From: Sargun Dhillon <sargun@sargun.me>
To: Kees Cook <keescook@chromium.org>, linux-kernel@vger.kernel.org
Cc: Sargun Dhillon <sargun@sargun.me>,
Tycho Andersen <tycho@tycho.ws>,
Matt Denton <mpdenton@google.com>, Jann Horn <jannh@google.com>,
Chris Palmer <palmer@google.com>,
Aleksa Sarai <cyphar@cyphar.com>,
Robert Sesek <rsesek@google.com>,
Christian Brauner <christian.brauner@ubuntu.com>,
containers@lists.linux-foundation.org,
Giuseppe Scrivano <gscrivan@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Daniel Wagner <daniel.wagner@bmw-carit.de>,
"David S . Miller" <davem@davemloft.net>,
John Fastabend <john.r.fastabend@intel.com>,
Tejun Heo <tj@kernel.org>,
stable@vger.kernel.org, cgroups@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: [PATCH v3 2/4] pid: Use file_receive helper to copy FDs
Date: Tue, 2 Jun 2020 18:10:42 -0700 [thread overview]
Message-ID: <20200603011044.7972-3-sargun@sargun.me> (raw)
In-Reply-To: <20200603011044.7972-1-sargun@sargun.me>
The code to copy file descriptors was duplicated in pidfd_getfd.
Rather than continue to duplicate it, this hoists the code out of
kernel/pid.c and uses the newly added file_receive helper.
Earlier, when this was implemented there was some back-and-forth
about how the semantics should work around copying around file
descriptors [1], and it was decided that the default behaviour
should be to not modify cgroup data. As a matter of least surprise,
this approach follows the default semantics as presented by SCM_RIGHTS.
In the future, a flag can be added to avoid manipulating the cgroup
data on copy.
[1]: https://lore.kernel.org/lkml/20200107175927.4558-1-sargun@sargun.me/
Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Suggested-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Daniel Wagner <daniel.wagner@bmw-carit.de>
Cc: David S. Miller <davem@davemloft.net>
Cc: Jann Horn <jannh@google.com>
Cc: John Fastabend <john.r.fastabend@intel.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Tycho Andersen <tycho@tycho.ws>
Cc: stable@vger.kernel.org
Cc: cgroups@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
---
kernel/pid.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/kernel/pid.c b/kernel/pid.c
index c835b844aca7..1642cf940aa1 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -606,7 +606,7 @@ static int pidfd_getfd(struct pid *pid, int fd)
{
struct task_struct *task;
struct file *file;
- int ret;
+ int ret, err;
task = get_pid_task(pid, PIDTYPE_PID);
if (!task)
@@ -617,18 +617,16 @@ static int pidfd_getfd(struct pid *pid, int fd)
if (IS_ERR(file))
return PTR_ERR(file);
- ret = security_file_receive(file);
- if (ret) {
- fput(file);
- return ret;
- }
-
ret = get_unused_fd_flags(O_CLOEXEC);
- if (ret < 0)
- fput(file);
- else
- fd_install(ret, file);
+ if (ret >= 0) {
+ err = file_receive(ret, file);
+ if (err) {
+ put_unused_fd(ret);
+ ret = err;
+ }
+ }
+ fput(file);
return ret;
}
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Sargun Dhillon <sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>
To: Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: Sargun Dhillon <sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>,
Tycho Andersen <tycho-E0fblnxP3wo@public.gmane.org>,
Matt Denton <mpdenton-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Jann Horn <jannh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Chris Palmer <palmer-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Aleksa Sarai <cyphar-gVpy/LI/lHzQT0dZR+AlfA@public.gmane.org>,
Robert Sesek <rsesek-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Christian Brauner
<christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
Giuseppe Scrivano
<gscrivan-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
Daniel Wagner
<daniel.wagner-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org>,
"David S . Miller"
<davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
John Fastabend
<john.r.fastabend-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [PATCH v3 2/4] pid: Use file_receive helper to copy FDs
Date: Tue, 2 Jun 2020 18:10:42 -0700 [thread overview]
Message-ID: <20200603011044.7972-3-sargun@sargun.me> (raw)
In-Reply-To: <20200603011044.7972-1-sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>
The code to copy file descriptors was duplicated in pidfd_getfd.
Rather than continue to duplicate it, this hoists the code out of
kernel/pid.c and uses the newly added file_receive helper.
Earlier, when this was implemented there was some back-and-forth
about how the semantics should work around copying around file
descriptors [1], and it was decided that the default behaviour
should be to not modify cgroup data. As a matter of least surprise,
this approach follows the default semantics as presented by SCM_RIGHTS.
In the future, a flag can be added to avoid manipulating the cgroup
data on copy.
