Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp676250pxy; Fri, 30 Apr 2021 13:52:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxNETYF30Ib+LUo6kamyxvOctRowgvtxsJZccMItViSx35ZKR67xfOLMIMwM98jnPi0VSc6 X-Received: by 2002:a17:90a:4410:: with SMTP id s16mr7030988pjg.203.1619815923991; Fri, 30 Apr 2021 13:52:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619815923; cv=none; d=google.com; s=arc-20160816; b=d+plsEDLw8xl4q48Dc6Zg0v4U2EaZ9xZ0AYt8XPOSYmdOfl3pfjN6oxEVGZL+85d1M fbO8jJ/6h6qHs1gEVy1Wujs0uC339wzVbZZyRNhaF0c87RQyn7JduUqLep9VtH/0NxRv /5/0I2QuX0DOscU101XFp4zKcS7W1VrDLkEuipL0Ian48S4uZy/OWGsH2QQJ7gxKkJmW W8xUKBawOZbe29GqpZdZotLvy+IEK6zHBjtr+Z15BoQFVo1zpojXe/o5csZZlDYAra10 oweLg0FgwVMtDMb5zP4AkxI6QlQkY7I6SwdDZVQoWsS57OdJZxV6RBjg4AR/DrhWPw8h g+pQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=vfAsECn/fzRz8G1nJMm0ods0ajgpdWjB1GxnEL0hfI8=; b=vUjsTttzmx38FSH9EB8ZwiuQEEADxfHF+ytSrTIQ+KkroKBxg74lI5vUV5XSkGtuNT 59HhapM1XPwn9uYcO6eYRj23TE2e5j6+ENRh0f5IncRA9JvH5IS69KFd0il8m7uKl1Ve GQATvbzmSP9NbI2rptJRzs50FeU27BXWMcRQ2xj7SGy+p1JJW0VMWw67qlt4KM5SHwsv amTCMM3CldOEo1R+s8VtJn/xHl48zByovdHsO2clwL2PgLeuNd5E1fCPmYNF6UggxRgH E0x/8YXOvWBzn+5Krych8yyTK75+jUXcVUodXGh4CDumUc4bxR1xZRaYmqWRTdpFkgXe wUrg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=tBbq4Htj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v16si4413042plg.264.2021.04.30.13.51.51; Fri, 30 Apr 2021 13:52:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@sargun.me header.s=google header.b=tBbq4Htj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236064AbhD3Uux (ORCPT + 99 others); Fri, 30 Apr 2021 16:50:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46872 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231265AbhD3Uug (ORCPT ); Fri, 30 Apr 2021 16:50:36 -0400 Received: from mail-qv1-xf2d.google.com (mail-qv1-xf2d.google.com [IPv6:2607:f8b0:4864:20::f2d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 40FE4C06138B for ; Fri, 30 Apr 2021 13:49:47 -0700 (PDT) Received: by mail-qv1-xf2d.google.com with SMTP id jm10so2911608qvb.5 for ; Fri, 30 Apr 2021 13:49:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vfAsECn/fzRz8G1nJMm0ods0ajgpdWjB1GxnEL0hfI8=; b=tBbq4HtjyvEahKkAMBaoBEwoyZPbBrrg3UmsWUO+c+Qq7ICQjcbVNB9vFrv/s14QNj j27Vgs4LxA9g40TLXRLaCDxLS9rgrFESOlF4ziTq/B/qAV27XQ8QwUoHUlPUPJRTAgaL ZzZcbjbYLBpeGYRSPigkvZRSopYnf0ffRdtBo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vfAsECn/fzRz8G1nJMm0ods0ajgpdWjB1GxnEL0hfI8=; b=ZgzHs52gYuC6wIoN0g0BfRsyrGtpJvqv4gZ8hdzlrR0ZomCrny8De8Butrw9qT92// 9G4+Qwdl4SgYskP91GOb130eYUF/rTx7i7Ba1X3yjXV3eNEVmOmrHACfmgE96Vj/zTNf gZ8tKlBW/OOAdhmzv0ebtsia29N87BQne7bU05pO0Wk1VBcCRnZ1OucluGxsa00cJRvd NaSK6dIqkqzG/O2DAjB55wdEfbDCDZQIde4CbyIG0U+2dcsQ5F80oqhKw/OGc7899NId 7unwoN2WRXVB5dRSJytj4WMH3FVnKCfoZ52T4eKs6njJc0meFUpxHeZu8DI+zE/dxlf8 Vtwg== X-Gm-Message-State: AOAM532Xwu+xRa9BXRhaUjqUI7YXB6ycZkMGjYiRwH3NHPJcvtstOErJ eP6dIy6H962CI6iW2ko+ew2zPg== X-Received: by 2002:a0c:9e0f:: with SMTP id p15mr7500368qve.27.1619815786387; Fri, 30 Apr 2021 13:49:46 -0700 (PDT) Received: from ubuntu.netflix.com (136-25-20-203.cab.webpass.net. [136.25.20.203]) by smtp.gmail.com with ESMTPSA id z17sm3161960qtf.10.2021.04.30.13.49.