Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1724757ybt; Thu, 18 Jun 2020 15:58:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwxlrshiD3u6oXIwL5lJhE2EsuIxt2pA7CZI+WYTdog/GANsg8kup+ua+4sJu04iOdvRdQ1 X-Received: by 2002:a17:906:5fcd:: with SMTP id k13mr882178ejv.459.1592521120340; Thu, 18 Jun 2020 15:58:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592521120; cv=none; d=google.com; s=arc-20160816; b=ai9IFYN/EjOhRkwbHOj+69UaAfHfn27zJRmJXGAdSG7q+4SJT8stNssp+ZGs7HoSEt 6SNMGWl4zvvSAgw6t3hb5L01KWqfAeA7yEd3UWdBTvsl16BY8d86tCaFPJxpOh86jtWB aV3HFz9lsOFPyOjfe04OITp5ZP/fVExSD3g0cluMFuVSkcnQ/cHqRi0uTSb1cBN/q2YY hdu8Zm0SIPM/0HhSSRB3bgxBBGrosJ14v3gsqPyGpbPCgx3iY/xP2zfFx+qTu5LFF179 gZoYFNOvaHoebas2JJG9Y04PXy0JdrApRelJwwTr1fO1cTFlXrKH6Y2ObR/4r0KVB2o5 fmAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=1SwhXxxcqMA/2xg9WoRLda6uaTbILklISXGnrNM7z5g=; b=GkxDVFocWYZLbZApONUbyUtrUTUtcrIGU4NONF1o4Dn2lUX6cbGP/lv4d8K36BvIsB Erp/tEyVOrhbHpGYfzRcTrPc1NkfF8uHEpVKKMVrYdyd641k+hzZWx2iqM8JVO6AbsRz JFnLnwwZ07JUAfB3544iAuBDQ+Ahfbc0mRd68mFfvg+j5m8x5fuWE3ImBTiVPbwxmymY SzulaihXr3A9oM2vhrixCZakRAKHLG6gOQmUfyFitpbcWlmDuNpFoY9t30hQoWFA7VhK XZHYw3lyWxyaKtHfniP3yCqvvT7B41wSY8rFchyM6PPNMqyUeT7hUtpRp5BBGHG7pcu2 /1ww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=EV4OK8Sy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u18si2838063edy.272.2020.06.18.15.58.18; Thu, 18 Jun 2020 15:58:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=EV4OK8Sy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731912AbgFRWQw (ORCPT + 99 others); Thu, 18 Jun 2020 18:16:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42636 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731865AbgFRWQu (ORCPT ); Thu, 18 Jun 2020 18:16:50 -0400 Received: from mail-il1-x142.google.com (mail-il1-x142.google.com [IPv6:2607:f8b0:4864:20::142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BA01CC061794 for ; Thu, 18 Jun 2020 15:16:48 -0700 (PDT) Received: by mail-il1-x142.google.com with SMTP id 9so7499151ilg.12 for ; Thu, 18 Jun 2020 15:16:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=1SwhXxxcqMA/2xg9WoRLda6uaTbILklISXGnrNM7z5g=; b=EV4OK8SyfSmB1iDadMyS6GSSAb/y8zP9pbU0Qq6cW8ldk3zk+IGjfY2mwBS7kzw4+U MueNz1lmVzja+fcXE6FnhayjVrm0XuFnJWBq6+5FDBnmi1hHaih73zql3UKX/jPFPBij cTvcS7wpwiveD7okKpYA13MpaMis17aHOXQ6U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=1SwhXxxcqMA/2xg9WoRLda6uaTbILklISXGnrNM7z5g=; b=dv9HpABALDXoNJCmSjfal4cjpWyPODNfVjmOWATVNPzHHxTaDbNbAaajkCi7dXKBBF YOBDohBGKTLoofsi3S54WD8TnbKPpwxcCYIFEvbUQ/u2No8rojVFSibDu4Yms2i2x1gN p+ZsmiC3lfXy9iliKL4CzeycIZBPRA3+5gOUTf1pMOaUacJY/ivP7QDzjthKb2rmm9Jg SfHvXipggBg3oJPkyAGSR4HaRN1o7KXM5q5dqUNig1kw4r09mMitSD42uZ2G9kFQ/j8r //ABq5M4sFqjIh3X7bcGcguLqzMfvAHbMvFDiQaYrR/9kcMX+xFLX1ivE8KQhlj0Rw1X PDng== X-Gm-Message-State: AOAM532u+c5lt0GIOhPqo5FFSOcuOtJBniv2l+yzsouffUDotLTka7W9 yszTMDv7aP6PVlFMXRdI0v8CgQ== X-Received: by 2002:a92:d9c1:: with SMTP id n1mr673192ilq.148.1592518607785; Thu, 18 Jun 2020 15:16:47 -0700 (PDT) Received: from ircssh-2.c.rugged-nimbus-611.internal (80.60.198.104.bc.googleusercontent.com. [104.198.60.80]) by smtp.gmail.com with ESMTPSA id j80sm2256501ili.65.2020.06.18.15.16.47 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 18 Jun 2020 15:16:47 -0700 (PDT) Date: Thu, 18 Jun 2020 22:16:45 +0000 From: Sargun Dhillon To: Kees Cook Cc: linux-kernel@vger.kernel.org, Christian Brauner , "David S. Miller" , Christoph Hellwig , Tycho Andersen , Jakub Kicinski , Alexander Viro , Aleksa Sarai , Matt Denton , Jann Horn , Chris Palmer , Robert Sesek , Giuseppe Scrivano , Greg Kroah-Hartman , Andy Lutomirski , Will Drewry , Shuah Khan , netdev@vger.kernel.org, containers@lists.linux-foundation.org, linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH v4 00/11] Add seccomp notifier ioctl that enables adding fds Message-ID: <20200618221644.GA31321@ircssh-2.c.rugged-nimbus-611.internal> References: <20200616032524.460144-1-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200616032524.460144-1-keescook@chromium.org> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 15, 2020 at 08:25:13PM -0700, Kees Cook wrote: > Hello! > > This is a bit of thread-merge between [1] and [2]. tl;dr: add a way for > a seccomp user_notif process manager to inject files into the managed > process in order to handle emulation of various fd-returning syscalls > across security boundaries. Containers folks and Chrome are in need > of the feature, and investigating this solution uncovered (and fixed) > implementation issues with existing file sending routines. > > I intend to carry this in the seccomp tree, unless someone has objections. > :) Please review and test! > > -Kees > > [1] https://lore.kernel.org/lkml/20200603011044.7972-1-sargun@sargun.me/ > [2] https://lore.kernel.org/lkml/20200610045214.1175600-1-keescook@chromium.org/ > > Kees Cook (9): > net/scm: Regularize compat handling of scm_detach_fds() > fs: Move __scm_install_fd() to __fd_install_received() > fs: Add fd_install_received() wrapper for __fd_install_received() > pidfd: Replace open-coded partial fd_install_received() > fs: Expand __fd_install_received() to accept fd > selftests/seccomp: Make kcmp() less required > selftests/seccomp: Rename user_trap_syscall() to user_notif_syscall() > seccomp: Switch addfd to Extensible Argument ioctl > seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID > This looks much cleaner than the original patchset. Thanks. Reviewed-by: Sargun Dhillon on the pidfd, change fs* changes. > Sargun Dhillon (2): > seccomp: Introduce addfd ioctl to seccomp user notifier > selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD > > fs/file.c | 65 ++++ > include/linux/file.h | 16 + > include/uapi/linux/seccomp.h | 25 +- > kernel/pid.c | 11 +- > kernel/seccomp.c | 181 ++++++++- > net/compat.c | 55 ++- > net/core/scm.c | 50 +-- > tools/testing/selftests/seccomp/seccomp_bpf.c | 350 +++++++++++++++--- > 8 files changed, 618 insertions(+), 135 deletions(-) > > -- > 2.25.1 >