lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110923160653.GB3502@sergelap>
Date:	Fri, 23 Sep 2011 11:06:53 -0500
From:	"Serge E. Hallyn" <serge.hallyn@...onical.com>
To:	Alan Stern <stern@...land.harvard.edu>
Cc:	"Serge E. Hallyn" <serge@...lyn.com>, Greg KH <greg@...ah.com>,
	Oleg Nesterov <oleg@...hat.com>,
	lkml <linux-kernel@...r.kernel.org>, richard@....at,
	Andrew Morton <akpm@...gle.com>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Tejun Heo <tj@...nel.org>, linux-usb@...r.kernel.org
Subject: Re: [PATCH resend] user namespace: usb: make usb urbs user namespace
 aware (v2)

Quoting Alan Stern (stern@...land.harvard.edu):
> On Fri, 23 Sep 2011, Serge E. Hallyn wrote:
> 
> > (re-sending to Cc: Greg and linux-usb)
> > 
> > Add to the dev_state and alloc_async structures the user namespace
> > corresponding to the uid and euid.  Pass these to kill_pid_info_as_uid(),
> > which can then implement a proper, user-namespace-aware uid check.
> > 
> > Changelog:
> > Sep 20: Per Oleg's suggestion: Instead of caching and passing user namespace,
> > 	uid, and euid each separately, pass a struct cred.
> 
> This should be broken up into two separate patches: One to add
> kill_pid_info_as_cred() and the other to modify the usbfs driver.

It seems like that would make the first patch harder to review (since
it won't just show the changes from kill_pid_info_as_uid to
kill_pid_info_as_cred), but I'll go ahead and split it up.  I assume
kill_pid_info_as_uid should be removed in a third patch?

> > --- a/drivers/usb/core/devio.c
> > +++ b/drivers/usb/core/devio.c
> 
> > @@ -393,9 +395,8 @@ static void async_compled ted(struct urb *urb)
> >  	struct dev_state *ps = as->ps;
> >  	struct siginfo sinfo;
> >  	struct pid *pid = NULL;
> > -	uid_t uid = 0;
> > -	uid_t euid = 0;
> >  	u32 secid = 0;
> > +	const struct cred *cred = NULL;
> >  	int signr;
> >  
> >  	spin_lock(&ps->lock);
> > @@ -408,8 +409,7 @@ static void async_completed(struct urb *urb)
> >  		sinfo.si_code = SI_ASYNCIO;
> >  		sinfo.si_addr = as->userurb;
> >  		pid = as->pid;
> > -		uid = as->uid;
> > -		euid = as->euid;
> > +		cred = as->cred;
> >  		secid = as->secid;
> >  	}
> >  	snoop(&urb->dev->dev, "urb complete\n");
> > @@ -423,8 +423,7 @@ static void async_completed(struct urb *urb)
> >  	spin_unlock(&ps->lock);
> >  
> >  	if (signr)
> > -		kill_pid_info_as_uid(sinfo.si_signo, &sinfo, pid, uid,
> > -				      euid, secid);
> > +		kill_pid_info_as_cred(sinfo.si_signo, &sinfo, pid, cred, secid);
> 
> This continues a bug that already exists in the current code.  Once 
> ps->lock is released, there is no guarantee that the async structure 
> will still exist.  It may already have been freed, and the reference to 

Yikes.  That makes sense.  I'll fix that for the cred and the pid as well
then?

> as->cred may already have been dropped.  That's why the local copies 
> have to be made above.  cred shouldn't be a simple copy of as->cred; it 
> should also increment the reference count.
> 
> > @@ -706,8 +705,7 @@ static int usbdev_open(struct inode *inode, struct file *file)
> >  	init_waitqueue_head(&ps->wait);
> >  	ps->discsignr = 0;
> >  	ps->disc_pid = get_pid(task_pid(current));
> > -	ps->disc_uid = cred->uid;
> > -	ps->disc_euid = cred->euid;
> > +	ps->cred = get_cred(cred);
> 
> You might as well get rid of the "cred" local variable.  It isn't used 
> for anything except this assignment.
> 
> Alan Stern

Thanks for looking, Alan.

-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