linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Tycho Andersen <tycho@tycho.ws>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Matthew Helsley <matt.helsley@gmail.com>,
	Kees Cook <keescook@chromium.org>,
	lkml <linux-kernel@vger.kernel.org>,
	containers@lists.linux-foundation.org,
	Oleg Nesterov <oleg@redhat.com>,
	Akihiro Suda <suda.akihiro@lab.ntt.co.jp>,
	Tyler Hicks <tyhicks@canonical.com>,
	Christian Brauner <christian.brauner@ubuntu.com>,
	Andy Lutomirski <luto@amacapital.net>,
	"Tobin C . Harding" <me@tobin.cc>
Subject: Re: [PATCH v3 1/4] seccomp: add a return code to trap to userspace
Date: Wed, 20 Jun 2018 08:41:25 -0600	[thread overview]
Message-ID: <20180620144125.GH14770@smitten> (raw)
In-Reply-To: <87in6lt4pc.fsf@xmission.com>

Hi Eric,

On Thu, Jun 14, 2018 at 04:53:51PM -0500, Eric W. Biederman wrote:
> >> static void seccomp_do_user_notification(...)
> >> {
> >>     ...
> >>     n.pid = get_task_pid(current, PIDTYPE_PID);
> >>     ...
> >> remove_list:
> >>     list_del(&n.list);
> >>     put_pid(n.pid);
> >>     ...
> >> }
> >> ...
> >> static ssize_t seccomp_notify_read(...)
> >> {
> >>     ...
> >>     unotif.pid = pid_vnr(knotif->pid);
> >>     ...
> >> }
> >> 
> >> I like holding the pid reference because it's what we do elsewhere when pid
> >> namespaces
> >> are a concern and it more precisely specifies what the knotif content needs
> >> to convey.
> >> Otherwise I don't think it makes a difference.
> >
> > Great, thanks, I'll do this. I guess we need a put_pid() here too.
> 
> A)  We know that the task is stopped.  Unless there is something
>     like SIGKILL that can make the task move you don't need to
>     take a reference to anything.

Yes, agreed. (I think the task can't die, because even if it gets an
interrupt, we hold the ->notify_lock here, so it'll block waiting for
that to remove itself from the notification queue.)

> B)  pid_vnr is the wrong answer.  When you create the struct file
>     and intialize the filter you need to capture the calling processes
>     pid namespace.  The you can use "pid_nr_ns(knotif->pid, filter->pid_ns);".
>     That will work consistently even if the file descriptor is passed
>     between processes.

We want the pid of the tracee in the tracer's namespace, so I'm not so
sure. Doesn't your code above give us the pid in the namespace of the
task that happened to create the struct file (which may be unrelated
to the namespace of the tracer)?

Tycho

  reply	other threads:[~2018-06-20 14:41 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-31 14:49 [PATCH v3 0/4] seccomp trap to userspace Tycho Andersen
2018-05-31 14:49 ` [PATCH v3 1/4] seccomp: add a return code to " Tycho Andersen
2018-06-03 18:41   ` Jann Horn
2018-06-04  0:18     ` Tycho Andersen
2018-06-13 15:32       ` Jann Horn
2018-06-13 15:43         ` Jann Horn
     [not found]   ` <CA+RrjuW98m2coL+TOKq5cL0QhAb=HYxo2DpNoqMzdiwjqhc2BA@mail.gmail.com>
2018-06-12 23:16     ` Tycho Andersen
     [not found]       ` <CA+RrjuUtYoXfbH3cTbSY=QzXcxJsJOa0BL628ADy9N3bTO4=Mw@mail.gmail.com>
2018-06-14 21:03         ` Tycho Andersen
2018-06-14 21:53           ` Eric W. Biederman
2018-06-20 14:41             ` Tycho Andersen [this message]
2018-06-20  5:05   ` Tobin C . Harding
2018-06-20  5:53   ` Tobin C . Harding
     [not found]   ` <CA+RrjuUhFW+XU7RkZOM+f8cyDGOBjJrQHK3GruZmmCETb8ugfA@mail.gmail.com>
2018-06-20 14:55     ` Tycho Andersen
2018-05-31 14:49 ` [PATCH v3 2/4] seccomp: make get_nth_filter available outside of CHECKPOINT_RESTORE Tycho Andersen
2018-05-31 14:49 ` [PATCH v3 3/4] seccomp: add a way to get a listener fd from ptrace Tycho Andersen
2018-05-31 14:49 ` [PATCH v3 4/4] seccomp: add support for passing fds via USER_NOTIF Tycho Andersen
2018-06-02 13:13   ` Jann Horn
2018-06-02 18:18     ` Tycho Andersen
2018-06-02 19:14   ` Alban Crequy
2018-06-04  0:14     ` Tycho Andersen
2018-06-08 16:29 ` [PATCH v3 0/4] seccomp trap to userspace Kees Cook
2018-06-08 21:04   ` Tycho Andersen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180620144125.GH14770@smitten \
    --to=tycho@tycho.ws \
    --cc=christian.brauner@ubuntu.com \
    --cc=containers@lists.linux-foundation.org \
    --cc=ebiederm@xmission.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=matt.helsley@gmail.com \
    --cc=me@tobin.cc \
    --cc=oleg@redhat.com \
    --cc=suda.akihiro@lab.ntt.co.jp \
    --cc=tyhicks@canonical.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).