Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp875272pxj; Thu, 27 May 2021 13:48:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxemI7Ui6RK0BiyNB249YayZkFpoTqksOMxnJeTradTk/iJTHkDF57W2fZzO459nxUmoBY3 X-Received: by 2002:a05:6602:2bef:: with SMTP id d15mr4321188ioy.13.1622148523367; Thu, 27 May 2021 13:48:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622148523; cv=none; d=google.com; s=arc-20160816; b=N/aeoKk0nnFB/r6B12no0+TOGRnuCCucYMoYyfCX9QxGzUNNQpgDW8aFCP+PdJH8GA kgyRnRuV43Ft8U3ueFTWWeI5RXrvw9RZp0O1bkaIl09AjTKwgLiMBlgbb6h3c4Gnu7d5 ur0E1xKThRYcgwUoV6q4GX7J0Cx+ZFlPC0S4JhbxGoQljPeRu1SNLOkYQvdiYBHfaTHX TH9MPs4GGvys0XHNRGPq8GhorTGyI7aorfuwAMOlVTs7wNvsu3MAOQEeU2gCCcQ2BnQa OatI3NjkSy0SuLcW+9aAzZzKB/eQIwl03WKmbtKgma/xOHY/qZDV9CGfzbeC455Ghnh1 glfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=AC3MmOTUuOGnepZXQGZ9Vafob+m6VNi00uwAJjSXdhg=; b=f16XJlkeRUEZNz/WFXxdQtKqPNjA6KOwcNhIJVGET0Wq+AjUfZsrhexee3Th0vfoH5 zEM8QL3GLev1yTgIRrYpqrgti8p+04NnA4uVzLIrTVuMez41GtCoBesu3lc4AtZ/nJWj nUX+dEL67xHvmGwLdRkHUO4jRwjJiyIyheELxjV5v5nV8bOyB60e8IXvfzOWFE4SdR8w IlEVcKi6eN9WU+Jy7P+ZKcJPO/b/9Ay0/U6wZYM4MDO0/hOtNL6ArmDrhrvrqcyJgnyz terH08vP86Jbqo8k+qYvPdZVz+w+As0jj5SNM7omI0SsMFgCGNnGkRoMa3kxZj/w0RCY qJAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kinvolk.io header.s=google header.b=iyZqWizj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kinvolk.io Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z17si3533172jat.5.2021.05.27.13.48.27; Thu, 27 May 2021 13:48:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kinvolk.io header.s=google header.b=iyZqWizj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kinvolk.io Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234311AbhE0Lx1 (ORCPT + 99 others); Thu, 27 May 2021 07:53:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40390 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234334AbhE0LxY (ORCPT ); Thu, 27 May 2021 07:53:24 -0400 Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA8C0C0613CE for ; Thu, 27 May 2021 04:51:51 -0700 (PDT) Received: by mail-lj1-x232.google.com with SMTP id t17so381408ljd.9 for ; Thu, 27 May 2021 04:51:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kinvolk.io; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AC3MmOTUuOGnepZXQGZ9Vafob+m6VNi00uwAJjSXdhg=; b=iyZqWizjPMOTwqAW/a19v/NIgvvIwslHpX+4ycAXvsYAh93yczNrf6UoKXR00H6+Ad eJkLO7BgJ1VRuOffPYI2KsAsoQwB2bTbN1pxGC7D2gPrOb/zS/8P9UNppfs7v4ftRBWd L5opBVj+Eigq6yuSPmw+vClubBqnsXFlYOj4Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AC3MmOTUuOGnepZXQGZ9Vafob+m6VNi00uwAJjSXdhg=; b=eJMpjkYEJSeLcTk1kKWhGyrZjJpV7TAEE/l7FspsChOKrY1WLC8EsyiZmKKlbAQJ09 1bUl3u1/XwMvtg5kx07Yc/KyyQriQh2HuRDRBD4zfcRvYeXbi4+RT/N7NRPJsufV/ymR Kn8t+5959tLWOpvsGJ+Ty41pe6agWOnfwAz7AkGiQl9zCZanWUppF4dcoJ01xfq2/Vze BwA96w229z2nY4rxD6nUCxlVJOhOJrYx5fQKjxaINnlsDnIE+V7/3vPN1QUS+tbks6Gm O9TTslztKlOD3pQJ0Ug53Hb+uvxOUO5RJobMcXQGJ/VHijycK58DyEg5K0/KNLwqqdNn o5IQ== X-Gm-Message-State: AOAM532nuDpoaW1Jyn6Yo0NSAt0lfLTTy8ZbK+GnNosxE2Y1DRSFyxDP P1JMyC+jbALpQzTUFnXXstDL+/lL6AUVESf3DfIgPA== X-Received: by 2002:a2e:b4b3:: with SMTP id q19mr2185724ljm.374.1622116309916; Thu, 27 May 2021 04:51:49 -0700 (PDT) MIME-Version: 1.0 References: <20210517193908.3113-1-sargun@sargun.me> <20210517193908.3113-3-sargun@sargun.me> In-Reply-To: <20210517193908.3113-3-sargun@sargun.me> From: Rodrigo Campos Date: Thu, 27 May 2021 13:51:13 +0200 Message-ID: Subject: Re: [PATCH v2 2/4] seccomp: Refactor notification handler to prepare for new semantics To: Sargun Dhillon Cc: Kees Cook , LKML , containers@lists.linux.dev, Tycho Andersen , Andy Lutomirski , =?UTF-8?Q?Mauricio_V=C3=A1squez_Bernal?= , Giuseppe Scrivano , Christian Brauner , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 17, 2021 at 9:39 PM Sargun Dhillon wrote: > > This refactors the user notification code to have a do / while loop around > the completion condition. This has a small change in semantic, in that > previously we ignored addfd calls upon wakeup if the notification had been > responded to, but instead with the new change we check for an outstanding > addfd calls prior to returning to userspace. > > Rodrigo Campos also identified a bug that can result in addfd causing > an early return, when the supervisor didn't actually handle the > syscall [1]. > > [1]: https://lore.kernel.org/lkml/20210413160151.3301-1-rodrigo@kinvolk.io/ > > Fixes: 7cf97b125455 ("seccomp: Introduce addfd ioctl to seccomp user notifier") > Signed-off-by: Sargun Dhillon > Acked-by: Tycho Andersen Kees, as I mentioned in the linked thread, this issue is present in 5.9+ kernels. Should we add the cc to stable for this patch? Or should we cc to stable the one linked, that just fixes the issue without semantic changes to userspace? Just to be clear, the other patch that fixes the problem without userspace visible changes is this: https://lore.kernel.org/lkml/20210413160151.3301-1-rodrigo@kinvolk.io/ Best, Rodrigo