[1]: https://lore.kernel.org/lkml/20200107175927.4558-1-sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org/
Signed-off-by: Sargun Dhillon <sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>
Suggested-by: Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
Cc: Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
Cc: Christian Brauner <christian.brauner-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>
Cc: Daniel Wagner <daniel.wagner-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org>
Cc: David S. Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
Cc: Jann Horn <jannh-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
Cc: John Fastabend <john.r.fastabend-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
Cc: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Cc: Tycho Andersen <tycho-E0fblnxP3wo@public.gmane.org>
Cc: stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
---
kernel/pid.c | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/kernel/pid.c b/kernel/pid.c
index c835b844aca7..1642cf940aa1 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -606,7 +606,7 @@ static int pidfd_getfd(struct pid *pid, int fd)
{
struct task_struct *task;
struct file *file;
- int ret;
+ int ret, err;
task = get_pid_task(pid, PIDTYPE_PID);
if (!task)
@@ -617,18 +617,16 @@ static int pidfd_getfd(struct pid *pid, int fd)
if (IS_ERR(file))
return PTR_ERR(file);
- ret = security_file_receive(file);
- if (ret) {
- fput(file);
- return ret;
- }
-
ret = get_unused_fd_flags(O_CLOEXEC);
- if (ret < 0)
- fput(file);
- else
- fd_install(ret, file);
+ if (ret >= 0) {
+ err = file_receive(ret, file);
+ if (err) {
+ put_unused_fd(ret);
+ ret = err;
+ }
+ }
+ fput(file);
return ret;
}
--
2.25.1
next prev parent reply other threads:[~2020-06-03 1:13 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-03 1:10 [PATCH v3 0/4] Add seccomp notifier ioctl that enables adding fds Sargun Dhillon
2020-06-03 1:10 ` [PATCH v3 1/4] fs, net: Standardize on file_receive helper to move fds across processes Sargun Dhillon
2020-06-03 1:10 ` Sargun Dhillon
2020-06-04 1:24 ` Christian Brauner
2020-06-04 1:24 ` Christian Brauner
2020-06-04 2:22 ` Kees Cook
2020-06-04 5:20 ` Sargun Dhillon
2020-06-04 12:52 ` Christian Brauner
2020-06-04 13:28 ` David Laight
2020-06-04 13:28 ` David Laight
2020-06-05 7:54 ` Sargun Dhillon
2020-06-09 19:43 ` Kees Cook
2020-06-09 20:03 ` Christian Brauner
2020-06-09 20:03 ` Christian Brauner
2020-06-09 20:55 ` Kees Cook
2020-06-09 21:27 ` Christian Brauner
2020-06-10 5:27 ` Kees Cook
2020-06-10 5:27 ` Kees Cook
2020-06-10 8:12 ` Sargun Dhillon
2020-06-10 8:48 ` David Laight
2020-06-10 8:48 ` David Laight
2020-06-11 3:02 ` Kees Cook
2020-06-11 3:02 ` Kees Cook
2020-06-11 7:51 ` David Laight
2020-06-11 7:51 ` David Laight
2020-06-10 17:10 ` Kees Cook
2020-06-10 17:10 ` Kees Cook
2020-06-11 2:59 ` Kees Cook
2020-06-11 2:59 ` Kees Cook
2020-06-11 4:41 ` Sargun Dhillon
2020-06-11 4:41 ` Sargun Dhillon
2020-06-11 9:19 ` Christian Brauner
2020-06-11 10:39 ` Sargun Dhillon
2020-06-11 23:23 ` Kees Cook
2020-06-11 10:01 ` Christian Brauner
2020-06-11 10:01 ` Christian Brauner
2020-06-11 11:06 ` Sargun Dhillon
2020-06-11 14:42 ` Christian Brauner
2020-06-11 14:42 ` Christian Brauner
2020-06-11 14:56 ` David Laight
2020-06-11 23:49 ` Kees Cook
2020-06-11 23:49 ` Kees Cook
2020-06-12 6:58 ` Kees Cook
2020-06-12 6:58 ` Kees Cook
2020-06-12 8:36 ` David Laight
2020-06-12 8:36 ` David Laight
2020-06-12 10:46 ` Sargun Dhillon
2020-06-12 10:46 ` Sargun Dhillon
2020-06-12 15:13 ` Kees Cook
2020-06-12 15:13 ` Kees Cook
2020-06-12 15:55 ` David Laight
2020-06-12 18:28 ` Christian Brauner
2020-06-12 18:38 ` Kees Cook
2020-06-12 18:42 ` Christian Brauner
2020-06-15 8:27 ` David Laight
2020-06-10 9:30 ` Christian Brauner
2020-06-10 9:30 ` Christian Brauner
2020-06-04 3:39 ` Sargun Dhillon
2020-06-03 1:10 ` Sargun Dhillon [this message]
2020-06-03 1:10 ` [PATCH v3 2/4] pid: Use file_receive helper to copy FDs Sargun Dhillon
2020-06-03 1:10 ` [PATCH v3 3/4] seccomp: Introduce addfd ioctl to seccomp user notifier Sargun Dhillon
2020-06-03 1:10 ` [PATCH v3 4/4] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD Sargun Dhillon
2020-06-03 21:25 ` [PATCH v3 0/4] Add seccomp notifier ioctl that enables adding fds Robert Sesek
2020-06-03 23:42 ` Kees Cook
2020-06-03 23:56 ` Sargun Dhillon
2020-06-04 2:44 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200603011044.7972-3-sargun@sargun.me \
--to=sargun@sargun.me \
--cc=cgroups@vger.kernel.org \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux-foundation.org \
--cc=cyphar@cyphar.com \
--cc=daniel.wagner@bmw-carit.de \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=gscrivan@redhat.com \
--cc=jannh@google.com \
--cc=john.r.fastabend@intel.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpdenton@google.com \
--cc=palmer@google.com \
--cc=rsesek@google.com \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
--cc=tycho@tycho.ws \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.