Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp774777ybm; Fri, 29 May 2020 11:48:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzvm8Xny9+X0YmBN7Wcpm45UK6EIsZzRy7MpJZzR3btaHX19YP5iAu0B9mN5BV+kEJbmZex X-Received: by 2002:a17:906:f20b:: with SMTP id gt11mr1603696ejb.307.1590778135539; Fri, 29 May 2020 11:48:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590778135; cv=none; d=google.com; s=arc-20160816; b=M2FfhQdk/WyjrhIeoKuZcW4WycSvS4CxD0ZeZDsvNHQDwrTyT+dO0WgmNEpsoymaMm kLJ9j3EvxI9P8uj0Ia2ziElj1UddpHDOTxnlfalpCmqo6Texg4yz/zt4K95k5pTDqBG6 MJ7WUDo4VKqQ1UaCbwEbKcpKgFQQJI5XJ02LGB9Q9450dcO7Tua50jT2/XR7whQ6Pwyy vXrdVHT8FbxBZ3RYXK3Igi+CoSvmVp1YJ0Z4JegqxoPiApwntS0jFPBBC80pAwmYBFZl u1GYPyQa23leAQSiGaxnqG/4nUwmWHgvVeAbE1UQComo5PBehr2T8hFRmq+EDnVv2FxJ IRyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=2jI4J75zslK5DzN/oAOiAs5aQaZjIw5/hl671zWXDfg=; b=zAX+lVBO+DQJF0efnVGYIxgYMasLqmBmfGPYoEYjbmyOshcAJ6vKWDklZBJyDQVmJ+ hqsjhc6i9MXbhNyls7PO+dTxuTg0OnNt1OQvMdCIBCo1apSlmcLPd1GXw5fkgQJXV062 xAbKBcb89IZqoIumOczEj2nO2IKhMxgOs4aU2/G2weHaa+YxHKjDzbyzPEmU7ZHN/4YL c2nBRSLvfpmxcAEJR1xHhN80v3VhuqdWSkATs2LwMcOTCliXBcdLgND45/kGgUqMqJy+ DsUUjnaF3L7JoAHk5QsVJLencICUJwaUfu2mwTJMuh130IFAqB4QtzrnSibpMl6wJ3Rt TeQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=0u7utFCW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d22si2832343edv.113.2020.05.29.11.48.32; Fri, 29 May 2020 11:48:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=0u7utFCW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727847AbgE2SqK (ORCPT + 99 others); Fri, 29 May 2020 14:46:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52464 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726487AbgE2SqK (ORCPT ); Fri, 29 May 2020 14:46:10 -0400 Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 23613C03E969 for ; Fri, 29 May 2020 11:46:10 -0700 (PDT) Received: by mail-io1-xd41.google.com with SMTP id k18so469469ion.0 for ; Fri, 29 May 2020 11:46:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=2jI4J75zslK5DzN/oAOiAs5aQaZjIw5/hl671zWXDfg=; b=0u7utFCWf8UoVkl1fFW02UGLdTLXA8lHRobaDaZxyF+D2+C5Cv4PsCB2sHXUbsd2MH YAObRaio3SXyniTOvpq8NMquqBSrMPenGNm6Ga8aWbCwCke3LFTzR4eH9UHuUSZxklpW RJ/I1jpatT5qu8Zh/CfUFi6DSitvG6nFCjrrM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=2jI4J75zslK5DzN/oAOiAs5aQaZjIw5/hl671zWXDfg=; b=Oes/DzTf+l0vJjIRn7gyu5ipVYCIbXkAGKjdLFscFZZuRN5TLvRy0M1z4K84lXiCLT TP0rHNKjxsZqRYentMr3woLqkV1x4LJD7ZTPutX31z3g6iiG8sunFmOWR69vOviNAjGB nT8pOcfzwycwseaOG+24fEtvESwk4vFV9kn4zhDNVYpdB9wHr/nqW3zK40qsP0/JKbZ/ DpskhgHxWkBT5n4bm6qGalNFBBUGG60g4uxnFcNywp+GJEOt4LtisLSzKcY8tVBQyNaZ A4KGHdFrY/ILEUnXLrlh9lbyB1npIfjP2EPBYeQB5AKS+3AuWPxeW0qLMTUbvc7CliOQ ZSRA== X-Gm-Message-State: AOAM532enX++4Hbs4YDX/gBY8OBUePZLMGWKMqWHL4ZdH9q5Dfen9TXg 2qYiXRaleSRLdf5tQONWCVYzGw== X-Received: by 2002:a02:a895:: with SMTP id l21mr8241043jam.82.1590777969201; Fri, 29 May 2020 11:46:09 -0700 (PDT) Received: from ircssh-2.c.rugged-nimbus-611.internal (80.60.198.104.bc.googleusercontent.com. [104.198.60.80]) by smtp.gmail.com with ESMTPSA id h23sm4134751ioj.39.2020.05.29.11.46.08 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 29 May 2020 11:46:08 -0700 (PDT) Date: Fri, 29 May 2020 18:46:07 +0000 From: Sargun Dhillon To: Kees Cook Cc: christian.brauner@ubuntu.com, containers@lists.linux-foundation.org, cyphar@cyphar.com, jannh@google.com, jeffv@google.com, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, palmer@google.com, rsesek@google.com, tycho@tycho.ws, Matt Denton Subject: Re: [PATCH v2 3/3] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD Message-ID: <20200529184606.GB11153@ircssh-2.c.rugged-nimbus-611.internal> References: <20200528110858.3265-1-sargun@sargun.me> <20200528110858.3265-4-sargun@sargun.me> <202005290036.3FEFFDA@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202005290036.3FEFFDA@keescook> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 29, 2020 at 12:41:51AM -0700, Kees Cook wrote: > On Thu, May 28, 2020 at 04:08:58AM -0700, Sargun Dhillon wrote: > > + EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_SEND, &resp), 0); > > + > > + nextid = req.id + 1; > > + > > + /* Wait for getppid to be called for the second time */ > > + sleep(1); > > I always rebel at finding "sleep" in tests. ;) Is this needed? IIUC, > userspace will immediately see EINPROGRESS after the NOTIF_SEND > finishes, yes? > > Otherwise, yes, this looks good. > > -- > Kees Cook I'm open to better suggestions, but there's a race where if getppid is not called before the second SECCOMP_IOCTL_NOTIF_ADDFD is called, you will just get an ENOENT, since the notification ID is not found. The other approach is to "poll" the child, and wait for it to enter the second syscall. Calling receive beforehand doesn't work because it moves the state of the notification in the kernel to received, and then the kernel doesn't error with EINPROGRESS.