Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp583113ybt; Wed, 17 Jun 2020 08:39:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXLGvXKqEYJWY5SCIm0I5ZWbeVlPRFIAaBwjaOha/ZWNvvrFiLk6axSzHoau1+R53Q7la0 X-Received: by 2002:aa7:d041:: with SMTP id n1mr7399692edo.196.1592408382137; Wed, 17 Jun 2020 08:39:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592408382; cv=none; d=google.com; s=arc-20160816; b=hxkn+x4oYBfGx3AOTMSAOKxJEFaaVGMyKZrqWr1O8/hJCD806LsOgoAd+cGvecGQNe M4FgELQW1r8VzdByVrLG64kKZVwWi2eXWAFSUEHhicA4aw/AYRZPrr/yuVfYpUTnhW58 UnaZq6vEzuNORKcCZ4ek8Q0iuRoF/8C9QN/Myezn23vVhUEUVAdTYKIQdf0WeU0qCewi oDVvAEq/JqBcVbqQWC86G8WCCO+vN2qLCXP3Lpd36PAhtSNnXvAdUrglqqzMO5wprz6Y f7TPrr7B8caRuMfE16KbKnBUS7osOiE4qeh+rkf0p79eHAa3f20cYp7w5jAOpTLsnbDj 171w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from; bh=2941LO68Lq1iCExhpGgtHmFRmsDcQTKc9WOJYtogJL4=; b=WqggTzc23w00g6+i4Jt+tg1Ui7NXB+6W3HxGPgOxCGxrvlI8h94LeiLsbhB2fG8Mof 8c6PENs6CEo1/vKnosb2LOfP5PI2YVxeAGwDcTrJhf69/WdTKzXWVR3V+QSVWlZtKhWq D7VYWdqLJ88Hi/+1ly4RvlbGL6d7ezybHIE5YkiHnW0k+NpNKoqePdHk8UidciR4LDML bFRxs83w9i80yLqwN0DO+iQGTZY0ZRAZ12uY/2kmiIncXP0X6USI+C69I9Zn7B5zSTC0 +zMgfkJ3+THSJtpXWOUkwe3QHah+SOiOEso934KadpoMsc6yCyMH+RUn9fT8hArq5XWW YIyg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id om21si149558ejb.101.2020.06.17.08.39.18; Wed, 17 Jun 2020 08:39:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726975AbgFQPf0 convert rfc822-to-8bit (ORCPT + 99 others); Wed, 17 Jun 2020 11:35:26 -0400 Received: from eu-smtp-delivery-151.mimecast.com ([146.101.78.151]:26328 "EHLO eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726868AbgFQPf0 (ORCPT ); Wed, 17 Jun 2020 11:35:26 -0400 Received: from AcuMS.aculab.com (156.67.243.126 [156.67.243.126]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-215-GEsm37XKMp2mEZ5ZJK8SRg-1; Wed, 17 Jun 2020 16:35:22 +0100 X-MC-Unique: GEsm37XKMp2mEZ5ZJK8SRg-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) by AcuMS.aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Wed, 17 Jun 2020 16:35:20 +0100 Received: from AcuMS.Aculab.com ([fe80::43c:695e:880f:8750]) by AcuMS.aculab.com ([fe80::43c:695e:880f:8750%12]) with mapi id 15.00.1347.000; Wed, 17 Jun 2020 16:35:20 +0100 From: David Laight To: 'Kees Cook' , "linux-kernel@vger.kernel.org" CC: Sargun Dhillon , Christian Brauner , "David S. Miller" , "Christoph Hellwig" , Tycho Andersen , Jakub Kicinski , Alexander Viro , Aleksa Sarai , Matt Denton , Jann Horn , Chris Palmer , Robert Sesek , Giuseppe Scrivano , "Greg Kroah-Hartman" , Andy Lutomirski , Will Drewry , Shuah Khan , "netdev@vger.kernel.org" , "containers@lists.linux-foundation.org" , "linux-api@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "linux-kselftest@vger.kernel.org" Subject: RE: [PATCH v4 03/11] fs: Add fd_install_received() wrapper for __fd_install_received() Thread-Topic: [PATCH v4 03/11] fs: Add fd_install_received() wrapper for __fd_install_received() Thread-Index: AQHWQ44F2CX108LjrkCobo2loVeUYajc8NxQ Date: Wed, 17 Jun 2020 15:35:20 +0000 Message-ID: <6de12195ec3244b99e6026b4b46e5be2@AcuMS.aculab.com> References: <20200616032524.460144-1-keescook@chromium.org> <20200616032524.460144-4-keescook@chromium.org> In-Reply-To: <20200616032524.460144-4-keescook@chromium.org> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Kees Cook > Sent: 16 June 2020 04:25 > > For both pidfd and seccomp, the __user pointer is not used. Update > __fd_install_received() to make writing to ufd optional. (ufd > itself cannot checked for NULL because this changes the SCM_RIGHTS > interface behavior.) In these cases, the new fd needs to be returned > on success. Update the existing callers to handle it. Add new wrapper > fd_install_received() for pidfd and seccomp that does not use the ufd > argument. ...> > static inline int fd_install_received_user(struct file *file, int __user *ufd, > unsigned int o_flags) > { > - return __fd_install_received(file, ufd, o_flags); > + return __fd_install_received(file, true, ufd, o_flags); > +} Can you get rid of the 'return user' parameter by adding if (!ufd) return -EFAULT; to the above wrapper, then checking for NULL in the function? Or does that do the wrong horrid things in the fail path? David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)