Received: by 10.223.176.5 with SMTP id f5csp1786233wra;
        Sun, 4 Feb 2018 12:04:25 -0800 (PST)
X-Google-Smtp-Source: AH8x225OhOJZM3Z3pSC0NhGBl3f9jqN3vxBkZZC2x5SLjvgNyyU8Ej7Yc90q7+SgUwrPr19BkoIG
X-Received: by 10.99.123.9 with SMTP id w9mr1887711pgc.228.1517774665694;
        Sun, 04 Feb 2018 12:04:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517774665; cv=none;
        d=google.com; s=arc-20160816;
        b=zXwsUdGrM1jtTMyAxW+14bX++G0T0iyMR1KGP+wWEjSSH6vSCdAoidAH/sldjoHTFH
         qpZOIjM5JJGMs7ekgD98zi8lXw4ZAsth3KURZkMrwcIjiaKGtU+TvmD5WCIqTj/U5UNP
         o4ZA5cP+YpNwyr9L2g+o3LpzS/yKxy/PzVuvGQNKsvOnMWid1VUnlsj51qob2NSWnAF5
         zBf6leCwqy/1XlCQ3kCIN+LXMjaFMK0z8DiAoDSpFbq/Q/GyfBi3BwYf3rwgEG9wEbyv
         xrBVqfzZ2Jxviy7EP6yO7dx5YpLlfCeDqkjhiPfAodhuDT365FHOGMHqyx/j8anpylBH
         8WLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=9d7+UFOmRTuxqfONwBnd9wN8YM/heCI63tTPMD9UdiI=;
        b=FdAsef61x0uHCSJoFF0rPXBNGcNIr5RxvJHg55iK03Y2FPtb9SnITum4Zuf+HGG2fa
         4YjHeDVsmMN9pxhmqOBsVyDThz3eCiQ/cCXrjhWF6f7ozL+3cPUcQ2XJl7RbHVESg2Jq
         pYmL08fQ3UuDEuhDZMBQ4GApdpnnRrnj7W3mbBmku5IIjZhDLh+X5rtgzfpJbYamwO4L
         LYe+NV/gh+5AM0KZ0hO7R5lYKBh0TyWKQpvrODDTO8w5rcx2/xPjL50JOo+eXXXmkn0b
         5A3ZtX7ofCv2vUhQ5eHa9Gq8f+fXz5GgO6mFcOnVRVV2Wv3qheXzF8udGZy6WgtqwFxV
         i4QQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=Y8qNws6F;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d5si3341338pfg.232.2018.02.04.12.04.01;
        Sun, 04 Feb 2018 12:04:25 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=Y8qNws6F;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752540AbeBDUBl (ORCPT <rfc822;chrisloverchio@gmail.com>
        + 99 others); Sun, 4 Feb 2018 15:01:41 -0500
Received: from mail-wm0-f66.google.com ([74.125.82.66]:37676 "EHLO
        mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751797AbeBDUBd (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 4 Feb 2018 15:01:33 -0500
Received: by mail-wm0-f66.google.com with SMTP id v71so21993114wmv.2
        for <linux-kernel@vger.kernel.org>; Sun, 04 Feb 2018 12:01:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tycho-ws.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=9d7+UFOmRTuxqfONwBnd9wN8YM/heCI63tTPMD9UdiI=;
        b=Y8qNws6FPKNzvIWhCKeQNiizgidxzstNHWMbu9ciUv4rs27ZHzFrHWEbFK3bP1F9L+
         QkcGp3t7Q6iygzdKX6hh3epmdeVn59rk9D75xQGburmyQqR/XPjllLLQAAi9uPFxXnlj
         QWnClXkDZfZCa7DfoEQ4IQKwbDLmN8iGbA/xAXdeK3uMyH//BR9udclsR7PpxNK24xi0
         wCIHL2tzboL5r6DaIIwOMjxJoAUsSqhrTnvToxvEVq8ACr9QKS6Wux1fM4ddfllpioQE
         yEdLGQRHbpUGfHntlc5xLNcuyAigkAMuwxDcZ32W6Yo4dt02ZJ4zkad0da9nh7g/AsSU
         MG7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=9d7+UFOmRTuxqfONwBnd9wN8YM/heCI63tTPMD9UdiI=;
        b=SNAgqLHuOPUE1eEodgUwinF4pRV5CXUB6A8/1iQb779zp5jOK2X2+aQQ7ABj2s7Jhx
         l08mGrGX9JW9Di3b8nXscVhO29RN+6u8H1EScZ4ekBGxZGN8bF1NTEJif9RoieppEokk
         fwFe+z/xLoohC5eJpvxEncPET9h1smBDnpCfcoIoumnirnN4tLX8G7y4uQ/DSXv9oCi6