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Apr 2021 13:49:45 -0700 (PDT) From: Sargun Dhillon To: Kees Cook , LKML , Linux Containers Cc: Sargun Dhillon , =?UTF-8?q?Mauricio=20V=C3=A1squez=20Bernal?= , Rodrigo Campos , Tycho Andersen , Giuseppe Scrivano , Christian Brauner , Andy Lutomirski Subject: [PATCH v2 1/5] seccomp: Refactor notification handler to prepare for new semantics Date: Fri, 30 Apr 2021 13:49:35 -0700 Message-Id: <20210430204939.5152-2-sargun@sargun.me> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210430204939.5152-1-sargun@sargun.me> References: <20210430204939.5152-1-sargun@sargun.me> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This refactors the user notification code to have a do / while loop around the completion condition. This has a small change in semantic, in that previously we ignored addfd calls upon wakeup if the notification had been responded to, but instead with the new change we check for an outstanding addfd calls prior to returning to userspace. Rodrigo Campos also identified a bug that can result in addfd causing an early return, when the supervisor didn't actually handle the syscall [1]. [1]: https://lore.kernel.org/lkml/20210413160151.3301-1-rodrigo@kinvolk.io/ Fixes: 7cf97b125455 ("seccomp: Introduce addfd ioctl to seccomp user notifier") Signed-off-by: Sargun Dhillon --- kernel/seccomp.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 1d60fc2c9987..93684cc63285 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1098,28 +1098,30 @@ static int seccomp_do_user_notification(int this_syscall, up(&match->notif->request); wake_up_poll(&match->wqh, EPOLLIN | EPOLLRDNORM); - mutex_unlock(&match->notify_lock); /* * This is where we wait for a reply from userspace. */ -wait: - err = wait_for_completion_interruptible(&n.ready); - mutex_lock(&match->notify_lock); - if (err == 0) { - /* Check if we were woken up by a addfd message */ + do { + mutex_unlock(&match->notify_lock); + err = wait_for_completion_interruptible(&n.ready); + mutex_lock(&match->notify_lock); + if (err != 0) + goto interrupted; + addfd = list_first_entry_or_null(&n.addfd, struct seccomp_kaddfd, list); - if (addfd && n.state != SECCOMP_NOTIFY_REPLIED) { + /* Check if we were woken up by a addfd message */ + if (addfd) seccomp_handle_addfd(addfd); - mutex_unlock(&match->notify_lock); - goto wait; - } - ret = n.val; - err = n.error; - flags = n.flags; - } + } while (n.state != SECCOMP_NOTIFY_REPLIED); + + ret = n.val; + err = n.error; + flags = n.flags; + +interrupted: /* If there were any pending addfd calls, clear them out */ list_for_each_entry_safe(addfd, tmp, &n.addfd, list) { /* The process went away before we got a chance to handle it */ -- 2.25.1