Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp3846838pxy; Mon, 26 Apr 2021 11:07:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxqawBeabITEMMqhCpkiv/pu/shgWpLgQEaUn13UG7VDWrDC7lALlxzXqRKaRQ99+mfBc0I X-Received: by 2002:aa7:c746:: with SMTP id c6mr22388273eds.169.1619460463324; Mon, 26 Apr 2021 11:07:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619460463; cv=none; d=google.com; s=arc-20160816; b=rTSUVZD3T4uj5Z35HhbS23co0BtgXFLBKiN4VnIX5Nk8yB05J0z5x573mZ4BlgEe+6 E/C1rndfjgGUjde5kmH/WoYTEh/yQstdOiDK1Hp0mLQgKT0zf6LQyoiAfzYW3LF6tJYb TBLWNfqGTljWHuZxnTj2ZaNK85ypuh91o2emi1U+wt7P1BLVHMgj6RoWkjMoRuk+8CNi civ83xZA5sAOsGXH9/NRd6PdhIhbgmDv6IWZQs185L6k5754Fl+eRFK+FK24kGXtTuRc KS3YMWa2AR1+tjjtVudNNtQyCVCSZz1/On61mkS0d1k5V0YxVT92YFbPYFzldsL+v1+J KPZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=crrXl04Pmuu3hnq0cq7H9ljH1hJvjphFD3Ivc9bSiG0=; b=wDrZ08h8oqtswF+AIgDHDrxSCRzOtozj8fiod861VzcpvoejpxdaAQ1d3jz6/j4ncw iiCZho0sPKrUQGssLeipqD6qrvzA29aflRo3RQy9/TE18tV+S+thmLoVsH+BwrBZVsVS 9ePfNVjE+g4RruX4MiJPNHvCkaUMp8M/4xjTX+2DfEjSiwzWe7LEN/EcxXEeFUzeowA8 BwKMsPByGQm9otZjjpXLDSRFcovC2VaxjxITRyuiqJ/RS/BhCYc0xjfWhRVkgYjbtZij kZFMTwzPr42Y2cnEbS5HrC9ib9kMgu7dUqOkOgM9O2NKib1lA7093nMUyxSASWCSRUy6 wH9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=KkujWiFE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v7si425469edj.328.2021.04.26.11.07.19; Mon, 26 Apr 2021 11:07:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=KkujWiFE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234224AbhDZSG5 (ORCPT + 99 others); Mon, 26 Apr 2021 14:06:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39320 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233842AbhDZSG4 (ORCPT ); Mon, 26 Apr 2021 14:06:56 -0400 Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E004FC061574 for ; Mon, 26 Apr 2021 11:06:14 -0700 (PDT) Received: by mail-pl1-x62d.google.com with SMTP id h20so29378519plr.4 for ; Mon, 26 Apr 2021 11:06:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=crrXl04Pmuu3hnq0cq7H9ljH1hJvjphFD3Ivc9bSiG0=; b=KkujWiFEtrvDAwAIA9yFog0WvpXFYbxTqf2G6PUO4jUn/BaScPI3Tya5PV1L/3Cphv X1quUztMcdUAqr1aNZoIlFF8shCRsL5iSXKoT8rL4PBYQhGnkwuUnww3FRvMfW4iIBNf yqRb+3jdPBjRhm2gSJJjyoJKi8vUJjO8Jgrn8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=crrXl04Pmuu3hnq0cq7H9ljH1hJvjphFD3Ivc9bSiG0=; b=luZeH2JXkmcCn0rdhZ7viNkkl8uxbISWXc8xkd7fX5ZmUMuDogo/OWAgh6cBv9VKt1 FPeNJXAolDVtJCnpKTeToferhLybyTcz9cKkja4XZFNUY3z7Ny4RwmL4jXtqJSHCS3UR j5tOsIzllD3q29oGQz83M19gLj5EkBPknmSMuDkJPCJGds79xfnOvYrKPwz4Y6Z/dkPv vhAqS7T1wNK/cnSsGEg5CzGB3xoOG2xXOZqQ0BmSOyU+VqTjyTDB3vo7Y8pT+4GNtITE H6rawZaFaCOsX9hKd9BA+9HdfS+5l9m2V8Tx04XEVoOUPXHuIugYpASKLkZhgAMrwzcw EM9A== X-Gm-Message-State: AOAM530dbitGrv/vKzLycHMmTQt5TU+ZaWGZ7Ffe2SK8mf3YxfY+6FRC 501zzys2Bcwu1b2LYLYSEP0Uqg== X-Received: by 2002:a17:90b:3754:: with SMTP id ne20mr4999359pjb.39.1619460374084; Mon, 26 Apr 2021 11:06:14 -0700 (PDT) Received: from ubuntu.netflix.com (136-25-20-203.cab.webpass.net. [136.25.20.203]) by smtp.gmail.com with ESMTPSA id j7sm326835pfd.129.2021.04.26.11.06.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Apr 2021 11:06:13 -0700 (PDT) From: Sargun Dhillon To: Kees Cook , LKML , Linux Containers , Rodrigo Campos , Christian Brauner Cc: Sargun Dhillon , =?UTF-8?q?Mauricio=20V=C3=A1squez=20Bernal?= , Tycho Andersen , Giuseppe Scrivano , Andy Lutomirski , Will Drewry , Alban Crequy Subject: [PATCH RESEND 0/5] Handle seccomp notification preemption Date: Mon, 26 Apr 2021 11:06:05 -0700 Message-Id: <20210426180610.2363-1-sargun@sargun.me> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patchset addresses a race condition we've dealt with recently with seccomp. Specifically programs interrupting syscalls while they're in progress. This was exacerbated by Golang's recent adoption of "async preemption", in which they try to interrupt any syscall that's been running for more than 10ms during GC. During certain syscalls, it's non-trivial to write them in a reetrant manner in userspace (mount). This has a couple semantic changes, and relaxes a check on seccomp_data, and changes the semantics with ordering of how addfd and notification replies in the supervisor are handled. I'm resending after rebasing and testing on v5.12. It turns out this change also fixed a bug Rodrigo found that could occur with addfd around certain race conditions[2]. It also follows up on the original proposal from Tycho[3] to allow for adding an FD and returning that value atomically. Changes since v1[1]: * Fix some documentation * Add Rata's patches to allow for direct return from addfd [1]: https://lore.kernel.org/lkml/20210220090502.7202-1-sargun@sargun.me/ [2]: https://lore.kernel.org/lkml/20210413160151.3301-1-rodrigo@kinvolk.io/ [3]: https://lore.kernel.org/lkml/202012011322.26DCBC64F2@keescook/ Rodrigo Campos (2): seccomp: Support atomic "addfd + send reply" selftests/seccomp: Add test for atomic addfd+send Sargun Dhillon (3): seccomp: Refactor notification handler to prepare for new semantics seccomp: Add wait_killable semantic to seccomp user notifier selftests/seccomp: Add test for wait killable notifier .../userspace-api/seccomp_filter.rst | 15 +- include/uapi/linux/seccomp.h | 4 + kernel/seccomp.c | 129 ++++++++++++++---- tools/testing/selftests/seccomp/seccomp_bpf.c | 102 ++++++++++++++ 4 files changed, 220 insertions(+), 30 deletions(-) base-commit: 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 -- 2.25.1