Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp4834539imd; Tue, 30 Oct 2018 08:06:21 -0700 (PDT) X-Google-Smtp-Source: AJdET5ePiHvYF6VFHYbL6Le40n23dJqUtzno3nwvAPe4xQezISyLHMJ12mFr/6iV0CaC1YU99cYG X-Received: by 2002:a63:d30c:: with SMTP id b12-v6mr18569882pgg.61.1540911981332; Tue, 30 Oct 2018 08:06:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540911981; cv=none; d=google.com; s=arc-20160816; b=ltFQUW//saCa0Ts0rrUKVaQ8s0SG1BpcbxI4ZJTbgWI7pUEonEZuYE1ibNK7ueyQJS ntX5V4rcYWhOUaBceRBpGtTXs7fIbaUXIVcpzFFDNzcKTkYegwh6vsFLH9mx5BI5jC25 WWxERzhrfDr9vWWFRzfr2mWWBVDqKlpVB/j+hShrGbQ1fEWM2QO1bMtkMoTggOUOdme3 Nbxa5HR3FkZSrkoqWE9xojeNSeK+rSIQDIeyot7b1HQ0h+UMcOnReoM1Wu/cNHib3nCl suiWxtdicGsplBHVbTfmnxJANlbaZcHCRoU1Jev1TOFHio8hxY2lNuiv+b+PCzi7atYn 9rsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=QPtPrUNcqMUtrxu2VE9gyLasIyl2YkHrjlUljEP8lgs=; b=aXe9/+Xrkd1J803Wj4SG+TV2TilOPP5DBD90zE8nth0MIDJNacSKU3dF+IajAxrlxx 6dZkaeePe06dskYQNqnb3dgk5ezFAMWDHy0i2z0onCP/OfMKjoixnywuenpd7frR6gLh obAF+c4aOzcEzsozqZykTPq1KzcbOvNFPMkfZdb+IIcl4ytMkZUgFVKLAEodMJDrSXFK VDT5JXwbPqiHjk2fh5zpCGWFeZYfWcD/vi0XlFIbmjuN3t8f/YaSqYJiL6Zu50QTcZiI qGbEs+Om+D611T+do6fe075AnZvudmdkMi24o8eb3PwNBu97ut7qI1uLTYe2/lJ+PMk0 R5lw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g9-v6si757592plm.66.2018.10.30.08.05.55; Tue, 30 Oct 2018 08:06:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727346AbeJ3X4s (ORCPT + 99 others); Tue, 30 Oct 2018 19:56:48 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50100 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726135AbeJ3X4r (ORCPT ); Tue, 30 Oct 2018 19:56:47 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 82429312E9DB; Tue, 30 Oct 2018 15:02:58 +0000 (UTC) Received: from dhcp-27-174.brq.redhat.com (unknown [10.43.17.31]) by smtp.corp.redhat.com (Postfix) with SMTP id ED281194AB; Tue, 30 Oct 2018 15:02:55 +0000 (UTC) Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000 oleg@redhat.com; Tue, 30 Oct 2018 16:02:57 +0100 (CET) Date: Tue, 30 Oct 2018 16:02:54 +0100 From: Oleg Nesterov To: Tycho Andersen Cc: Kees Cook , Andy Lutomirski , "Eric W . Biederman" , "Serge E . Hallyn" , Christian Brauner , Tyler Hicks , Akihiro Suda , Aleksa Sarai , linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org Subject: Re: [PATCH v8 1/2] seccomp: add a return code to trap to userspace Message-ID: <20181030150254.GB3385@redhat.com> References: <20181029224031.29809-1-tycho@tycho.ws> <20181029224031.29809-2-tycho@tycho.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181029224031.29809-2-tycho@tycho.ws> User-Agent: Mutt/1.5.24 (2015-08-30) X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 30 Oct 2018 15:02:58 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/29, Tycho Andersen wrote: > > +static long seccomp_notify_recv(struct seccomp_filter *filter, > + void __user *buf) > +{ > + struct seccomp_knotif *knotif = NULL, *cur; > + struct seccomp_notif unotif; > + ssize_t ret; > + > + memset(&unotif, 0, sizeof(unotif)); > + > + ret = down_interruptible(&filter->notif->request); > + if (ret < 0) > + return ret; > + > + mutex_lock(&filter->notify_lock); > + list_for_each_entry(cur, &filter->notif->notifications, list) { > + if (cur->state == SECCOMP_NOTIFY_INIT) { > + knotif = cur; > + break; > + } > + } > + > + /* > + * If we didn't find a notification, it could be that the task was > + * interrupted by a fatal signal between the time we were woken and > + * when we were able to acquire the rw lock. > + * > + * This is the place where we handle the extra high semaphore count > + * mentioned in seccomp_do_user_notification(). > + */ > + if (!knotif) { > + ret = -ENOENT; > + goto out; > + } > + > + unotif.id = knotif->id; > + unotif.pid = task_pid_vnr(knotif->task); > + if (knotif->signaled) > + unotif.flags |= SECCOMP_NOTIF_FLAG_SIGNALED; > + unotif.data = *(knotif->data); Tycho, I forgot everything about seccomp, most probably I am wrong but let me ask anyway. __seccomp_filter(SECCOMP_RET_TRACE) does /* * Recheck the syscall, since it may have changed. This * intentionally uses a NULL struct seccomp_data to force * a reload of all registers. This does not goto skip since * a skip would have already been reported. */ if (__seccomp_filter(this_syscall, NULL, true)) return -1; and the next seccomp_run_filters() can return SECCOMP_RET_USER_NOTIF, right? seccomp_do_user_notification() doesn't check recheck_after_trace and it simply does n.data = sd. Doesn't this mean that "unotif.data = *(knotif->data)" can hit NULL ? seccomp_run_filters() does populate_seccomp_data() in this case, but this won't affect "seccomp_data *sd" passed to seccomp_do_user_notification(). Oleg.