Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp4799075imd; Tue, 30 Oct 2018 07:36:11 -0700 (PDT) X-Google-Smtp-Source: AJdET5dfoRutWnWJb7H0SwCYnpZeW7wM94VEQCebSfEVzw7vnr/J422FMLb75ZAPuAtDZIkAS3kZ X-Received: by 2002:a17:902:7041:: with SMTP id h1-v6mr19520110plt.306.1540910171040; Tue, 30 Oct 2018 07:36:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540910170; cv=none; d=google.com; s=arc-20160816; b=kKSrnNcv7Kbq3IGtjt3JrvNCMdaylO0jDr/i/ZJOOR6+IrXzH6Ogxw9GS2uUkkph08 yxZ1Awpw7WQ3hdyX5/hd4KUreGh6/Vz2jgzOQL5FmG/ilGz1He2YVrYtgl8uukpErtQp LC91rRZgMbdizxqv9XqCljdutdsdHjsFSrnfsQpLG9g+Gqy1ZiK51Nx8uhsQQkSiVa+I UYKhAOwhD8ExsatwFRsYtI5l29FOoQTETgTmvXCluqWeF54b2L9XLrguVvisKLxHuSVF 8mgJiH6CPGQNsK//5PrbqbzN5Fc9mcfUmMV27PQB7ukriMm3BwhYbjQMHEMPPkDAFOS9 XBvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=MB1CAQywxsVihMTb33RBs6SGLZOChZMxl3tVQOVQWyQ=; b=ZcUqShn8QqT4cpSoEriygW2TrLv4C26z/7Y11sh3fYQNZvbT04yYuxg1pFlBxen6KT zZIxmRdc/1YCMmksfKzV3FIcXGGyT2rzxtKXyqJzafxw28ZBjvgP7zxUq1V+jAb313Ol M3VAk6fcvhiCIxGnv5lKYwghLMhEVD0Iy9OeG5KSXzUOhHBjiDF3UvNRp3GpQ4eBhsU/ ne3N6y8OYvAzCekPQRJzdSHY+6PhH23UvreVKa9LtKR9qwSfWVTTqz7CAVOAdZKz74l/ pnahAg3lcEY8VSeS8/HmdvfNqVMe93J8+bpur9w3Faxld5GIwP2HD6qcBfTeqHvwopi3 gFdA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h5-v6si5319548pfg.226.2018.10.30.07.35.53; Tue, 30 Oct 2018 07:36:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728163AbeJ3X0W (ORCPT + 99 others); Tue, 30 Oct 2018 19:26:22 -0400 Received: from mx1.redhat.com ([209.132.183.28]:11729 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727453AbeJ3X0W (ORCPT ); Tue, 30 Oct 2018 19:26:22 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E96773002C72; Tue, 30 Oct 2018 14:32:39 +0000 (UTC) Received: from dhcp-27-174.brq.redhat.com (unknown [10.43.17.31]) by smtp.corp.redhat.com (Postfix) with SMTP id 398D167C6E; Tue, 30 Oct 2018 14:32:36 +0000 (UTC) Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000 oleg@redhat.com; Tue, 30 Oct 2018 15:32:39 +0100 (CET) Date: Tue, 30 Oct 2018 15:32:36 +0100 From: Oleg Nesterov To: Tycho Andersen Cc: Kees Cook , Andy Lutomirski , "Eric W . Biederman" , "Serge E . Hallyn" , Christian Brauner , Tyler Hicks , Akihiro Suda , Aleksa Sarai , linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org Subject: Re: [PATCH v8 1/2] seccomp: add a return code to trap to userspace Message-ID: <20181030143235.GA3385@redhat.com> References: <20181029224031.29809-1-tycho@tycho.ws> <20181029224031.29809-2-tycho@tycho.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181029224031.29809-2-tycho@tycho.ws> User-Agent: Mutt/1.5.24 (2015-08-30) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 30 Oct 2018 14:32:40 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/29, Tycho Andersen wrote: > > + /* This is where we wait for a reply from userspace. */ > + err = wait_for_completion_interruptible(&n.ready); > + mutex_lock(&match->notify_lock); > + > + /* > + * If the noticiation fd died before we re-acquired the lock, we still > + * give -ENOSYS. > + */ > + if (!match->notif) > + goto remove_list; > + > + /* > + * Here it's possible we got a signal and then had to wait on the mutex > + * while the reply was sent, so let's be sure there wasn't a response > + * in the meantime. > + */ > + if (err < 0 && n.state != SECCOMP_NOTIFY_REPLIED) { > + /* > + * We got a signal. Let's tell userspace about it (potentially > + * again, if we had already notified them about the first one). > + */ > + n.signaled = true; > + if (n.state == SECCOMP_NOTIFY_SENT) { > + n.state = SECCOMP_NOTIFY_INIT; > + up(&match->notif->request); > + } I am not sure I understand the value of signaled/SECCOMP_NOTIF_FLAG_SIGNALED... I mean, why it is actually useful? Sorry if this was already discussed. > + wake_up_poll(&match->notif->wqh, EPOLLIN | EPOLLRDNORM); > + > + mutex_unlock(&match->notify_lock); > + err = wait_for_completion_killable(&n.ready); > + mutex_lock(&match->notify_lock); And it seems that SECCOMP_NOTIF_FLAG_SIGNALED is the only reason why seccomp_do_user_notification() doesn't do wait_for_completion_killable() from the very beginning. But my main concern is that either way wait_for_completion_killable() allows to trivially create a process which doesn't react to SIGSTOP, not good... Note also that this can happen if, say, both the tracer and tracee run in the same process group and SIGSTOP is sent to their pgid, if the tracer gets the signal first the tracee won't stop. Of freezer. try_to_freeze_tasks() can fail if it freezes the tracer before it does SECCOMP_IOCTL_NOTIF_SEND. Oleg.