lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1435825714-3567-5-git-send-email-dh.herrmann@gmail.com>
Date:	Thu,  2 Jul 2015 10:28:32 +0200
From:	David Herrmann <dh.herrmann@...il.com>
To:	linux-kernel@...r.kernel.org
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, daniel@...que.org,
	tixxdz@...ndz.org, David Herrmann <dh.herrmann@...il.com>
Subject: [PATCH 4/6] kdbus: drop support for required attach-flags on buses

This drops the KDBUS_ITEM_ATTACH_FLAGS_RECV item from KDBUS_CMD_BUS_MAKE.
This item was used to provide an attach-flags mask which defines metadata
items that all connections must have in their send-mask. Hence,
effectively forcing the transmission of such items in case the receiver
wants them.

This was never used by any code and is of questionable use. With our new
effort to make sure metadata items are only transmitted if the receiver
has actual access to the same data via /proc, this is no longer needed.
Drop support for this item now.

Signed-off-by: David Herrmann <dh.herrmann@...il.com>
---
 Documentation/kdbus/kdbus.bus.xml               | 15 ---------------
 Documentation/kdbus/kdbus.connection.xml        |  8 +-------
 ipc/kdbus/bus.c                                 | 10 ----------
 ipc/kdbus/bus.h                                 |  2 --
 ipc/kdbus/connection.c                          | 10 ----------
 tools/testing/selftests/kdbus/kdbus-test.c      |  1 -
 tools/testing/selftests/kdbus/kdbus-util.c      | 20 +++++++-------------
 tools/testing/selftests/kdbus/kdbus-util.h      |  3 +--
 tools/testing/selftests/kdbus/test-connection.c |  9 ---------
 9 files changed, 9 insertions(+), 69 deletions(-)

diff --git a/Documentation/kdbus/kdbus.bus.xml b/Documentation/kdbus/kdbus.bus.xml
index 4b9a0ac..83f1198 100644
--- a/Documentation/kdbus/kdbus.bus.xml
+++ b/Documentation/kdbus/kdbus.bus.xml
@@ -198,21 +198,6 @@ struct kdbus_cmd {
             </varlistentry>
 
             <varlistentry>
-              <term><constant>KDBUS_ITEM_ATTACH_FLAGS_RECV</constant></term>
-              <listitem>
-                <para>
-                  An optional item that contains a set of required attach flags
-                  that connections must allow. This item is used as a
-                  negotiation measure during connection creation. If connections
-                  do not satisfy the bus requirements, they are not allowed on
-                  the bus. If not set, the bus does not require any metadata to
-                  be attached; in this case connections are free to set their
-                  own attach flags.
-                </para>
-              </listitem>
-            </varlistentry>
-
-            <varlistentry>
               <term><constant>KDBUS_ITEM_ATTACH_FLAGS_SEND</constant></term>
               <listitem>
                 <para>
diff --git a/Documentation/kdbus/kdbus.connection.xml b/Documentation/kdbus/kdbus.connection.xml
index cefb419..4bb5f30 100644
--- a/Documentation/kdbus/kdbus.connection.xml
+++ b/Documentation/kdbus/kdbus.connection.xml
@@ -355,13 +355,7 @@ struct kdbus_cmd_hello {
           Set the bits for metadata this connection permits to be sent to the
           receiving peer. Only metadata items that are both allowed to be sent
           by the sender and that are requested by the receiver will be attached
-          to the message. Note, however, that the bus may optionally require
-          some of those bits to be set. If the match fails, the ioctl will fail
-          with <varname>errno</varname> set to
-          <constant>ECONNREFUSED</constant>. In either case, when returning the
-          field will be set to the mask of metadata items that are enforced by
-          the bus with the <constant>KDBUS_FLAGS_KERNEL</constant> bit set as
-          well.
+          to the message.
         </para></listitem>
       </varlistentry>
 
diff --git a/ipc/kdbus/bus.c b/ipc/kdbus/bus.c
index bbdf0f2..7d2c336 100644
--- a/ipc/kdbus/bus.c
+++ b/ipc/kdbus/bus.c
@@ -66,23 +66,16 @@ static struct kdbus_bus *kdbus_bus_new(struct kdbus_domain *domain,
 				       const char *name,
 				       struct kdbus_bloom_parameter *bloom,
 				       const u64 *pattach_owner,
-				       const u64 *pattach_recv,
 				       u64 flags, kuid_t uid, kgid_t gid)
 {
 	struct kdbus_bus *b;
 	u64 attach_owner;
-	u64 attach_recv;
 	int ret;
 
 	if (bloom->size < 8 || bloom->size > KDBUS_BUS_BLOOM_MAX_SIZE ||
 	    !KDBUS_IS_ALIGNED8(bloom->size) || bloom->n_hash < 1)
 		return ERR_PTR(-EINVAL);
 
