Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp855565imm; Wed, 20 Jun 2018 07:43:07 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIwoSgp2bOopqfHA5BEPa7Y3MFGH9K2P87c9Sqhy322RTtlyRnYs6d8dieqMjdf2rdf39io X-Received: by 2002:a62:859c:: with SMTP id m28-v6mr23192859pfk.42.1529505787578; Wed, 20 Jun 2018 07:43:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529505787; cv=none; d=google.com; s=arc-20160816; b=PsOkORbg7P5hxbR1btmGoeneOQrm1njwKg+hkpzCKmXU6Q94Q/EgQDm609/+Ar1Hk6 baLWDvar9DyWbjRVI/hf0J/qICGRNWLAfZQaEDyCGvCrJ4rT2GOE1n9GfE6DdY1hY+7z iSOn8Qnl3Sggyt8aDH/16E8Mkbw4xeB1+FscQpxwjQG2O/lmY24DYLyf7kvMlsHeKYA1 OcSudneARKo+6gUpMT7kdbqzhxEucA5kcoKt5k9r15dhkwXWM+Zog6CbUBnr7AiPHnnk 6UWXHPPfZx0ruAhKd9/Iz5toTEm1Y9S8tgm/+sJs6bnr9p3vBTHxwAqTHz21OU4ragag oh9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=NrINNhEX7lfgDIo4r43XDgM9aBOI2783vBVqvCZn0wM=; b=u+DtX9o7WYd3mY1ZwjMrBsuWX5fxdCPCRMQ8vwSzJW+9U+MVoqlbe21sMJ9KHCvyeD oQotwg8qJy+qTwT9WeBYwb65qyq8ZXfANokcGkptVKaltH66cqie0U57dCeoG5rWaj/q WPNLfDCeYN0+nTB6Lo+i2ZOSw8Wq3Melpr8R0WXfXYIphcMyQf3GKJPZlas8kxSx11z7 liOfHL7nFeLHBTrls9fFsHGGwEFqXJr1NBiLVggfpTegyfHSUJdMarwfd+mQH0xj/hSP +9+yz63/Nc3xyHSPix9eGmgWL5iWOrGcYF5t0Sz0xuP+0Z39FXuEJsTYGuRKakzvWP+a DJmA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=VTuQ8pw5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e88-v6si2588574pfk.198.2018.06.20.07.42.53; Wed, 20 Jun 2018 07:43:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=VTuQ8pw5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754122AbeFTOl3 (ORCPT + 99 others); Wed, 20 Jun 2018 10:41:29 -0400 Received: from mail-io0-f194.google.com ([209.85.223.194]:44542 "EHLO mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752827AbeFTOl2 (ORCPT ); Wed, 20 Jun 2018 10:41:28 -0400 Received: by mail-io0-f194.google.com with SMTP id g7-v6so3661010ioh.11 for ; Wed, 20 Jun 2018 07:41:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho-ws.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=NrINNhEX7lfgDIo4r43XDgM9aBOI2783vBVqvCZn0wM=; b=VTuQ8pw5uawLoftDAp89uVTCmfPMokVCGt2woxS4P3i4engzVd4AimTvYyV3EwBZng rny/VjyH2Kr+l7iS5UnrtTxsOdV1h4EhlsHGmYtAN3aU/SZJ1e48+Pwhn7v8bGjEfbbM mesaFMI9DUvWLdSfWqLADz3vfrvN+84cw+npowbn+NUyhSFTMbOAJ5mK3pM58EK2pL9U loBJy+Vhzui9Q7zPXpzNUc3fWsmY7k4CfWa86wiabaxfVX85z6ArchKYNXvUZf8BDlAw pdx/jzVrJcg5ObolTxNU7Dtu0wMutEA3GIB0Y4iRFBzy+rFUQryiFgZ1ZasDgGAdOnU5 us2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=NrINNhEX7lfgDIo4r43XDgM9aBOI2783vBVqvCZn0wM=; b=nes05JrlJYkftxV0c+f/iK545aavxPh5gDJhwgU3t2u3eG1De+v9IgkgCtHHWseaJJ xPg/7bqtyNfeVfo7/0vsxCxNw7J+A1zvW/kQghw+M+dt0Z+/mDadE7PCQ5P9+6IHeo59 16h7gG4pSRb5tYH/G9e2lMxqc9enmwi4iMqkWiA62nWf7tovC8v/4XYXS7BxVvAUTp2A mkxO7lvOgJ5AZJzL0IotikZ6dSUMKW+YiOLD2LFNLsEUKpiFm1RTTQBBrq1pmPrPIAXn ysZtzQ+DUpik46jA2sYRya4JAHfnurtloeRCJnJrJFpLCzlpj0biVb/MkgQ+9lGst5OT