Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp735832imm; Thu, 6 Sep 2018 09:18:46 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbDYHmp1GOonh+gOy6vofva8VfEl1ss9Q+iWHOSyjMSql7ZSnuOYCKNBy22syQV3RTpFLyL X-Received: by 2002:a63:e60c:: with SMTP id g12-v6mr3641276pgh.308.1536250726136; Thu, 06 Sep 2018 09:18:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536250726; cv=none; d=google.com; s=arc-20160816; b=l+cSNu3Y28RO1eBKSAysac3QYHoF/9CJdPpZOEx2TnEKdrpc2d4oEce9pX4G+g3jnS X0FXfYZj8QRHNBL9r/pT+6caTaL3rH58QdguTfQ0pTTqcgSe4ujVb4mNvboyEfpBmqEG 4k0fhl44/8xQCi6IxoEZ8b++tyuwk1gDIJlhx2WbIA51Q8dDy/cNSKnyec3NdXX/JX7y Fp8/DnxmlU+f2VH4KLWz/YwCN66FUgwjP6aDh94kszGJX7Hm6zFlMoa0PDAtym59HvHI ssP1N7qSmAlp3/UimWrXfshuTSzkJVkIZJEolg/6S6ZHd6kqmjLNRQUQPJoTpGEEx2fZ w5Pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=ciCVaYPRc2WngadWfkFmnVvwn24qXRIYuOCGVqQLGo0=; b=Y660gpC4YPp2ZB5m0jHDywveijct5X/N6INhNuJE9m19ynFoGXk97mQKWTbb6cWKt5 seDP6F31ujynaBUhNjpSPTdDkdjc1cDpuz0iuIbzELL6h54mUzfsRnDCXP4PqCm2WjcY dHOzMcLl7VXeaGUhPaXzySQW0y3tq68QMQqiDfm4mQlp20KOpRDVZxOajiuaDvKpsG3q /0rqnrgAJebsZzemp1+dkQaSD48XMV+tzkCk2UoHjrrH90sBM6gd1OmDt6PzTTDxONT2 mgvLAb9YFQBeIfPeLBeEDr0fpiv5LincI2ldLHB+Q8wX3Ql6sSqWvvlUMJKS0yJzx0Ct quuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=EsjMIAIF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o1-v6si5676187pfe.259.2018.09.06.09.18.29; Thu, 06 Sep 2018 09:18:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=EsjMIAIF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727861AbeIFUv7 (ORCPT + 99 others); Thu, 6 Sep 2018 16:51:59 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:41969 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727750AbeIFUv7 (ORCPT ); Thu, 6 Sep 2018 16:51:59 -0400 Received: by mail-oi0-f66.google.com with SMTP id k12-v6so21573152oiw.8 for ; Thu, 06 Sep 2018 09:15:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ciCVaYPRc2WngadWfkFmnVvwn24qXRIYuOCGVqQLGo0=; b=EsjMIAIFbmbKK3sNicie/oicXb0JlTnHQK+Ne9OEoDloVdBzSNLyAqRcoGgHRCO1MM x9UVWjDpmD2AWCBuaW8hyuzPS35X5+94gArJPgc6O7rbC1OSNDDPecHltrLViV4bdA6l 04l99vQQ0q2ui2KFCd5vZ1QC4781xX1RSw0EZwz0aveJnifgzEpVwPei/Vz4gOd9VItl esnVZA3y6o/u2nfVYza7wC6uLonaGsBxXCx4hsbCjAzFqWapXMLZaMNn1kgfHNC+ooo7 6QGT4huLj9KeuNdlzpyBsppAyMlcPrk3LT+gKb8e+gJ2okRyOEeHUHI8opy0DlUUic3+ h1vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ciCVaYPRc2WngadWfkFmnVvwn24qXRIYuOCGVqQLGo0=; b=Xbq+BueaJHm6y5VTLQ/4OLEwX6pyAGrayyM3Fi8MAzqfYjT574EqMbalseXIfoBFQs pfBeM6jqzHYAvb+z55o3kkdsKcQfp8nxFauxnUb2SjqYg8PlS/y5na3hEuohTzvcBqu5 /PZ4abaRvmc/hUx4nau+FbnSrV3dJhYpwYuZkngzCQRpc53E6wh6Np1yO4E5Okhzs7Jx f2/dECx54PwoHQ4cSc9pa6TVAxQlWppBOLF7rXPZt8fGsDIm0vKR20kGDBmRtVFO/XuY NIOyrlutcOsfb+DrT0JNDasrSmR7Cd+G2NILCYaC5XwtCiy4pH8Wq4N4J0V0SrPaOpvs JpYw== X-Gm-Message-State: APzg51BWg7RSYIOXL5Ho0N8QtMJzwV8G8/6XwEw2A/rRRpg3SGHuy+QX IwLi/JxrX2td4XUZwGJoPLR18uRtn4cNJ+9AhpwmnZSM X-Received: by 2002:aca:b40a:: with SMTP id d10-v6mr3803968oif.190.1536250545053; Thu, 06 Sep 2018 09:15:45 -0700 (PDT) MIME-Version: 1.0 References: <20180906152859.7810-1-tycho@tycho.ws> <20180906152859.7810-5-tycho@tycho.ws> In-Reply-To: <20180906152859.7810-5-tycho@tycho.ws> From: Jann Horn Date: Thu, 6 Sep 2018 18:15:18 +0200 Message-ID: Subject: Re: [PATCH v6 4/5] seccomp: add support for passing fds via USER_NOTIF To: Tycho Andersen Cc: Kees Cook , kernel list , containers@lists.linux-foundation.org, Linux API , Andy Lutomirski , Oleg Nesterov , "Eric W. Biederman" , "Serge E. Hallyn" , Christian Brauner , Tyler Hicks , suda.akihiro@lab.ntt.co.jp Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 6, 2018 at 5:29 PM Tycho Andersen wrote: > The idea here is that the userspace handler should be able to pass an fd > back to the trapped task, for example so it can be returned from socket(). [...] > diff --git a/Documentation/userspace-api/seccomp_filter.rst b/Documentation/userspace-api/seccomp_filter.rst > index d1498885c1c7..1c0aab306426 100644 > --- a/Documentation/userspace-api/seccomp_filter.rst > +++ b/Documentation/userspace-api/seccomp_filter.rst > @@ -235,6 +235,9 @@ The interface for a seccomp notification fd consists of two structures: > __u64 id; > __s32 error; > __s64 val; > + __u8 return_fd; > + __u32 fd; > + __u32 fd_flags; Normally, syscalls that take an optional file descriptor accept a signed 32-bit number, with -1 standing for "no file descriptor". Is there a reason why this uses a separate variable to signal whether an fd was provided? Apart from that, this patch looks good to me.