linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Luis Chamberlain <mcgrof@kernel.org>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
	David Howells <dhowells@redhat.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>,
	Christoph Hellwig <hch@infradead.org>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	ast@kernel.org, axboe@kernel.dk, bfields@fieldses.org,
	bridge@lists.linux-foundation.org, chainsaw@gentoo.org,
	christian.brauner@ubuntu.com, chuck.lever@oracle.com,
	davem@davemloft.net, gregkh@linuxfoundation.org,
	jarkko.sakkinen@linux.intel.com, jmorris@namei.org,
	josh@joshtriplett.org, keescook@chromium.org,
	keyrings@vger.kernel.org, kuba@kernel.org,
	lars.ellenberg@linbit.com, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	nikolay@cumulusnetworks.com, philipp.reisner@linbit.com,
	ravenexp@gmail.com, roopa@cumulusnetworks.com, serge@hallyn.com,
	slyfox@gentoo.org, viro@zeniv.linux.org.uk,
	yangtiezhu@loongson.cn, netdev@vger.kernel.org,
	markward@linux.ibm.com, linux-s390 <linux-s390@vger.kernel.org>
Subject: Re: linux-next: umh: fix processed error when UMH_WAIT_PROC is used seems to break linux bridge on s390x (bisected)
Date: Thu, 2 Jul 2020 19:46:56 +0000	[thread overview]
Message-ID: <20200702194656.GV4332@42.do-not-panic.com> (raw)
In-Reply-To: <e3f3e501-2cb7-b683-4b85-2002b7603244@i-love.sakura.ne.jp>

On Thu, Jul 02, 2020 at 01:26:53PM +0900, Tetsuo Handa wrote:
> On 2020/07/02 0:38, Luis Chamberlain wrote:
> > @@ -156,6 +156,18 @@ static void call_usermodehelper_exec_sync(struct subprocess_info *sub_info)
> >  		 */
> >  		if (KWIFEXITED(ret))
> >  			sub_info->retval = KWEXITSTATUS(ret);
> > +		/*
> > +		 * Do we really want to be passing the signal, or do we pass
> > +		 * a single error code for all cases?
> > +		 */
> > +		else if (KWIFSIGNALED(ret))
> > +			sub_info->retval = KWTERMSIG(ret);
> 
> No, this is bad. Caller of usermode helper is unable to distinguish exit(9)
> and e.g. SIGKILL'ed by the OOM-killer.

Right, the question is: do we care?

> Please pass raw exit status value.
> 
> I feel that caller of usermode helper should not use exit status value.
> For example, call_sbin_request_key() is checking
> 
>   test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || key_validate(key) < 0
> 
> condition (if usermode helper was invoked) in order to "ignore any errors from
> userspace if the key was instantiated".

For those not familiar with this code path, or if you cannot decipher
the above, the code path in question was:

static int call_sbin_request_key(struct key *authkey, void *aux)                
{
	...
	/* do it */                                                             
	ret = call_usermodehelper_keys(request_key, argv, envp, keyring,        
				       UMH_WAIT_PROC);
	kdebug("usermode -> 0x%x", ret);
	if (ret >= 0) {
		/* ret is the exit/wait code */
		if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
		    key_validate(key) < 0)
		    ret = -ENOKEY;
		/* ignore any errors from userspace if the key was      
		 * instantiated */  
		 ret = 0;
	}
	...
}

And the umh patch "umh: fix processed error when UMH_WAIT_PROC is used"
changed this to:

-       if (ret >= 0) {
+       if (ret != 0) {

Prior to the patch negative return values from userspace were still
being captured, and likewise signals, but the error value was not
raw, not the actual value. After the patch, since we check for ret != 0
we still upkeep the sanity check for any error, correct the error value,
but as you noted signals were ignored as I made the wrong assumption
we would ignore them. The umh sub_info->retval is set after my original
patch only if KWIFSIGNALED(ret)), and ignored signals, and so that
would be now capitured with the additional KWIFSIGNALED(ret)) check.

The question still stands:

Do we want to open code all these checks or simply wrap them up in
the umh. If we do the later, as you note exit(9) and a SIGKILL will
be the same to the inspector in the kernel. But do we care?

Do we really want umh callers differntiatin between signals and exit values?

The alternative to making a compromise is using generic wrappers for
things which make sense and letting the callers use those.