Xh4w== X-Gm-Message-State: APt69E1hdG4ANbArbH2tV6Wg26CDlZ1SPYD0tA6GJfoL8fg1P9ZU4QQv RtM/Z28IlJUmliYpWaZgWXny8g== X-Received: by 2002:a6b:bec3:: with SMTP id o186-v6mr18596693iof.147.1529505687474; Wed, 20 Jun 2018 07:41:27 -0700 (PDT) Received: from smitten ([8.24.24.129]) by smtp.gmail.com with ESMTPSA id q2-v6sm946628ioh.40.2018.06.20.07.41.26 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 20 Jun 2018 07:41:26 -0700 (PDT) Date: Wed, 20 Jun 2018 08:41:25 -0600 From: Tycho Andersen To: "Eric W. Biederman" Cc: Matthew Helsley , Kees Cook , lkml , containers@lists.linux-foundation.org, Oleg Nesterov , Akihiro Suda , Tyler Hicks , Christian Brauner , Andy Lutomirski , "Tobin C . Harding" Subject: Re: [PATCH v3 1/4] seccomp: add a return code to trap to userspace Message-ID: <20180620144125.GH14770@smitten> References: <20180531144949.24995-1-tycho@tycho.ws> <20180531144949.24995-2-tycho@tycho.ws> <20180612231610.GA3837@cisco> <20180614210325.GA5673@cisco> <87in6lt4pc.fsf@xmission.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87in6lt4pc.fsf@xmission.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Eric, On Thu, Jun 14, 2018 at 04:53:51PM -0500, Eric W. Biederman wrote: > >> static void seccomp_do_user_notification(...) > >> { > >> ... > >> n.pid = get_task_pid(current, PIDTYPE_PID); > >> ... > >> remove_list: > >> list_del(&n.list); > >> put_pid(n.pid); > >> ... > >> } > >> ... > >> static ssize_t seccomp_notify_read(...) > >> { > >> ... > >> unotif.pid = pid_vnr(knotif->pid); > >> ... > >> } > >> > >> I like holding the pid reference because it's what we do elsewhere when pid > >> namespaces > >> are a concern and it more precisely specifies what the knotif content needs > >> to convey. > >> Otherwise I don't think it makes a difference. > > > > Great, thanks, I'll do this. I guess we need a put_pid() here too. > > A) We know that the task is stopped. Unless there is something > like SIGKILL that can make the task move you don't need to > take a reference to anything. Yes, agreed. (I think the task can't die, because even if it gets an interrupt, we hold the ->notify_lock here, so it'll block waiting for that to remove itself from the notification queue.) > B) pid_vnr is the wrong answer. When you create the struct file > and intialize the filter you need to capture the calling processes > pid namespace. The you can use "pid_nr_ns(knotif->pid, filter->pid_ns);". > That will work consistently even if the file descriptor is passed > between processes. We want the pid of the tracee in the tracer's namespace, so I'm not so sure. Doesn't your code above give us the pid in the namespace of the task that happened to create the struct file (which may be unrelated to the namespace of the tracer)? Tycho