         dFfrSGdWmlhNPWzPpaHNQmV/DOLIIfPMp0R6Z3Lesgzusd/D0jeJmDj7BOZxoK3g1ogY
         HHl0l76xbRuSBjFppdB6bUl/7sQdGbumvFYiVW/1gEzGkgCb/xc4zSV47ifYB+rcOJc0
         BVuQ==
X-Gm-Message-State: AKwxytcjA3PhLKJ2rbnKqZMJdCE21oLjm3DPNcZl8gzm8X1d9X5xg9X3
        JEDnqhIOAEshVa1ytDOkvX4cTWH3
X-Received: by 10.28.128.136 with SMTP id b130mr33211554wmd.68.1517774491831;
        Sun, 04 Feb 2018 12:01:31 -0800 (PST)
Received: from cisco ([212.76.253.162])
        by smtp.gmail.com with ESMTPSA id b133sm3166734wmh.4.2018.02.04.12.01.30
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Sun, 04 Feb 2018 12:01:30 -0800 (PST)
Date:   Sun, 4 Feb 2018 21:01:29 +0100
From:   Tycho Andersen <tycho@tycho.ws>
To:     Andy Lutomirski <luto@amacapital.net>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        Linux Containers <containers@lists.linux-foundation.org>,
        Kees Cook <keescook@chromium.org>,
        Oleg Nesterov <oleg@redhat.com>,
        "Eric W . Biederman" <ebiederm@xmission.com>,
        "Serge E . Hallyn" <serge@hallyn.com>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Tyler Hicks <tyhicks@canonical.com>,
        Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
Subject: Re: [RFC 1/3] seccomp: add a return code to trap to userspace
Message-ID: <20180204200129.2bgq5yfaimg6xdg5@cisco>
References: <20180204104946.25559-1-tycho@tycho.ws>
 <20180204104946.25559-2-tycho@tycho.ws>
 <CALCETrWgu5n+SMqrsZQ7MVYPtzs8otuc7hpA5uPH+JNtFrMBkQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALCETrWgu5n+SMqrsZQ7MVYPtzs8otuc7hpA5uPH+JNtFrMBkQ@mail.gmail.com>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Andy,

On Sun, Feb 04, 2018 at 05:36:33PM +0000, Andy Lutomirski wrote:
> > The actual implementation of this is fairly small, although getting the
> > synchronization right was/is slightly complex. Also worth noting that there
> > is one race still present:
> >
> >   1. a task does a SECCOMP_RET_USER_NOTIF
> >   2. the userspace handler reads this notification
> >   3. the task dies
> >   4. a new task with the same pid starts
> >   5. this new task does a SECCOMP_RET_USER_NOTIF, gets the same cookie id
> >      that the previous one did
> >   6. the userspace handler writes a response
> 
> I'm slightly confused.  I thought the id was never reused for a given
> struct seccomp_filter.  (Also, shouldn't the id be u64, not u32?)

Well, what happens when u32/64 overflows? Eventually it will wrap.

> On very quick reading, I have a question.  What happens if a process
> has two seccomp_filters attached, one of them returns
> SECCOMP_RET_USER_NOTIF, and the *other* one has a listener?

Good question, in seccomp_run_filters(), the first (lowest, last
applied) filter who returns SECCOMP_RET_USER_NOTIF is the one that
gets the notification and the other receives nothing.

I don't really have any reason to prefer this behavior, it's just what
happened without much thought.

Cheers,

Tycho