  Luis

> > +		/* Same here */
> > +		else if (KWIFSTOPPED((ret)))
> > +			sub_info->retval = KWSTOPSIG(ret);
> > +		/* And are we really sure we want this? */
> > +		else if (KWIFCONTINUED((ret)))
> > +			sub_info->retval = 0;
> >  	}
> >  
> >  	/* Restore default kernel sig handler */
> > 
> 

  reply	other threads:[~2020-07-02 19:47 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-10 15:49 [PATCH 0/5] kmod/umh: a few fixes Luis R. Rodriguez
2020-06-10 15:49 ` [PATCH 1/5] selftests: kmod: Use variable NAME in kmod_test_0001() Luis R. Rodriguez
2020-06-10 15:49 ` [PATCH 2/5] kmod: Remove redundant "be an" in the comment Luis R. Rodriguez
2020-06-10 15:49 ` [PATCH 3/5] test_kmod: Avoid potential double free in trigger_config_run_type() Luis R. Rodriguez
2020-06-10 15:49 ` [PATCH 4/5] umh: fix processed error when UMH_WAIT_PROC is used Luis R. Rodriguez
2020-06-23 14:11   ` linux-next: umh: fix processed error when UMH_WAIT_PROC is used seems to break linux bridge on s390x (bisected) Christian Borntraeger
2020-06-23 14:23     ` Christian Borntraeger
2020-06-24 11:11       ` Christian Borntraeger
2020-06-24 12:05         ` Luis Chamberlain
2020-06-24 13:17           ` Luis Chamberlain
2020-06-24 16:13             ` Luis Chamberlain
2020-06-24 14:43         ` Christoph Hellwig
2020-06-24 15:54           ` Christian Borntraeger
2020-06-24 16:09             ` Luis Chamberlain
2020-06-24 17:58               ` Christian Borntraeger
2020-06-24 18:09                 ` Christian Borntraeger
2020-06-24 18:32                   ` Christian Borntraeger
2020-06-24 18:37                     ` Christian Borntraeger
2020-06-25 13:26                       ` Christian Borntraeger
2020-06-26  2:54                       ` Luis Chamberlain
2020-06-26  5:22                         ` Christian Borntraeger
2020-06-26  9:00                           ` Christoph Hellwig
2020-06-26 11:40                             ` Luis Chamberlain
2020-06-26 11:50                               ` Luis Chamberlain
2020-06-30 17:57                         ` Luis Chamberlain
2020-07-01 10:08                           ` Christian Borntraeger
2020-07-01 13:24                             ` Tetsuo Handa
2020-07-01 13:53                               ` Luis Chamberlain
2020-07-01 14:08                                 ` Tetsuo Handa
2020-07-01 15:38                                   ` Luis Chamberlain
2020-07-01 15:48                                     ` Christian Borntraeger
2020-07-01 15:58                                       ` Luis Chamberlain
2020-07-01 16:01                                         ` Christian Borntraeger
2020-07-02  4:26                                     ` Tetsuo Handa
2020-07-02 19:46                                       ` Luis Chamberlain [this message]
2020-07-03  0:52                                         ` Tetsuo Handa
2020-07-03 13:28                                           ` Luis Chamberlain
2020-07-01 15:26                                 ` Christian Borntraeger
2020-07-01 13:46                             ` Luis Chamberlain
2020-06-10 15:49 ` [PATCH 5/5] selftests: simplify kmod failure value Luis R. Rodriguez
2020-06-18  0:43 ` [PATCH 0/5] kmod/umh: a few fixes Andrew Morton
     [not found]   ` <20200619204626.GK11244@42.do-not-panic.com>
2020-06-19 21:07     ` Luis Chamberlain

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200702194656.GV4332@42.do-not-panic.com \
    --to=mcgrof@kernel.org \
    --cc=ast@kernel.org \
    --cc=axboe@kernel.dk \
    --cc=bfields@fieldses.org \
    --cc=borntraeger@de.ibm.com \
    --cc=bridge@lists.linux-foundation.org \
    --cc=chainsaw@gentoo.org \
    --cc=christian.brauner@ubuntu.com \
    --cc=chuck.lever@oracle.com \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=ebiederm@xmission.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hch@infradead.org \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=jmorris@namei.org \
    --cc=josh@joshtriplett.org \
    --cc=keescook@chromium.org \
    --cc=keyrings@vger.kernel.org \
    --cc=kuba@kernel.org \
    --cc=lars.ellenberg@linbit.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=linux-s390@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=markward@linux.ibm.com \
    --cc=netdev@vger.kernel.org \
    --cc=nikolay@cumulusnetworks.com \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=philipp.reisner@linbit.com \
    --cc=ravenexp@gmail.com \
    --cc=roopa@cumulusnetworks.com \
    --cc=serge@hallyn.com \
    --cc=slyfox@gentoo.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=yangtiezhu@loongson.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).