ` Michael Kerrisk (man-pages)
2020-10-26 14:32 ` Tycho Andersen
2020-10-29 1:42 ` Jann Horn
[not found] ` <20201029020438.GA25673@cisco>
2020-10-29 4:43 ` Jann Horn
2020-10-29 14:19 ` Michael Kerrisk (man-pages)
2020-10-30 19:14 ` Jann Horn
2020-10-31 8:31 ` Michael Kerrisk (man-pages)
2020-11-02 13:49 ` Jann Horn
2020-10-29 19:14 ` Michael Kerrisk (man-pages)
2020-10-30 19:20 ` Jann Horn
2020-10-31 8:51 ` Michael Kerrisk (man-pages)
2020-11-02 14:13 ` Jann Horn
2020-10-29 8:53 ` Sargun Dhillon
2020-10-29 20:37 ` Michael Kerrisk (man-pages)
2020-10-30 20:27 ` Sargun Dhillon
2020-10-31 16:27 ` Michael Kerrisk (man-pages)
2020-11-02 8:07 ` Sargun Dhillon
2020-11-02 19:45 ` Michael Kerrisk (man-pages)
2020-11-02 19:49 ` Sargun Dhillon
2020-11-02 20:04 ` Jann Horn [this message]
2020-10-29 15:26 ` Christian Brauner
2020-10-29 19:53 ` Michael Kerrisk (man-pages)
2020-10-30 19:24 ` Jann Horn
2020-10-30 20:07 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAG48ez2vPUCiZX-swrE2oWx8j-6QCzCRiFGnCPFoGMN+oBFGQw@mail.gmail.com \
--to=jannh@google.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=christian@brauner.io \
--cc=containers@lists.linux-foundation.org \
--cc=cyphar@cyphar.com \
--cc=daniel@iogearbox.net \
--cc=gscrivan@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mtk.manpages@gmail.com \
--cc=rsesek@google.com \
--cc=sargun@sargun.me \
--cc=songliubraving@fb.com \
--cc=tycho@tycho.pizza \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).