Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2730103pxj;
        Mon, 31 May 2021 09:16:49 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwUXTzK3Jzn6AvaU/eJLdWatyXMgP/WMKW0B44ONY3850UvtSq7mpMdR7ZmQ93izAaxZjZ1
X-Received: by 2002:a02:83c2:: with SMTP id j2mr21328127jah.6.1622477809486;
        Mon, 31 May 2021 09:16:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1622477809; cv=none;
        d=google.com; s=arc-20160816;
        b=W9tQVFDRkruzzrp3rWZU0/P0lI60g8s3KfAfsnQDGoZPrDsz5OcnFY17Xsa8cXR5QD
         0wwogGARncaFuoJ5VkhApkX3fVWA6xVFypb6XfPKaIS1mvpc4X/VV2DF8xWXryzkiRZ2
         TGsNvlkNoORbYlsofs8VtT2GfQb4lD1RuhWfNxEPvHsN+qd6MlbAN0IEF14+3gSjZ1RW
         t7bICJavOOnyaDIzlm/GAQhLTuJWhYokMZDxP+zeXsALP4PJpLPebALzSc9BdYnwy5Is
         plxlvot2MEah5HtYdgkMeFHUl2say6T1Gc3jU9UrpbUUy/SU7o3MbPLimWEV68X0IK90
         yGWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=fcikVh31EGrGM2IazaVHLYX4L1Vmuq2mUsKpvBF7G4Q=;
        b=or24BqbC0rjNwSMSEiXugTsj6LC+4iMIMXshpws6zbMDLWw6UmjMYA6frb/GTCvi7V
         VSNWSs4RzDjQ6puWxWZUKPp5VcbCjVcjr5piDsi2EAbQc58JgWiComfQIlISIDlUtGkn
         ybh4vcmlrJmnlDyssLFHL2VEUunlQV/Agw7h+JlVE3YgHZXb3DMV2W+tJP2gt5DXBRUn
         jjVI8MhiGxUbJ5Ltpy4YTut+jwP0dPHR9eLl3JcHuqhz8QeT8VMfn6kLFjblF5Qbh/z/
         YZnsJZOmBEYJ4aHejvHUzcrmoKLEd6UaMIEEiYz0vl09xjyYVKZQltPZRCDt6jJTtxrV
         bzdA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="dRM631/J";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id k10si14089519iow.62.2021.05.31.09.16.36;
        Mon, 31 May 2021 09:16:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="dRM631/J";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233942AbhEaQQY (ORCPT <rfc822;lukasz.wituch.linux@gmail.com>
        + 99 others); Mon, 31 May 2021 12:16:24 -0400
Received: from mail.kernel.org ([198.145.29.99]:38038 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S234203AbhEaOji (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 31 May 2021 10:39:38 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 8D3A861874;
        Mon, 31 May 2021 13:52:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1622469180;
        bh=MOa681YkjIDTsO/iqmYvJ5GkdkdHKU8MnIisXx/mwyk=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=dRM631/JslK+IvKRdjzCphN5XeIY5uoNPg1lRMok7+9SSm6RICPHM9R9qaTHxv6Mb
         WGAYnJgcVvQ8nrvBJgsDOULU6x2sAYiQ9wQUcyW5irRVkfW5jtV8zUXpvi+oYx5YLu
         bh60btuX4/chW6e//0VUAd5PUvalByqia7jvrJ8k=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Sargun Dhillon <sargun@sargun.me>,
        Tycho Andersen <tycho@tycho.pizza>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Kees Cook <keescook@chromium.org>,
        Rodrigo Campos <rodrigo@kinvolk.io>
Subject: [PATCH 5.12 064/296] seccomp: Refactor notification handler to prepare for new semantics
Date:   Mon, 31 May 2021 15:11:59 +0200
Message-Id: <20210531130705.991657084@linuxfoundation.org>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20210531130703.762129381@linuxfoundation.org>
References: <20210531130703.762129381@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sargun Dhillon <sargun@sargun.me>

commit ddc473916955f7710d1eb17c1273d91c8622a9fe upstream.

This refactors the user notification code to have a do / while loop around
the completion condition. This has a small change in semantic, in that
previously we ignored addfd calls upon wakeup if the notification had been
responded to, but instead with the new change we check for an outstanding
addfd calls prior to returning to userspace.

Rodrigo Campos also identified a bug that can result in addfd causing
an early return, when the supervisor didn't actually handle the
syscall [1].

[1]: https://lore.kernel.org/lkml/20210413160151.3301-1-rodrigo@kinvolk.io/

Fixes: 7cf97b125455 ("seccomp: Introduce addfd ioctl to seccomp user notifier")
Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Acked-by: Tycho Andersen <tycho@tycho.pizza>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Rodrigo Campos <rodrigo@kinvolk.io>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210517193908.3113-3-sargun@sargun.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/seccomp.c |   30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1098,28 +1098,30 @@ static int seccomp_do_user_notification(
 
 	up(&match->notif->request);
 	wake_up_poll(&match->wqh, EPOLLIN | EPOLLRDNORM);
-	mutex_unlock(&match->notify_lock);
 
 	/*
 	 * This is where we wait for a reply from userspace.
 	 */
-wait:
-	err = wait_for_completion_interruptible(&n.ready);
-	mutex_lock(&match->notify_lock);
-	if (err == 0) {
-		/* Check if we were woken up by a addfd message */
+	do {
+		mutex_unlock(&match->notify_lock);
+		err = wait_for_completion_interruptible(&n.ready);
+		mutex_lock(&match->notify_lock);
+		if (err != 0)
+			goto interrupted;
+
 		addfd = list_first_entry_or_null(&n.addfd,
 						 struct seccomp_kaddfd, list);
-		if (addfd && n.state != SECCOMP_NOTIFY_REPLIED) {
+		/* Check if we were woken up by a addfd message */
+		if (addfd)
 			seccomp_handle_addfd(addfd);
-			mutex_unlock(&match->notify_lock);
-			goto wait;
-		}
-		ret = n.val;
-		err = n.error;
-		flags = n.flags;
-	}
 
+	}  while (n.state != SECCOMP_NOTIFY_REPLIED);
+
+	ret = n.val;
+	err = n.error;
+	flags = n.flags;
+
+interrupted:
 	/* If there were any pending addfd calls, clear them out */
 	list_for_each_entry_safe(addfd, tmp, &n.addfd, list) {
 		/* The process went away before we got a chance to handle it */