Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3908620pxj; Tue, 11 May 2021 14:53:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzX9ta0n+a0hdVR1+GmNwDkgbUDACnD/lvhbd97usevbz2ziYuiw4yfrz7un6DgUfvIboS+ X-Received: by 2002:a50:ab06:: with SMTP id s6mr30387468edc.100.1620769982180; Tue, 11 May 2021 14:53:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620769982; cv=none; d=google.com; s=arc-20160816; b=S75p5kLvJX10FF2XmpiOjqLzmwMp4U+HYT3kGG/lcWaitbTpfrVG3vfAb1T/ndU2X/ ECz2pAh2aVLTBZuSKHUSage/x65VVxxjqx3buaXiHaTUPGKHNuNOPbtwN48MPWAxON0l 8Q8HA0zveBlDZJwU105IqjJNqZevGZ33tFoDlFaSFppw0MkDLPFDsk/eyzTcAHPLmgiE NXVWK0a9ghyAB2MN1Ju5bEpFC7PTL4UIKk8OdMnGBT5NIQe7/8ru6muqpffcRq3a+VYl LEff2GoU91PK8xGkjs9Crf7y6KO+6duHY2aqViXQE06Tp3h4Z3H1w6Nlx//22Bs6ivcG KG8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :dkim-signature; bh=iTB27FskG3qCZ/2+bDx/QlZWQqbcFgHZ/tiyid5nlZI=; b=rv4WJMpfbITVUCJnLsIAkZUzhXG6/nyNqHQeLH6QJiKmSoaL2Fh/eeXKpCBzLzDjMK qyoHQs7cJTvXVUKTavwU6g027VXZYt4ADb64B1VxarPKHfdatMmk/JlfSbzi81iXDMtX RZrpTGxv1fgEG/GTho93+fJ+205D6GobF1io+uIdcuEZFt68/7vDjNONOmPAvZJsgmI7 lyAZsrkw8I4iQUGE/IXVtqZhsG2+/ZVMiFl7FNvwf0gVZ5uyAvx28xx8bEBt5ZID/UFZ 7geHim0cKtXFIJjz55Uk3vRZmq3Foa2J6KSk9piZqcpzzYgZdVXkjuc949rqQuD+w6W1 EDFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm3 header.b=7wOTtwaB; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=gfRlOifr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id nb33si14747712ejc.591.2021.05.11.14.52.38; Tue, 11 May 2021 14:53:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho.pizza header.s=fm3 header.b=7wOTtwaB; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=gfRlOifr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230096AbhEKVwE (ORCPT + 99 others); Tue, 11 May 2021 17:52:04 -0400 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:34205 "EHLO wout2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229637AbhEKVvh (ORCPT ); Tue, 11 May 2021 17:51:37 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 411CF179C; Tue, 11 May 2021 17:50:16 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Tue, 11 May 2021 17:50:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.pizza; h= date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm3; bh=iTB27FskG3qCZ/2+bDx/QlZWQqb cFgHZ/tiyid5nlZI=; b=7wOTtwaBCKi2Ph3V7Bp4qMNOOqG+9iAw7K2WYx0ZMY2 1DJxVEVwVrm/LLM6oNsp07CN/qc76Y3WgW5m0N4XKnLYzv6JyTWWiDo3iONQT3z4 FrTsdhnCwS1a2AyHoRbt8AkaX7GEZFBKyXd1VK3stqcR/TYac1qKew+mVG0yj+ox 2Y0TfZ6nQTn7ntugviIRC/z5HmmzHdtR0JOmvo2TsWOGIeZxHtKWPSx+ylG72eCj IRiMjThdighylcMGhbs/obPyynJWta2Ac8tsGBUrYWP7296Kl9dS65bV5gCO9d1L WKiSiHlDsucoM2IzKXJZ4l6d/M60tJa4dZmIIegsKzg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=iTB27F skG3qCZ/2+bDx/QlZWQqbcFgHZ/tiyid5nlZI=; b=gfRlOifrWLAtiISTbrk8TX MhLuJ0GVYscP6MPJVvVP9NbMBg7jLtyka6pVCQ/Hq8y6tgrYrxDGoYjO/QnGKPw8 DcBuZPw5pWPiTvMGeFvfHi0VZpqoraH5cfs0YawHI1gHJc9++EmGjhas/sXltSjL jinfgoV7vdqXpqUut7ZUFLGvmcxTT/diAVUlSFIUhviJrpiAs4ov9ILXFrxPRcQ4 HWJPmMJ8i+prsdypFG7Y7XVCEu9dJmV+dc6okplURcuxFbJtpGcb86MRLBbGQ6QK BsfF8aDj8B8qrLLeFdRbrFFFdYiB53mpz4/b0G98EzV6EBC/NgtIQPV8SZY/QMcA == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdehuddgtddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefvhigthhho ucetnhguvghrshgvnhcuoehthigthhhosehthigthhhordhpihiiiigrqeenucggtffrrg htthgvrhhnpeegkeefjeegkedtjefgfeduleekueetjeeghffhuefgffefleehgeeifedv gfethfenucfkphepuddvkedruddtjedrvdeguddrudejieenucevlhhushhtvghrufhiii gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehthigthhhosehthigthhhordhpihii iigr X-ME-Proxy: Received: from cisco (unknown [128.107.241.176]) by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 11 May 2021 17:50:12 -0400 (EDT) Date: Tue, 11 May 2021 15:50:10 -0600 From: Tycho Andersen To: Sargun Dhillon Cc: Kees Cook , LKML , Linux Containers , Andy Lutomirski , Rodrigo Campos , Mauricio =?iso-8859-1?Q?V=E1squez?= Bernal , Giuseppe Scrivano , Christian Brauner , =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= Subject: Re: [PATCH 3/4] seccomp: Support atomic "addfd + send reply" Message-ID: <20210511215010.GB1964106@cisco> References: <20210502001851.3346-1-sargun@sargun.me> <20210502001851.3346-4-sargun@sargun.me> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210502001851.3346-4-sargun@sargun.me> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Sat, May 01, 2021 at 05:18:50PM -0700, Sargun Dhillon wrote: [snip] > Other patches in this series add a way to block signals when a syscall > is put to wait by seccomp. I guess we can drop this bit from the message if the series is split. > The struct seccomp_notif_resp, used when doing SECCOMP_IOCTL_NOTIF_SEND > ioctl() to send a response to the target, has three more fields that we > don't allow to set when doing the addfd ioctl() to also return. The > reasons to disallow each field are: > * val: This will be set to the new allocated fd. No point taking it > from userspace in this case. > * error: If this is non-zero, the value is ignored. Therefore, > it is pointless in this case as we want to return the value. > * flags: The only flag is to let userspace continue to execute the > syscall. This seems pointless, as we want the syscall to return the > allocated fd. > > This is why those fields are not possible to set when using this new > flag. I don't quite understand this; you don't need a NOTIF_SEND at all with the way this currently works, right? > @@ -1113,7 +1136,7 @@ static int seccomp_do_user_notification(int this_syscall, > struct seccomp_kaddfd, list); > /* Check if we were woken up by a addfd message */ > if (addfd) > - seccomp_handle_addfd(addfd); > + seccomp_handle_addfd(addfd, &n); > > } while (n.state != SECCOMP_NOTIFY_REPLIED); > This while() bit is introduced in the previous patch, can we fold this deletion into that somehow? Thanks, Tycho