Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp4423440pxu; Tue, 1 Dec 2020 04:47:50 -0800 (PST) X-Google-Smtp-Source: ABdhPJz586mqVt8m2MyiskQgS4JCylyc1WUUF6DVDg4ugeL+70eLrwSW2rTQaKoTJQTZWp/DpTvA X-Received: by 2002:a17:906:6d58:: with SMTP id a24mr2669342ejt.298.1606826869824; Tue, 01 Dec 2020 04:47:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606826869; cv=none; d=google.com; s=arc-20160816; b=EIN7vbdLZ46TLgqrc7KO0jH/mbfXC4S4LQ3XshjXy19tCJXWZn5y/GP580VESXDK44 im5iD9bnJvhNUzCVnLRxnOuvjhgDPzfSbVupqU5glRllc5/azQWl3KFcKqSo64qNSKxM RWpNJzFNoa1+Qqxy5u2XIwz34GqJ/VhpLpZpokUJQT3gbicSvOunf8qeSdCo00pi3mQk n72+e5VcuLGBkBGs6DsN6+kBh3WNS45LTVrx/QvDPVHn1AhEKn63z86JQYPI/1RQkWlS QdrivUYLWSRfz44AE5a/OhL3lfFyrtwz+lTfOmPNP5m8gr47rDHJCVKKNrl8BzpuIlYT KldA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :dkim-signature; bh=R6fmSKML9KtTVBoh+tDAcNNZx9kzhrwiKD5SpJTg/LM=; b=qEX0Icr3ZPZKl+iyv+pXYdp4mDFW35diVaVA46lPPQkL6+i2ruWHXXFCZ5Jh68ODn/ kCR5Wi6WgFDCqixIYvszQDehP3WMi4wVI+EWSaVAtGvPT0sqfTL1HDBCt4/xaUx6SZtE ivwGMWotfYL050qGhg7UtBDpPdgcD1GgBJdXLfjoG8NGOUMmx8LCn2IB58CunDEcs1rI rOn7wtw5Kz4J7N0WuMdcc4ac/TbW64OWFUnDDGI0BCgWlttiuCUAB8ojn6XJOBx8AxFS 7OrMcRHt9kGTX+CPay9u3SgEDGJ/7qKPkRVjr1sWifzEMLOwLeYlYYTJcTCFe89ScIt2 BEKg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm1 header.b="E+hrFEK/"; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=V3AZfWSU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j7si903630ejm.476.2020.12.01.04.47.26; Tue, 01 Dec 2020 04:47:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm1 header.b="E+hrFEK/"; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=V3AZfWSU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731056AbgLAMmO (ORCPT + 99 others); Tue, 1 Dec 2020 07:42:14 -0500 Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:50245 "EHLO wout4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731050AbgLAMmO (ORCPT ); Tue, 1 Dec 2020 07:42:14 -0500 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id DA16248F; Tue, 1 Dec 2020 07:41:07 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Tue, 01 Dec 2020 07:41:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.pizza; h= date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm1; bh=R6fmSKML9KtTVBoh+tDAcNNZx9k zhrwiKD5SpJTg/LM=; b=E+hrFEK/2joQP5vI6qceFQl9vFdt04UZ7sVBRVrbUav gWWq2uJSDajxWFQkqzuFeGL39IwkCs/jTgHPK2Jc5EbpdgVQ96rki5U+Ef8b0Y4G MLRFpbcPqWAGodyMeviLHmKqK6JRvR4vCbjx3GoakhsLDIDWGYysabRpZfqv3DPo hT0SfYi8Fd4Q6Ovbgez1HB3KoqDiq81LKlGpebTC6O1aJjoe4a142uDhgHY8kRZR dF8zJZmjSjUjdKUjBvyj2POher4uC3pVX/usHC9+GNPUEf4M1WxGZZ8AOxHh1x+k Uz/I8h6nj53LO2HsgxReSSRdJzFlwy7uxEZm6SMqVdg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=R6fmSK ML9KtTVBoh+tDAcNNZx9kzhrwiKD5SpJTg/LM=; b=V3AZfWSUzMNTBrcHI06F9v QwEsJLv39B9047AsuXXTCFfxrbVxAhepKYxdGY9YMIXc+wQFTHV0iaYlZO6cUOM5 IE1B0O+oKF2bTMQ6mj3t5iZKhB1L1On+llSGtv4thfp2/gAc6BgkUz3VqabsqW1x Ozkon0EqMhyaQEAQ9nYPUl6aueYfTx2Dxy6cHS3uZb8wM8ImJY/5lg6Z8yqkv1dI 2NLikEv+llOpcPeuVEckOBwAKyHaiCoNMOdAhpB8IxKqZTnEg5l8YxVx18/vCP4L +cTUlnP5A15RlqpYZ10jwGy4IK9yAgieL+6a1aamThPfBOjHlJeu8hxCLLC6etIw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudeivddggeehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefvhigthhho ucetnhguvghrshgvnhcuoehthigthhhosehthigthhhordhpihiiiigrqeenucggtffrrg htthgvrhhnpeegkeefjeegkedtjefgfeduleekueetjeeghffhuefgffefleehgeeifedv gfethfenucfkphepgeejrddvtddurdeghedrvddtvdenucevlhhushhtvghrufhiiigvpe dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehthigthhhosehthigthhhordhpihiiiigr X-ME-Proxy: Received: from cisco (unknown [47.201.45.202]) by mail.messagingengine.com (Postfix) with ESMTPA id 2D1F1328005D; Tue, 1 Dec 2020 07:41:06 -0500 (EST) Date: Tue, 1 Dec 2020 07:41:05 -0500 From: Tycho Andersen To: Alban Crequy Cc: Giuseppe Scrivano , Kees Cook , Linux Containers , LKML Subject: Re: SECCOMP_IOCTL_NOTIF_ADDFD race condition Message-ID: <20201201124105.GB103125@cisco> References: <20201130232009.GC38675@cisco> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201130232009.GC38675@cisco> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 30, 2020 at 06:20:09PM -0500, Tycho Andersen wrote: > Idea 1 sounds best to me, but maybe that's because it's the way I > originally did the fd support that never landed :) > > But here's an Idea 4: we add a way to remotely close an fd (I don't > see that the current infra can do this, but perhaps I didn't look hard > enough), and then when you get ENOENT you have to close the fd. Of > course, this can't be via seccomp, so maybe it's even more racy. Or better yet: what if the kernel closed everything it had added via ADDFD if it didn't get a valid response from the supervisor? Then everyone gets this bug fixed for free. Tycho