lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 19 Dec 2019 09:03:09 +0100
From:   Arnd Bergmann <arnd@...db.de>
To:     Sargun Dhillon <sargun@...gun.me>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Linux Containers <containers@...ts.linux-foundation.org>,
        Linux API <linux-api@...r.kernel.org>,
        Linux FS-devel Mailing List <linux-fsdevel@...r.kernel.org>,
        Tycho Andersen <tycho@...ho.ws>, Jann Horn <jannh@...gle.com>,
        Aleksa Sarai <cyphar@...har.com>,
        Christian Brauner <christian.brauner@...ntu.com>,
        Oleg Nesterov <oleg@...hat.com>,
        Andy Lutomirski <luto@...capital.net>,
        Al Viro <viro@...iv.linux.org.uk>, gpascutto@...illa.com,
        ealvarez@...illa.com, Florian Weimer <fweimer@...hat.com>,
        jld@...illa.com
Subject: Re: [PATCH v4 2/5] pid: Add PIDFD_IOCTL_GETFD to fetch file
 descriptors from processes

On Thu, Dec 19, 2019 at 12:55 AM Sargun Dhillon <sargun@...gun.me> wrote:

> +#define PIDFD_IOCTL_GETFD      _IOWR('p', 0xb0, __u32)

This describes an ioctl command that reads and writes a __u32 variable
using a pointer passed as the argument, which doesn't match the
implementation:

> +static long pidfd_getfd(struct pid *pid, u32 fd)
> +{
...
> +       return retfd;

This function passes an fd as the argument and returns a new
fd, so the command number would be

#define PIDFD_IOCTL_GETFD      _IO('p', 0xb0)

While this implementation looks easy enough, and it is roughly what
I would do in case of a system call, I would recommend for an ioctl
implementation to use the __u32 pointer instead:

static long pidfd_getfd_ioctl(struct pid *pid, u32 __user *arg)
{
         int their_fd, new_fd;
         int ret;

         ret = get_user(their_fd, arg);
         if (ret)
              return ret;

        new_fd = pidfd_getfd(pid, their_fd);
        if (new_fd < 0)
                return new_fd;

         return put_user(new_fd, arg);
}

Direct argument passing in ioctls may confuse readers because it
is fairly unusual, and it doesn't work with this:

>  const struct file_operations pidfd_fops = {
>         .release = pidfd_release,
>         .poll = pidfd_poll,
> +       .unlocked_ioctl = pidfd_ioctl,
> +       .compat_ioctl = compat_ptr_ioctl,

compat_ptr_ioctl() only works if the argument is a pointer, as it
mangles the argument to turn it from a 32-bit pointer value into
a 64-bit pointer value. These are almost always the same
(arch/s390 being the sole exception), but you should not rely
on it. For now it would be find to do '.compat_ioctl = pidfd_ioctl',
but that in turn is wrong if you ever add another ioctl command
that does pass a pointer.

       Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