Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67D05C61DA4 for ; Mon, 13 Mar 2023 20:44:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230272AbjCMUoH (ORCPT ); Mon, 13 Mar 2023 16:44:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48328 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229482AbjCMUn4 (ORCPT ); Mon, 13 Mar 2023 16:43:56 -0400 Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F285E2069B for ; Mon, 13 Mar 2023 13:43:46 -0700 (PDT) Received: by mail-yb1-xb2f.google.com with SMTP id v196so5976732ybe.9 for ; Mon, 13 Mar 2023 13:43:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1678740226; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=bpallsyVWp4X08BRu3LzaIlUbB9qVedyIOW4XaLO78U=; b=Dx4W9y+4xxpBpOolAKWkBObbAUSIOoX15XjrVmudQUQkcarwJO9dT/EhcKvnmhM3Fr WXwSkHhcaxuCM8SBlGj3oE7APCuTCpfnnSPWk0SK9EhPd7iT/tXv6ypU0poAJsArJqO7 AqRRPpbQGwNgk1m8W70qIQMEvH5luiJiLd2PknArRGQ9VMCcXARtSbEJatx2hSRZC7bs 4g/tYhfdljmFC6S+XSmvmE+k8gZSo7lHoynQbkq8/TFcj7GlC5RLe4RPqFBXWvIIaVG4 NA9QjSkSBh1tnKXNzk0gbJ+nkoadadzD9J+lx5jzzgwpkkbpE6A2YfTyNjs0o7M5+rNT 2xfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678740226; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bpallsyVWp4X08BRu3LzaIlUbB9qVedyIOW4XaLO78U=; b=YJJKcS9TzGqvJxMPoXWf91DTxT2avq/Xm+mShXosn3a8cIE+7xMpObCm1a3sXtW8dQ tbIOXwyQFy1rVltWrQ4vgEwLRUVdWuoBL0x4zO0NBmrrDBK1qwPFsSXKXvWz+uW88pqi Ar7xUL14POfhqpMtsKXrNuxkzr13J3Uvw86Q0w5H0v5G4ZO9dnZa2pOd9fugMs/ZSFvH bMOoLR7edJT3sMBvkKi0HZhlTeLAUpTavVMxzi4EEq+MNDGJQgi/46dGO3IoSYJNTHwi ZogRIy/zAiopNLynN99oJ0xCvQkFeW78I8S3qYHF8C6GzyqkUC1PM/nFPq3eVNT5fSFQ UoMQ== X-Gm-Message-State: AO0yUKVbqhMuEwGAOSrT3FoM5a7BuMtfYH5l9grjmwGt5kKR9nCpabWJ LLTgFSgQiGEAxVF7hzZJe2Y6ucC1U4M8gCbEUE4Y X-Google-Smtp-Source: AK7set/1ypMPSZDs4sjqyzXZkstT0dQPtsqkKvXnonoSsgmW2pediUdIt/g4UY9GajMI7WUokHtC6jGZjJ9LMqdP+SU= X-Received: by 2002:a05:6902:4f0:b0:ab8:1ed9:cfc1 with SMTP id w16-20020a05690204f000b00ab81ed9cfc1mr19911211ybs.3.1678740226073; Mon, 13 Mar 2023 13:43:46 -0700 (PDT) MIME-Version: 1.0 References: <20230313113211.178010-1-aleksandr.mikhalitsyn@canonical.com> In-Reply-To: From: Paul Moore Date: Mon, 13 Mar 2023 16:43:35 -0400 Message-ID: Subject: Re: [PATCH net-next v2] scm: fix MSG_CTRUNC setting condition for SO_PASSSEC To: Aleksandr Mikhalitsyn Cc: davem@davemloft.net, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, Eric Dumazet , Jakub Kicinski , Paolo Abeni , Leon Romanovsky , jmorris@namei.org, serge@hallyn.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 13, 2023 at 7:40=E2=80=AFAM Aleksandr Mikhalitsyn wrote: > > +CC security subsystem folks > > On Mon, Mar 13, 2023 at 12:32=E2=80=AFPM Alexander Mikhalitsyn > wrote: > > > > Currently, kernel would set MSG_CTRUNC flag if msg_control buffer > > wasn't provided and SO_PASSCRED was set or if there was pending SCM_RIG= HTS. > > > > For some reason we have no corresponding check for SO_PASSSEC. > > > > In the recvmsg(2) doc we have: > > MSG_CTRUNC > > indicates that some control data was discarded due to lac= k > > of space in the buffer for ancillary data. > > > > So, we need to set MSG_CTRUNC flag for all types of SCM. > > > > This change can break applications those don't check MSG_CTRUNC flag. Unless I'm missing something I don't think this will actually result in a userspace visible change as put_cmsg() already has a number of checks which set the MSG_CTRUNC flag if necessary (including if no control buffer is passed, e.g. msg_control =3D=3D NULL). Regardless, it looks fine to me. Acked-by: Paul Moore > > Cc: "David S. Miller" > > Cc: Eric Dumazet > > Cc: Jakub Kicinski > > Cc: Paolo Abeni > > Cc: Leon Romanovsky > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > > Signed-off-by: Alexander Mikhalitsyn > > > > v2: > > - commit message was rewritten according to Eric's suggestion > > --- > > include/net/scm.h | 13 ++++++++++++- > > 1 file changed, 12 insertions(+), 1 deletion(-) > > > > diff --git a/include/net/scm.h b/include/net/scm.h > > index 1ce365f4c256..585adc1346bd 100644 > > --- a/include/net/scm.h > > +++ b/include/net/scm.h > > @@ -105,16 +105,27 @@ static inline void scm_passec(struct socket *sock= , struct msghdr *msg, struct sc > > } > > } > > } > > + > > +static inline bool scm_has_secdata(struct socket *sock) > > +{ > > + return test_bit(SOCK_PASSSEC, &sock->flags); > > +} > > #else > > static inline void scm_passec(struct socket *sock, struct msghdr *msg,= struct scm_cookie *scm) > > { } > > + > > +static inline bool scm_has_secdata(struct socket *sock) > > +{ > > + return false; > > +} > > #endif /* CONFIG_SECURITY_NETWORK */ > > > > static __inline__ void scm_recv(struct socket *sock, struct msghdr *ms= g, > > struct scm_cookie *scm, int flags) > > { > > if (!msg->msg_control) { > > - if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp) > > + if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp || > > + scm_has_secdata(sock)) > > msg->msg_flags |=3D MSG_CTRUNC; > > scm_destroy(scm); > > return; > > -- > > 2.34.1 --=20 paul-moore.com