-	ret = kdbus_sanitize_attach_flags(pattach_recv ? *pattach_recv : 0,
-					  &attach_recv);
-	if (ret < 0)
-		return ERR_PTR(ret);
-
 	ret = kdbus_sanitize_attach_flags(pattach_owner ? *pattach_owner : 0,
 					  &attach_owner);
 	if (ret < 0)
@@ -111,7 +104,6 @@ static struct kdbus_bus *kdbus_bus_new(struct kdbus_domain *domain,
 
 	b->id = atomic64_inc_return(&domain->last_id);
 	b->bus_flags = flags;
-	b->attach_flags_req = attach_recv;
 	b->attach_flags_owner = attach_owner;
 	generate_random_uuid(b->id128);
 	b->bloom = *bloom;
@@ -380,7 +372,6 @@ struct kdbus_bus *kdbus_cmd_bus_make(struct kdbus_domain *domain,
 		{ .type = KDBUS_ITEM_MAKE_NAME, .mandatory = true },
 		{ .type = KDBUS_ITEM_BLOOM_PARAMETER, .mandatory = true },
 		{ .type = KDBUS_ITEM_ATTACH_FLAGS_SEND },
-		{ .type = KDBUS_ITEM_ATTACH_FLAGS_RECV },
 	};
 	struct kdbus_args args = {
 		.allowed_flags = KDBUS_FLAG_NEGOTIATE |
@@ -399,7 +390,6 @@ struct kdbus_bus *kdbus_cmd_bus_make(struct kdbus_domain *domain,
 	bus = kdbus_bus_new(domain,
 			    argv[1].item->str, &argv[2].item->bloom_parameter,
 			    argv[3].item ? argv[3].item->data64 : NULL,
-			    argv[4].item ? argv[4].item->data64 : NULL,
 			    cmd->flags, current_euid(), current_egid());
 	if (IS_ERR(bus)) {
 		ret = PTR_ERR(bus);
diff --git a/ipc/kdbus/bus.h b/ipc/kdbus/bus.h
index 5bea5ef..e019ef3 100644
--- a/ipc/kdbus/bus.h
+++ b/ipc/kdbus/bus.h
@@ -37,7 +37,6 @@ struct kdbus_user;
  * @node:		kdbus_node
  * @id:			ID of this bus in the domain
  * @bus_flags:		Simple pass-through flags from userspace to userspace
- * @attach_flags_req:	KDBUS_ATTACH_* flags required by connecting peers
  * @attach_flags_owner:	KDBUS_ATTACH_* flags of bus creator that other
  *			connections can see or query
  * @id128:		Unique random 128 bit ID of this bus
@@ -60,7 +59,6 @@ struct kdbus_bus {
 	/* static */
 	u64 id;
 	u64 bus_flags;
-	u64 attach_flags_req;
 	u64 attach_flags_owner;
 	u8 id128[16];
 	struct kdbus_bloom_parameter bloom;
diff --git a/ipc/kdbus/connection.c b/ipc/kdbus/connection.c
index 9993753..e5e9c1e 100644
--- a/ipc/kdbus/connection.c
+++ b/ipc/kdbus/connection.c
@@ -112,10 +112,6 @@ static struct kdbus_conn *kdbus_conn_new(struct kdbus_ep *ep, bool privileged,
 	if (ret < 0)
 		return ERR_PTR(ret);
 
-	/* The attach flags must always satisfy the bus requirements. */
-	if (bus->attach_flags_req & ~attach_flags_send)
-		return ERR_PTR(-ECONNREFUSED);
-
 	conn = kzalloc(sizeof(*conn), GFP_KERNEL);
 	if (!conn)
 		return ERR_PTR(-ENOMEM);
@@ -1835,7 +1831,6 @@ exit:
  */
 int kdbus_cmd_update(struct kdbus_conn *conn, void __user *argp)
 {
-	struct kdbus_bus *bus = conn->ep->bus;
 	struct kdbus_item *item_policy;
 	u64 *item_attach_send = NULL;
 	u64 *item_attach_recv = NULL;
@@ -1876,11 +1871,6 @@ int kdbus_cmd_update(struct kdbus_conn *conn, void __user *argp)
 						  &attach_send);
 		if (ret < 0)
 			goto exit;
-
-		if (bus->attach_flags_req & ~attach_send) {
-			ret = -EINVAL;
-			goto exit;
-		}
 	}
 
 	if (item_attach_recv) {
diff --git a/tools/testing/selftests/kdbus/kdbus-test.c b/tools/testing/selftests/kdbus/kdbus-test.c
index 294e82a..db732e5 100644
--- a/tools/testing/selftests/kdbus/kdbus-test.c
+++ b/tools/testing/selftests/kdbus/kdbus-test.c
@@ -299,7 +299,6 @@ static int test_prepare_env(const struct kdbus_test *t,
 
