Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4501175ybl;
        Mon, 9 Dec 2019 11:51:51 -0800 (PST)
X-Google-Smtp-Source: APXvYqyq/2ZykPK/JRWjq0loZh+wY0lAWrgFqGokHPDt9UEW8GZ77aWfkZ2qRZPJIas63ooMJokN
X-Received: by 2002:a05:6830:12d0:: with SMTP id a16mr23096985otq.8.1575921111309;
        Mon, 09 Dec 2019 11:51:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1575921111; cv=none;
        d=google.com; s=arc-20160816;
        b=cN9r7LqazExtYuABQzpUCBsyY52uis+Yh0yT5Rza7+n/WuUByiGio0GWuzA4+CZt79
         UrkT6I876VrAmggLiNd9PlBMtSJJmbwJ1Yk4PaJH3m5sP/MPtqY3DI1e3MOeFUSjhLHr
         +5H3NWW6uJCsZ+aPtBssyTBvBax+2Nv/ak1LzfeBjCTRHwljPrea8wb0TF8XCJu+Hskt
         0YEBBGGoyITj/CxRGrlV9CAwT93fFJ/jPLcIw+Uxqa8CZTFQ+SXvnB2c119RBogxW1gz
         GoxQN3PVsA+7F9An0S7xB3M6ZxfknVeTPL/Xr+enKve69T36Rxc8PyCpTuUDLSJGkHnO
         NEPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:from:cc:to:subject
         :content-transfer-encoding:mime-version:references:in-reply-to
         :user-agent:date;
        bh=ZgzE7nN5eQfpdRY3D5Jun5DTza8gR1bBQJZhkUG/5bE=;
        b=Mj8O0j4mc/SeGPJ2fUmt9+BPvAPOLF6mono/nTKo9EC2i3KjGxQ9ZcD7ac/+ZuMObV
         Yv4P+0JeMJI5zzGJzfC/MNcLmKl57xCGTHrhFP++sUtlKPnK2TDMxqj0feuCqCP0d7O/
         wuYtUyEu+kB3WUmTYKtZJK6A55ruNArexTVy68sLnqzONFDPuUTCjCt4DLw4JQPDHwYc
         BO3HjYf5d9+F5W41fI/ddC01W2K2Zh4lwX97CnEz5AaUUbwp44OkEXhAniw+7lJREq1a
         2YqiInzkgEpky6Z3A+8rSHlfpRFMSXpk9BIBFbmsBLDp2Mfl93UXSruy0Uf8AzW7eUn7
         AOLw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l9si468590otn.301.2019.12.09.11.51.37;
        Mon, 09 Dec 2019 11:51:51 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726708AbfLITth convert rfc822-to-8bit (ORCPT
        <rfc822;1dalishi1@gmail.com> + 99 others);
        Mon, 9 Dec 2019 14:49:37 -0500
Received: from mail-wm1-f65.google.com ([209.85.128.65]:51884 "EHLO
        mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726342AbfLITth (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 9 Dec 2019 14:49:37 -0500
Received: by mail-wm1-f65.google.com with SMTP id g206so645659wme.1
        for <linux-kernel@vger.kernel.org>; Mon, 09 Dec 2019 11:49:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:user-agent:in-reply-to:references
         :mime-version:content-transfer-encoding:subject:to:cc:from
         :message-id;
        bh=FetqLdZTgqYVH7ikYZFDoVL0KC42SrD46xkQJuqyRM0=;
        b=NaSc5kZ1R/4efC67d19MWDwT+WF2CVLQayBwOBjY8hChMSPtFyGUUWB6PwnfqM1+eJ
         +a0/G3ihEpl4SVwGthQWrupqD1292ud4dd5ZSaAwj2S8YCFeb8GUQ8vq2wDYY3OhiHTI
         Zt1oX82Jnh4FBNrawcPgvPLVpNujwm6YYEH0uOPzooEBXN1MF70HFm/Bu+adrOur7+q+
         5wgMMFDa9+TAld09a+c4OgwuDiDpUkFGqR2AeEfK0DGfPRMT1pCZ3JVNLmYAcc6ftvBd
         dM4kDC/kbvTy3hYk/yn5EFqoWRsM42JnwAzjMsDe9w8UrGWB8eDkOD9U/knT0WanYVBd
         ASlQ==
X-Gm-Message-State: APjAAAWjVfHnnCji2hF8FFQGdqknrwbJxGoaegi5QNVetW6uZcRMZHsc
        8zi/6pG9Hcu+Gmhrsai7d+3Pxw==
X-Received: by 2002:a1c:41c4:: with SMTP id o187mr819910wma.24.1575920974952;
        Mon, 09 Dec 2019 11:49:34 -0800 (PST)
Received: from [10.152.225.171] ([185.81.138.20])
