Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp68946pxk; Wed, 30 Sep 2020 18:11:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzA3fbbJA7rXke2xPRnslrOdWA9yxHbSsiBaNghVBjpOuToczEWkrasrtxVXn7DwyboWmQZ X-Received: by 2002:a17:906:71c9:: with SMTP id i9mr5564824ejk.250.1601514664600; Wed, 30 Sep 2020 18:11:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601514664; cv=none; d=google.com; s=arc-20160816; b=YyqoPxDtckD8UpZ9XgW/jU5E3mNTbGoWgLhagVYIxO5fUTw5kIzOSvjEjP/wJdj3ib daFAwABzAcQ2lg2DxW9CGU97DoCCoCjM23eCIyZgILPZUK2AsalmvPR4AUkyOGIYQwFK 5Kd3UNozAV0sPzDb9XO3s4uOPmBUHOpYXN1tpHStmsy8j+x5FUT+Bb2Kb7k+aJMNPWd4 P9cSMdNkpMTSvtI6oqp+tM6mUbGnolngbZK1Jpj/KF7aVVJHZiq3x7i44sHhf4VqiHBj sAP7myX7JcZgd3VxsiGRzW3uhRGZLS3NJOjE/gLUuV/mr/dm6Gkq/+Fg3V9r8k9hi5Mu sl6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature; bh=UUv/ycHKk0VmQ9jog/Fu42gbcuiVRCdjLJbHAyQkcMA=; b=AW+F1a+i3a9jUssipHFVJO7jY4tXOgJvEGAbpk+a8V3h5ZJVe119JDRGEh79qnEFRQ /9p8XzQWDp6nzr8Qw7Ozywmh6rg4HbxQ/ZP95tqa5kl9kEq6A4KToX5brzjomfkDR9HJ bsOc6s7/CdjfJJSVlEgLRqbl7JPTUMqLRFCelTTwpw2DPpsshWSjE00rASxMqW2QvoTM 0q/0Sd7qOX4UfAbs2XUerRbOaBn7Yat/9HQmD2baT8kCTZyTSzS0GRdNN1Fte4tRvLMz Ry9541b0CFsYWs2iHYF5/g3x4LSJ+KQS/YFyiOG0UkSnUlvz38VWY9ig0/EpOIizY+se 70ag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm1 header.b=ivLuxv4Q; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=NiIOs+5J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l21si2383476ejq.222.2020.09.30.18.10.18; Wed, 30 Sep 2020 18:11:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm1 header.b=ivLuxv4Q; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=NiIOs+5J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731707AbgI3X1W (ORCPT + 99 others); Wed, 30 Sep 2020 19:27:22 -0400 Received: from wnew2-smtp.messagingengine.com ([64.147.123.27]:60299 "EHLO wnew2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729617AbgI3XZ3 (ORCPT ); Wed, 30 Sep 2020 19:25:29 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailnew.west.internal (Postfix) with ESMTP id 7DAB696C; Wed, 30 Sep 2020 19:24:59 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Wed, 30 Sep 2020 19:25:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.pizza; h= date:from:to:cc:subject:message-id:references:mime-version :content-type:content-transfer-encoding:in-reply-to; s=fm1; bh=U Uv/ycHKk0VmQ9jog/Fu42gbcuiVRCdjLJbHAyQkcMA=; b=ivLuxv4Q55f1KpcuS +cwKbc+rREjpPqhNs+z6z6vjquCNIcj/E8v8Busu2VtTJ16rgl8jXLEQjMa40b1D ReI1SEVJg30OsggeJY9AInJEz/bd9bbSxaQL8V53iPVzbmGxfhHD4MFwlVStlBwX aqRjDgpgWhsmi6JhdsEugslTbAqczxPq5QFgGIMssgwiFRxmgLKxaHJkOqd33zb+ MuLo/0gCKdB1eeNJEp1lVmD+y7WeJqOoItZ5ISqVZOD0fTGSEijlsx7T3sNwFh83 WW3/9jZdXT1zRIKZKd3Sk1e9PtvZJzDJjWvFXIMzjAN9WPjctu81EuHOPrC5sD1E x0vuw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=UUv/ycHKk0VmQ9jog/Fu42gbcuiVRCdjLJbHAyQkc MA=; b=NiIOs+5J+ArBtzNXG9vmBi8u7JjTh87LIZHMCkPCZH2PN4i+5633Sijoe ouCmaU+C+bvwasFuxNWPFL/DlP77sTXfxsoK/g6MYoImqKTejhm4xwtx2ecJqSJh /Kx4k2Mcpn9Z2DX63sPvi270Mnu6uRs7l3eoAbVYL8VAhJGK9kq3fswLVBPOxisp