From: Sargun Dhillon <sargun@sargun.me> To: Kees Cook <keescook@chromium.org>, linux-kernel@vger.kernel.org Cc: Sargun Dhillon <sargun@sargun.me>, Tycho Andersen <tycho@tycho.ws>, Matt Denton <mpdenton@google.com>, Jann Horn <jannh@google.com>, Chris Palmer <palmer@google.com>, Aleksa Sarai <cyphar@cyphar.com>, Robert Sesek <rsesek@google.com>, Christian Brauner <christian.brauner@ubuntu.com>, containers@lists.linux-foundation.org, Giuseppe Scrivano <gscrivan@redhat.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Al Viro <viro@zeniv.linux.org.uk>, Daniel Wagner <daniel.wagner@bmw-carit.de>, "David S . Miller" <davem@davemloft.net>, John Fastabend <john.r.fastabend@intel.com>, Tejun Heo <tj@kernel.org>, stable@vger.kernel.org, cgroups@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH v3 2/4] pid: Use file_receive helper to copy FDs Date: Tue, 2 Jun 2020 18:10:42 -0700 [thread overview] Message-ID: <20200603011044.7972-3-sargun@sargun.me> (raw) In-Reply-To: <20200603011044.7972-1-sargun@sargun.me> The code to copy file descriptors was duplicated in pidfd_getfd. Rather than continue to duplicate it, this hoists the code out of kernel/pid.c and uses the newly added file_receive helper. Earlier, when this was implemented there was some back-and-forth about how the semantics should work around copying around file descriptors [1], and it was decided that the default behaviour should be to not modify cgroup data. As a matter of least surprise, this approach follows the default semantics as presented by SCM_RIGHTS. In the future, a flag can be added to avoid manipulating the cgroup data on copy. [1]: https://lore.kernel.org/lkml/20200107175927.4558-1-sargun@sargun.me/ Signed-off-by: Sargun Dhillon <sargun@sargun.me> Suggested-by: Kees Cook <keescook@chromium.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <christian.brauner@ubuntu.com> Cc: Daniel Wagner <daniel.wagner@bmw-carit.de> Cc: David S. Miller <davem@davemloft.net> Cc: Jann Horn <jannh@google.com> Cc: John Fastabend <john.r.fastabend@intel.com> Cc: Tejun Heo <tj@kernel.org> Cc: Tycho Andersen <tycho@tycho.ws> Cc: stable@vger.kernel.org Cc: cgroups@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org --- kernel/pid.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/kernel/pid.c b/kernel/pid.c index c835b844aca7..1642cf940aa1 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -606,7 +606,7 @@ static int pidfd_getfd(struct pid *pid, int fd) { struct task_struct *task; struct file *file; - int ret; + int ret, err; task = get_pid_task(pid, PIDTYPE_PID); if (!task) @@ -617,18 +617,16 @@ static int pidfd_getfd(struct pid *pid, int fd) if (IS_ERR(file)) return PTR_ERR(file); - ret = security_file_receive(file); - if (ret) { - fput(file); - return ret; - } - ret = get_unused_fd_flags(O_CLOEXEC); - if (ret < 0) - fput(file); - else - fd_install(ret, file); + if (ret >= 0) { + err = file_receive(ret, file); + if (err) { + put_unused_fd(ret); + ret = err; + } + } + fput(file); return ret; } -- 2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Sargun Dhillon <sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org> To: Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Cc: Sargun Dhillon <sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>, Tycho Andersen <tycho-E0fblnxP3wo@public.gmane.org>, Matt Denton <mpdenton-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, Jann Horn <jannh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, Chris Palmer <palmer-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, Aleksa Sarai <cyphar-gVpy/LI/lHzQT0dZR+AlfA@public.gmane.org>, Robert Sesek <rsesek-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, Christian Brauner <christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, Giuseppe Scrivano <gscrivan-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, Greg Kroah-Hartman <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>, Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>, Daniel Wagner <daniel.wagner-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org>, "David S . Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>, John Fastabend <john.r.fastabend-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>, Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>, stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Subject: [PATCH v3 2/4] pid: Use file_receive helper to copy FDs Date: Tue, 2 Jun 2020 18:10:42 -0700 [thread overview] Message-ID: <20200603011044.7972-3-sargun@sargun.me> (raw) In-Reply-To: <20200603011044.7972-1-sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org> The code to copy file descriptors was duplicated in pidfd_getfd. Rather than continue to duplicate it, this hoists the code out of kernel/pid.c and uses the newly added file_receive helper. Earlier, when this was implemented there was some back-and-forth about how the semantics should work around copying around file descriptors [1], and it was decided that the default behaviour should be to not modify cgroup data. As a matter of least surprise, this approach follows the default semantics as presented by SCM_RIGHTS. In the future, a flag can be added to avoid manipulating the cgroup data on copy. [1]: https://lore.kernel.org/lkml/20200107175927.4558-1-sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org/ Signed-off-by: Sargun Dhillon <sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org> Suggested-by: Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org> Cc: Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org> Cc: Christian Brauner <christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org> Cc: Daniel Wagner <daniel.wagner-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org> Cc: David S. Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org> Cc: Jann Horn <jannh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> Cc: John Fastabend <john.r.fastabend-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> Cc: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> Cc: Tycho Andersen <tycho-E0fblnxP3wo@public.gmane.org> Cc: stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Cc: cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org --- kernel/pid.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/kernel/pid.c b/kernel/pid.c index c835b844aca7..1642cf940aa1 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -606,7 +606,7 @@ static int pidfd_getfd(struct pid *pid, int fd) { struct task_struct *task; struct file *file; - int ret; + int ret, err; task = get_pid_task(pid, PIDTYPE_PID); if (!task) @@ -617,18 +617,16 @@ static int pidfd_getfd(struct pid *pid, int fd) if (IS_ERR(file)) return PTR_ERR(file); - ret = security_file_receive(file); - if (ret) { - fput(file); - return ret; - } - ret = get_unused_fd_flags(O_CLOEXEC); - if (ret < 0) - fput(file); - else - fd_install(ret, file); + if (ret >= 0) { + err = file_receive(ret, file); + if (err) { + put_unused_fd(ret); + ret = err; + } + } + fput(file); return ret; } -- 2.25.1
next prev parent reply other threads:[~2020-06-03 1:13 UTC|newest] Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-06-03 1:10 [PATCH v3 0/4] Add seccomp notifier ioctl that enables adding fds Sargun Dhillon 2020-06-03 1:10 ` [PATCH v3 1/4] fs, net: Standardize on file_receive helper to move fds across processes Sargun Dhillon 2020-06-03 1:10 ` Sargun Dhillon 2020-06-04 1:24 ` Christian Brauner 2020-06-04 1:24 ` Christian Brauner 2020-06-04 2:22 ` Kees Cook 2020-06-04 5:20 ` Sargun Dhillon 2020-06-04 12:52 ` Christian Brauner 2020-06-04 13:28 ` David Laight 2020-06-04 13:28 ` David Laight 2020-06-05 7:54 ` Sargun Dhillon 2020-06-09 19:43 ` Kees Cook 2020-06-09 20:03 ` Christian Brauner 2020-06-09 20:03 ` Christian Brauner 2020-06-09 20:55 ` Kees Cook 2020-06-09 21:27 ` Christian Brauner 2020-06-10 5:27 ` Kees Cook 2020-06-10 5:27 ` Kees Cook 2020-06-10 8:12 ` Sargun Dhillon 2020-06-10 8:48 ` David Laight 2020-06-10 8:48 ` David Laight 2020-06-11 3:02 ` Kees Cook 2020-06-11 3:02 ` Kees Cook 2020-06-11 7:51 ` David Laight 2020-06-11 7:51 ` David Laight 2020-06-10 17:10 ` Kees Cook 2020-06-10 17:10 ` Kees Cook 2020-06-11 2:59 ` Kees Cook 2020-06-11 2:59 ` Kees Cook 2020-06-11 4:41 ` Sargun Dhillon 2020-06-11 4:41 ` Sargun Dhillon 2020-06-11 9:19 ` Christian Brauner 2020-06-11 10:39 ` Sargun Dhillon 2020-06-11 23:23 ` Kees Cook 2020-06-11 10:01 ` Christian Brauner 2020-06-11 10:01 ` Christian Brauner 2020-06-11 11:06 ` Sargun Dhillon 2020-06-11 14:42 ` Christian Brauner 2020-06-11 14:42 ` Christian Brauner 2020-06-11 14:56 ` David Laight 2020-06-11 23:49 ` Kees Cook 2020-06-11 23:49 ` Kees Cook 2020-06-12 6:58 ` Kees Cook 2020-06-12 6:58 ` Kees Cook 2020-06-12 8:36 ` David Laight 2020-06-12 8:36 ` David Laight 2020-06-12 10:46 ` Sargun Dhillon 2020-06-12 10:46 ` Sargun Dhillon 2020-06-12 15:13 ` Kees Cook 2020-06-12 15:13 ` Kees Cook 2020-06-12 15:55 ` David Laight 2020-06-12 18:28 ` Christian Brauner 2020-06-12 18:38 ` Kees Cook 2020-06-12 18:42 ` Christian Brauner 2020-06-15 8:27 ` David Laight 2020-06-10 9:30 ` Christian Brauner 2020-06-10 9:30 ` Christian Brauner 2020-06-04 3:39 ` Sargun Dhillon 2020-06-03 1:10 ` Sargun Dhillon [this message] 2020-06-03 1:10 ` [PATCH v3 2/4] pid: Use file_receive helper to copy FDs Sargun Dhillon 2020-06-03 1:10 ` [PATCH v3 3/4] seccomp: Introduce addfd ioctl to seccomp user notifier Sargun Dhillon 2020-06-03 1:10 ` [PATCH v3 4/4] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD Sargun Dhillon 2020-06-03 21:25 ` [PATCH v3 0/4] Add seccomp notifier ioctl that enables adding fds Robert Sesek 2020-06-03 23:42 ` Kees Cook 2020-06-03 23:56 ` Sargun Dhillon 2020-06-04 2:44 ` Kees Cook
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200603011044.7972-3-sargun@sargun.me \ --to=sargun@sargun.me \ --cc=cgroups@vger.kernel.org \ --cc=christian.brauner@ubuntu.com \ --cc=containers@lists.linux-foundation.org \ --cc=cyphar@cyphar.com \ --cc=daniel.wagner@bmw-carit.de \ --cc=davem@davemloft.net \ --cc=gregkh@linuxfoundation.org \ --cc=gscrivan@redhat.com \ --cc=jannh@google.com \ --cc=john.r.fastabend@intel.com \ --cc=keescook@chromium.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=mpdenton@google.com \ --cc=palmer@google.com \ --cc=rsesek@google.com \ --cc=stable@vger.kernel.org \ --cc=tj@kernel.org \ --cc=tycho@tycho.ws \ --cc=viro@zeniv.linux.org.uk \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.