From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-23.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10BC8C11F69 for ; Fri, 2 Jul 2021 16:37:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EFB8361410 for ; Fri, 2 Jul 2021 16:37:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229917AbhGBQk1 (ORCPT ); Fri, 2 Jul 2021 12:40:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229455AbhGBQk0 (ORCPT ); Fri, 2 Jul 2021 12:40:26 -0400 Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38C4DC061762 for ; Fri, 2 Jul 2021 09:37:53 -0700 (PDT) Received: by mail-ej1-x62f.google.com with SMTP id b2so17083665ejg.8 for ; Fri, 02 Jul 2021 09:37:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kinvolk.io; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=AWY2RjKT+2r3oOmvFmiVbr8M8QoRSQ2qxYObjvNjLmQ=; b=U+hn6zNHXD+IESe1KrFQasFz7kosnf4i5y/6PFBQmfHlyo5Szovx60z28i/0+ggl0P umuN5Rt8TyW/5ilPETR7GTovfa5gv3B5JxdURNuVsSFp7NYyl4MeCx0Rfj9B5v/gXgMX eEl/V2Okc1baBWkL3L8amgCJWe6sqhlOPXulw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=AWY2RjKT+2r3oOmvFmiVbr8M8QoRSQ2qxYObjvNjLmQ=; b=IbX0GoXQWuLmP+nK7dwW2YFQVGR6rlVV7Rg4lwr+EsNImCAfRMTbPLcW67PfJlr0L6 GbyYBMfvUtDYIA4pFV/pd0mPeJoNFvHG5s6I97lGYDyIv3i2f9sxT0kFGRi/gRvhvwQr rhBmjkXrMPAm8tAJvAr4sLOgYIT6+4XVmn+utY3m4yZeuPXmfdohsYZNYHcFI4qqEfXa PdAbuUIgTGNkHB924+F5/nxPaDckzpJ/g29jGW8ZggKgWgr06iKEf2k3YVyhYGU6n7BL 9z19iYyzOjPK+LrHrtLhRF/kLVotdq4TGLA2R2dpgMsmeN9mwmK9UyQ/EAoJIiERFJb9 3QKQ== X-Gm-Message-State: AOAM531daGwTCYSgO2YSqawg2zEbExF7id7yQdHQ3tbAUm0OS5RFNSyn PlP5R8UFK10fg7O+29GMX5DNnA== X-Google-Smtp-Source: ABdhPJwR/GYYl0fu9wEzKJ0eiUPDI1kkw+wyvUlhtvQtLoDy9p07qEo7EIkd0+kGi0B68yIw0pvYhA== X-Received: by 2002:a17:906:bc83:: with SMTP id lv3mr583357ejb.133.1625243871841; Fri, 02 Jul 2021 09:37:51 -0700 (PDT) Received: from localhost.localdomain ([2a02:8109:9880:57f0:ba7c:cdd5:fff7:623c]) by smtp.gmail.com with ESMTPSA id g23sm1536450edp.74.2021.07.02.09.37.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jul 2021 09:37:51 -0700 (PDT) From: Rodrigo Campos To: linux-man@vger.kernel.org, Alejandro Colomar , Michael Kerrisk Cc: linux-kernel@vger.kernel.org, Alban Crequy , =?UTF-8?q?Mauricio=20V=C3=A1squez=20Bernal?= , Sargun Dhillon , Rodrigo Campos Subject: [PATCH] seccomp_unotify.2: Add doc for SECCOMP_ADDFD_FLAG_SEND Date: Fri, 2 Jul 2021 18:37:44 +0200 Message-Id: <20210702163744.265749-1-rodrigo@kinvolk.io> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This flag was recently added to Linux 5.14 by a patch I wrote: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ae71c7720e3ae3aabd2e8a072d27f7bd173d25c This patch adds documentation for the flag, the error code that the flag added and explains in the caveat when it is useful. Signed-off-by: Rodrigo Campos --- Hi! Here goes the documentation for the flag I just added. Please feel free to amend as you want and let me know if something is not clear :) man2/seccomp_unotify.2 | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/man2/seccomp_unotify.2 b/man2/seccomp_unotify.2 index 2673d9bc7..9bd27214f 100644 --- a/man2/seccomp_unotify.2 +++ b/man2/seccomp_unotify.2 @@ -739,6 +739,17 @@ When allocating the file descriptor in the target, use the file descriptor number specified in the .I newfd field. +.TP +.BR SECCOMP_ADDFD_FLAG_SEND +Available since Linux 5.14, combines the +.B SECCOMP_IOCTL_NOTIF_ADDFD +ioctl with +.B SECCOMP_IOCTL_NOTIF_SEND +into an atomic operation. On successful invocation, the target process's +errno will be 0 and the return value will be the file descriptor number that was +installed in the target. If allocating the file descriptor in the tatget fails, +the target's syscall continues to be blocked until a successful response is +sent. .RE .TP .I srcfd @@ -801,6 +812,13 @@ Allocating the file descriptor in the target would cause the target's limit to be exceeded (see .BR getrlimit (2)). .TP +.B EBUSY +If the flag +.B SECCOMP_IOCTL_NOTIF_SEND +is used, this means the operation can't proceed until other +.B SECCOMP_IOCTL_NOTIF_ADDFD +requests are processed. +.TP .B EINPROGRESS The user-space notification specified in the .I id @@ -1131,6 +1149,14 @@ that would normally be restarted by the .BR SA_RESTART flag. +.PP +Furthermore, if the supervisor response is a file descriptor +added with +.B SECCOMP_IOCTL_NOTIF_ADDFD, +then the flag +.B SECCOMP_ADDFD_FLAG_SEND +can be used to atomically add the file descriptor and return that value, +making sure no file descriptors are inadvertently leaked into the target. .\" FIXME .\" About the above, Kees Cook commented: .\" -- 2.30.2