Fw8s46jiYOVH8cy0i5Ov/yR7Ljysxlup7/9XHm5HZF8PLwyMPrqZOaDFyZ5kYp9i 8rNnWKVPpINdn/CzafZq0hA4cAHRvJuhacxWIfGhv2QDoGvdLz9m39k+2YlpcD9D 8anKe2R87M80SjVwpdVQinitLhbIA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrfeefgddvvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggugfgjsehtkeertddttdejnecuhfhrohhmpefvhigthhho ucetnhguvghrshgvnhcuoehthigthhhosehthigthhhordhpihiiiigrqeenucggtffrrg htthgvrhhnpefhuedvvdelieevgeegjeeukeeuleejtdejfeetfeeujeefvdeltdethffh ueekffenucfkphepjeefrddvudejrddutddriedtnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepthihtghhohesthihtghhohdrphhiiiiirg X-ME-Proxy: Received: from cisco (c-73-217-10-60.hsd1.co.comcast.net [73.217.10.60]) by mail.messagingengine.com (Postfix) with ESMTPA id 1A15E3064610; Wed, 30 Sep 2020 19:24:57 -0400 (EDT) Date: Wed, 30 Sep 2020 17:24:56 -0600 From: Tycho Andersen To: Jann Horn Cc: "Michael Kerrisk (man-pages)" , Sargun Dhillon , Kees Cook , Christian Brauner , linux-man , lkml , Aleksa Sarai , Alexei Starovoitov , Will Drewry , bpf , Song Liu , Daniel Borkmann , Andy Lutomirski , Linux Containers , Giuseppe Scrivano , Robert Sesek Subject: Re: For review: seccomp_user_notif(2) manual page Message-ID: <20200930232456.GB1260245@cisco> References: <45f07f17-18b6-d187-0914-6f341fe90857@gmail.com> <20200930150330.GC284424@cisco> <8bcd956f-58d2-d2f0-ca7c-0a30f3fcd5b8@gmail.com> <20200930230327.GA1260245@cisco> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 01, 2020 at 01:11:33AM +0200, Jann Horn wrote: > On Thu, Oct 1, 2020 at 1:03 AM Tycho Andersen wrote: > > On Wed, Sep 30, 2020 at 10:34:51PM +0200, Michael Kerrisk (man-pages) wrote: > > > On 9/30/20 5:03 PM, Tycho Andersen wrote: > > > > On Wed, Sep 30, 2020 at 01:07:38PM +0200, Michael Kerrisk (man-pages) wrote: > > > >> ┌─────────────────────────────────────────────────────┐ > > > >> │FIXME │ > > > >> ├─────────────────────────────────────────────────────┤ > > > >> │From my experiments, it appears that if a SEC‐ │ > > > >> │COMP_IOCTL_NOTIF_RECV is done after the target │ > > > >> │process terminates, then the ioctl() simply blocks │ > > > >> │(rather than returning an error to indicate that the │ > > > >> │target process no longer exists). │ > > > > > > > > Yeah, I think Christian wanted to fix this at some point, > > > > > > Do you have a pointer that discussion? I could not find it with a > > > quick search. > > > > > > > but it's a > > > > bit sticky to do. > > > > > > Can you say a few words about the nature of the problem? > > > > I remembered wrong, it's actually in the tree: 99cdb8b9a573 ("seccomp: > > notify about unused filter"). So maybe there's a bug here? > > That thing only notifies on ->poll, it doesn't unblock ioctls; and > Michael's sample code uses SECCOMP_IOCTL_NOTIF_RECV to wait. So that > commit doesn't have any effect on this kind of usage. Yes, thanks. And the ones stuck in RECV are waiting on a semaphore so we don't have a count of all of them, unfortunately. We could maybe look inside the wait_list, but that will probably make people angry :) Tycho