| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Sep 2015 14:48:47 -0700 From: Andy Lutomirski <luto@...capital.net> To: Tycho Andersen <tycho.andersen@...onical.com> Cc: Kees Cook <keescook@...omium.org>, Alexei Starovoitov <ast@...nel.org>, Will Drewry <wad@...omium.org>, Oleg Nesterov <oleg@...hat.com>, Pavel Emelyanov <xemul@...allels.com>, "Serge E. Hallyn" <serge.hallyn@...ntu.com>, Daniel Borkmann <daniel@...earbox.net>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Network Development <netdev@...r.kernel.org>, Linux API <linux-api@...r.kernel.org> Subject: Re: [PATCH v3 4/5] kcmp: add KCMP_FILE_PRIVATE_DATA On Wed, Sep 30, 2015 at 2:39 PM, Tycho Andersen <tycho.andersen@...onical.com> wrote: > On Wed, Sep 30, 2015 at 11:56:25AM -0700, Andy Lutomirski wrote: >> On Wed, Sep 30, 2015 at 11:55 AM, Tycho Andersen >> <tycho.andersen@...onical.com> wrote: >> > On Wed, Sep 30, 2015 at 11:47:05AM -0700, Andy Lutomirski wrote: >> >> On Wed, Sep 30, 2015 at 11:41 AM, Tycho Andersen >> >> <tycho.andersen@...onical.com> wrote: >> >> > On Wed, Sep 30, 2015 at 11:25:41AM -0700, Andy Lutomirski wrote: >> >> >> On Wed, Sep 30, 2015 at 11:13 AM, Tycho Andersen >> >> >> <tycho.andersen@...onical.com> wrote: >> >> >> > This command allows comparing the underling private data of two fds. This >> >> >> > is useful e.g. to find out if a seccomp filter is inherited, since struct >> >> >> > seccomp_filter are unique across tasks and are the private_data seccomp >> >> >> > fds. >> >> >> >> >> >> This is very implementation-specific and may have nasty ABI >> >> >> consequences far outside seccomp. Let's do something specific to >> >> >> seccomp and/or eBPF. >> >> > >> >> > We could change the name to a less generic KCMP_SECCOMP_FD or >> >> > something, but without some sort of GUID on each struct >> >> > seccomp_filter, the implementation would be effectively the same as it >> >> > is today. Is that enough, or do we need a GUID? >> >> > >> >> >> >> I don't care about the GUID. I think we should name it >> >> KCMP_SECCOMP_FD and make it only work on seccomp fds. >> > >> > Ok, I can do that. >> > >> >> Alternatively, we could figure out why KCMP_FILE doesn't do the trick >> >> and consider fixing it. IMO it's really too bad that struct file is >> >> so heavyweight that we can't really just embed one in all kinds of >> >> structures. >> > >> > The problem is that KCMP_FILE compares the file objects themselves, >> > instead of the underlying data. If I ask for a seccomp fd for filter 0 >> > twice, I'll have two different file objects and they won't be equal. I >> > suppose we could add some special logic inside KCMP_FILE to compare >> > the underlying data in special cases (seccomp, ebpf, others?), but it >> > seems cleaner to have a separate command as you described above. >> > >> >> What I meant was that maybe we could get the two requests to actually >> produce the same struct file. But that could get very messy >> memory-wise. > > I see. The attached patch seems to work with KCMP_FILE and doesn't > look too bad if you don't mind the circular references. What do you > think? > Could be reasonable. I'm not that well versed on what fd_release does. Are we guaranteed that it's called when the last fd goes away even if the struct file is pinned by the struct seccomp filter but is otherwise unreferenced? Kees? How many of you will be at KS? --Andy > Tycho -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists