* Re: [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC [not found] ` <CAEivzxf630y_kjVLNM4m1vfQxnwyOBK+0wiCLW1T+8miPVC5Fg@mail.gmail.com> @ 2023-03-13 20:43 ` Paul Moore 2023-03-14 11:06 ` Aleksandr Mikhalitsyn 0 siblings, 1 reply; 2+ messages in thread From: Paul Moore @ 2023-03-13 20:43 UTC (permalink / raw) To: Aleksandr Mikhalitsyn Cc: davem, linux-kernel, netdev, Eric Dumazet, Jakub Kicinski, Paolo Abeni, Leon Romanovsky, jmorris, serge, linux-security-module, selinux On Mon, Mar 13, 2023 at 7:40 AM Aleksandr Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> wrote: > > +CC security subsystem folks > > On Mon, Mar 13, 2023 at 12:32 PM Alexander Mikhalitsyn > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > Currently, kernel would set MSG_CTRUNC flag if msg_control buffer > > wasn't provided and SO_PASSCRED was set or if there was pending SCM_RIGHTS. > > > > For some reason we have no corresponding check for SO_PASSSEC. > > > > In the recvmsg(2) doc we have: > > MSG_CTRUNC > > indicates that some control data was discarded due to lack > > of space in the buffer for ancillary data. > > > > So, we need to set MSG_CTRUNC flag for all types of SCM. > > > > This change can break applications those don't check MSG_CTRUNC flag. Unless I'm missing something I don't think this will actually result in a userspace visible change as put_cmsg() already has a number of checks which set the MSG_CTRUNC flag if necessary (including if no control buffer is passed, e.g. msg_control == NULL). Regardless, it looks fine to me. Acked-by: Paul Moore <paul@paul-moore.com> > > Cc: "David S. Miller" <davem@davemloft.net> > > Cc: Eric Dumazet <edumazet@google.com> > > Cc: Jakub Kicinski <kuba@kernel.org> > > Cc: Paolo Abeni <pabeni@redhat.com> > > Cc: Leon Romanovsky <leon@kernel.org> > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > > > > v2: > > - commit message was rewritten according to Eric's suggestion > > --- > > include/net/scm.h | 13 ++++++++++++- > > 1 file changed, 12 insertions(+), 1 deletion(-) > > > > diff --git a/include/net/scm.h b/include/net/scm.h > > index 1ce365f4c256..585adc1346bd 100644 > > --- a/include/net/scm.h > > +++ b/include/net/scm.h > > @@ -105,16 +105,27 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc > > } > > } > > } > > + > > +static inline bool scm_has_secdata(struct socket *sock) > > +{ > > + return test_bit(SOCK_PASSSEC, &sock->flags); > > +} > > #else > > static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) > > { } > > + > > +static inline bool scm_has_secdata(struct socket *sock) > > +{ > > + return false; > > +} > > #endif /* CONFIG_SECURITY_NETWORK */ > > > > static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, > > struct scm_cookie *scm, int flags) > > { > > if (!msg->msg_control) { > > - if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp) > > + if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp || > > + scm_has_secdata(sock)) > > msg->msg_flags |= MSG_CTRUNC; > > scm_destroy(scm); > > return; > > -- > > 2.34.1 -- paul-moore.com ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC 2023-03-13 20:43 ` [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC Paul Moore @ 2023-03-14 11:06 ` Aleksandr Mikhalitsyn 0 siblings, 0 replies; 2+ messages in thread From: Aleksandr Mikhalitsyn @ 2023-03-14 11:06 UTC (permalink / raw) To: Paul Moore Cc: davem, linux-kernel, netdev, Eric Dumazet, Jakub Kicinski, Paolo Abeni, Leon Romanovsky, jmorris, serge, linux-security-module, selinux On Mon, Mar 13, 2023 at 9:43 PM Paul Moore <paul@paul-moore.com> wrote: > > On Mon, Mar 13, 2023 at 7:40 AM Aleksandr Mikhalitsyn > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > +CC security subsystem folks > > > > On Mon, Mar 13, 2023 at 12:32 PM Alexander Mikhalitsyn > > <aleksandr.mikhalitsyn@canonical.com> wrote: > > > > > > Currently, kernel would set MSG_CTRUNC flag if msg_control buffer > > > wasn't provided and SO_PASSCRED was set or if there was pending SCM_RIGHTS. > > > > > > For some reason we have no corresponding check for SO_PASSSEC. > > > > > > In the recvmsg(2) doc we have: > > > MSG_CTRUNC > > > indicates that some control data was discarded due to lack > > > of space in the buffer for ancillary data. > > > > > > So, we need to set MSG_CTRUNC flag for all types of SCM. > > > > > > This change can break applications those don't check MSG_CTRUNC flag. > > Unless I'm missing something I don't think this will actually result > in a userspace visible change as put_cmsg() already has a number of > checks which set the MSG_CTRUNC flag if necessary (including if no > control buffer is passed, e.g. msg_control == NULL). Yes you are right. I found this check suspicious while working on SCM_PIDFD (which is not yet submitted to LKML), I think it is worth fixing that check anyway just for consistency reasons. > > Regardless, it looks fine to me. > > Acked-by: Paul Moore <paul@paul-moore.com> Thanks, Paul! Regards, Alex > > > > Cc: "David S. Miller" <davem@davemloft.net> > > > Cc: Eric Dumazet <edumazet@google.com> > > > Cc: Jakub Kicinski <kuba@kernel.org> > > > Cc: Paolo Abeni <pabeni@redhat.com> > > > Cc: Leon Romanovsky <leon@kernel.org> > > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> > > > > > > v2: > > > - commit message was rewritten according to Eric's suggestion > > > --- > > > include/net/scm.h | 13 ++++++++++++- > > > 1 file changed, 12 insertions(+), 1 deletion(-) > > > > > > diff --git a/include/net/scm.h b/include/net/scm.h > > > index 1ce365f4c256..585adc1346bd 100644 > > > --- a/include/net/scm.h > > > +++ b/include/net/scm.h > > > @@ -105,16 +105,27 @@ static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct sc > > > } > > > } > > > } > > > + > > > +static inline bool scm_has_secdata(struct socket *sock) > > > +{ > > > + return test_bit(SOCK_PASSSEC, &sock->flags); > > > +} > > > #else > > > static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) > > > { } > > > + > > > +static inline bool scm_has_secdata(struct socket *sock) > > > +{ > > > + return false; > > > +} > > > #endif /* CONFIG_SECURITY_NETWORK */ > > > > > > static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, > > > struct scm_cookie *scm, int flags) > > > { > > > if (!msg->msg_control) { > > > - if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp) > > > + if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp || > > > + scm_has_secdata(sock)) > > > msg->msg_flags |= MSG_CTRUNC; > > > scm_destroy(scm); > > > return; > > > -- > > > 2.34.1 > > -- > paul-moore.com ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-14 11:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20230313113211.178010-1-aleksandr.mikhalitsyn@canonical.com>
[not found] ` <CAEivzxf630y_kjVLNM4m1vfQxnwyOBK+0wiCLW1T+8miPVC5Fg@mail.gmail.com>
2023-03-13 20:43 ` [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC Paul Moore
2023-03-14 11:06 ` Aleksandr Mikhalitsyn
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).