 		ret = kdbus_create_bus(env->control_fd,
 				       args->busname ?: n,
-				       _KDBUS_ATTACH_ALL,
 				       _KDBUS_ATTACH_ALL, &s);
 		free(n);
 		ASSERT_RETURN(ret == 0);
diff --git a/tools/testing/selftests/kdbus/kdbus-util.c b/tools/testing/selftests/kdbus/kdbus-util.c
index 29a0cb1..a5e54ca 100644
--- a/tools/testing/selftests/kdbus/kdbus-util.c
+++ b/tools/testing/selftests/kdbus/kdbus-util.c
@@ -114,8 +114,7 @@ int kdbus_sysfs_set_parameter_mask(const char *path, uint64_t mask)
 }
 
 int kdbus_create_bus(int control_fd, const char *name,
-		     uint64_t req_meta, uint64_t owner_meta,
-		     char **path)
+		     uint64_t owner_meta, char **path)
 {
 	struct {
 		struct kdbus_cmd cmd;
@@ -127,12 +126,12 @@ int kdbus_create_bus(int control_fd, const char *name,
 			struct kdbus_bloom_parameter bloom;
 		} bp;
 
-		/* required and owner metadata items */
+		/* owner metadata items */
 		struct {
 			uint64_t size;
 			uint64_t type;
 			uint64_t flags;
-		} attach[2];
+		} attach;
 
 		/* name item */
 		struct {
@@ -152,13 +151,9 @@ int kdbus_create_bus(int control_fd, const char *name,
 	snprintf(bus_make.name.str, sizeof(bus_make.name.str),
 		 "%u-%s", getuid(), name);
 
-	bus_make.attach[0].type = KDBUS_ITEM_ATTACH_FLAGS_RECV;
-	bus_make.attach[0].size = sizeof(bus_make.attach[0]);
-	bus_make.attach[0].flags = req_meta;
-
-	bus_make.attach[1].type = KDBUS_ITEM_ATTACH_FLAGS_SEND;
-	bus_make.attach[1].size = sizeof(bus_make.attach[0]);
-	bus_make.attach[1].flags = owner_meta;
+	bus_make.attach.type = KDBUS_ITEM_ATTACH_FLAGS_SEND;
+	bus_make.attach.size = sizeof(bus_make.attach);
+	bus_make.attach.flags = owner_meta;
 
 	bus_make.name.type = KDBUS_ITEM_MAKE_NAME;
 	bus_make.name.size = KDBUS_ITEM_HEADER_SIZE +
@@ -167,8 +162,7 @@ int kdbus_create_bus(int control_fd, const char *name,
 	bus_make.cmd.flags = KDBUS_MAKE_ACCESS_WORLD;
 	bus_make.cmd.size = sizeof(bus_make.cmd) +
 			     bus_make.bp.size +
-			     bus_make.attach[0].size +
-			     bus_make.attach[1].size +
+			     bus_make.attach.size +
 			     bus_make.name.size;
 
 	kdbus_printf("Creating bus with name >%s< on control fd %d ...\n",
diff --git a/tools/testing/selftests/kdbus/kdbus-util.h b/tools/testing/selftests/kdbus/kdbus-util.h
index d1a0f1b..e1e18b9 100644
--- a/tools/testing/selftests/kdbus/kdbus-util.h
+++ b/tools/testing/selftests/kdbus/kdbus-util.h
@@ -168,8 +168,7 @@ int kdbus_free(const struct kdbus_conn *conn, uint64_t offset);
 int kdbus_msg_dump(const struct kdbus_conn *conn,
 		   const struct kdbus_msg *msg);
 int kdbus_create_bus(int control_fd, const char *name,
-		     uint64_t req_meta, uint64_t owner_meta,
-		     char **path);
+		     uint64_t owner_meta, char **path);
 int kdbus_msg_send(const struct kdbus_conn *conn, const char *name,
 		   uint64_t cookie, uint64_t flags, uint64_t timeout,
 		   int64_t priority, uint64_t dst_id);
diff --git a/tools/testing/selftests/kdbus/test-connection.c b/tools/testing/selftests/kdbus/test-connection.c
index e7c4866..4688ce8 100644
--- a/tools/testing/selftests/kdbus/test-connection.c
+++ b/tools/testing/selftests/kdbus/test-connection.c
@@ -70,15 +70,6 @@ int kdbus_test_hello(struct kdbus_test_env *env)
 
 	hello.pool_size = POOL_SIZE;
 
-	/*
-	 * The connection created by the core requires ALL meta flags
-	 * to be sent. An attempt to send less than that should result in
-	 * -ECONNREFUSED.
-	 */
-	hello.attach_flags_send = _KDBUS_ATTACH_ALL & ~KDBUS_ATTACH_TIMESTAMP;
-	ret = kdbus_cmd_hello(fd, &hello);
-	ASSERT_RETURN(ret == -ECONNREFUSED);
-
 	hello.attach_flags_send = _KDBUS_ATTACH_ALL;
 	hello.offset = (__u64)-1;
 
-- 
2.4.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