        by smtp.gmail.com with ESMTPSA id y6sm590029wrl.17.2019.12.09.11.49.33
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 09 Dec 2019 11:49:34 -0800 (PST)
Date:   Mon, 09 Dec 2019 20:49:30 +0100
User-Agent: K-9 Mail for Android
In-Reply-To: <20191209192959.GB10721@redhat.com>
References: <20191209070646.GA32477@ircssh-2.c.rugged-nimbus-611.internal> <20191209192959.GB10721@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: 8BIT
Subject: Re: [PATCH v2 4/4] samples: Add example of using PTRACE_GETFD in conjunction with user trap
To:     Oleg Nesterov <oleg@redhat.com>, Sargun Dhillon <sargun@sargun.me>
CC:     linux-kernel@vger.kernel.org,
        containers@lists.linux-foundation.org, linux-api@vger.kernel.org,
        linux-fsdevel@vger.kernel.org, tycho@tycho.ws, jannh@google.com,
        cyphar@cyphar.com, luto@amacapital.net, viro@zeniv.linux.org.uk
From:   Christian Brauner <christian.brauner@ubuntu.com>
Message-ID: <BE3E056F-0147-4A00-8FF7-6CC9DE02A30C@ubuntu.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On December 9, 2019 8:30:00 PM GMT+01:00, Oleg Nesterov <oleg@redhat.com> wrote:
>On 12/09, Sargun Dhillon wrote:
>>
>> +#define CHILD_PORT_TRY_BIND	80
>> +#define CHILD_PORT_ACTUAL_BIND	4998
>
>...
>
>> +static int handle_req(int listener)
>> +{
>> +	struct sockaddr_in addr = {
>> +		.sin_family	= AF_INET,
>> +		.sin_port	= htons(4998),
>
>then I think
>		.sin_port = htons(CHILD_PORT_ACTUAL_BIND);
>
>would be more clear...
>
>> +		.sin_addr	= {
>> +			.s_addr	= htonl(INADDR_LOOPBACK)
>> +		}
>> +	};
>> +	struct ptrace_getfd_args getfd_args = {
>> +		.options = PTRACE_GETFD_O_CLOEXEC
>> +	};
>> +	struct seccomp_notif_sizes sizes;
>> +	struct seccomp_notif_resp *resp;
>> +	struct seccomp_notif *req;
>> +	int fd, ret = 1;
>> +
>> +	if (seccomp(SECCOMP_GET_NOTIF_SIZES, 0, &sizes) < 0) {
>> +		perror("seccomp(GET_NOTIF_SIZES)");
>> +		goto out;
>> +	}
>> +	req = malloc(sizes.seccomp_notif);
>> +	if (!req)
>> +		goto out;
>> +	memset(req, 0, sizeof(*req));
>> +
>> +	resp = malloc(sizes.seccomp_notif_resp);
>> +	if (!resp)
>> +		goto out_free_req;
>> +	memset(resp, 0, sizeof(*resp));
>> +
>> +	if (ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, req)) {
>> +		perror("ioctl recv");
>> +		goto out;
>> +	}
>> +	printf("Child tried to call bind with fd: %lld\n",
>req->data.args[0]);
>> +	getfd_args.fd = req->data.args[0];
>> +	fd = ptrace_getfd(req->pid, &getfd_args);
>
>and iiuc otherwise you do not need to ptrace the child. So you could
>remove
>ptrace(PTRACE_SEIZE) in main() and just do
>
>	ptrace(PTRACE_SEIZE, req->pid);
>	fd = ptrace_getfd(req->pid, &getfd_args);
>	ptrace(PTRACE_DETACH, req->pid);
>
>here. However, PTRACE_DETACH won't work, it needs the stopped tracee.
>We can
>add PTRACE_DETACH_ASYNC, but this makes me think that PTRACE_GETFD has
>nothing
>to do with ptrace.
>
>May be a new syscall which does ptrace_may_access() + get_task_file()
>will make
>more sense?
>
>Oleg.

Once more since this annoying app uses html by default...

But we can already do this right now and this is just an improvement.
That's a bit rich for a new syscall imho...

Christian