lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrW9-bpUd+quFF7fBjbBLS84VDT4dmBS=-cVe6+9S-DenA@mail.gmail.com>
Date:	Wed, 30 Sep 2015 14:48:47 -0700
From:	Andy Lutomirski <luto@...capital.net>
To:	Tycho Andersen <tycho.andersen@...onical.com>
Cc:	Kees Cook <keescook@...omium.org>,
	Alexei Starovoitov <ast@...nel.org>,
	Will Drewry <wad@...omium.org>,
	Oleg Nesterov <oleg@...hat.com>,
	Pavel Emelyanov <xemul@...allels.com>,
	"Serge E. Hallyn" <serge.hallyn@...ntu.com>,
	Daniel Borkmann <daniel@...earbox.net>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Network Development <netdev@...r.kernel.org>,
	Linux API <linux-api@...r.kernel.org>
Subject: Re: [PATCH v3 4/5] kcmp: add KCMP_FILE_PRIVATE_DATA

On Wed, Sep 30, 2015 at 2:39 PM, Tycho Andersen
<tycho.andersen@...onical.com> wrote:
> On Wed, Sep 30, 2015 at 11:56:25AM -0700, Andy Lutomirski wrote:
>> On Wed, Sep 30, 2015 at 11:55 AM, Tycho Andersen
>> <tycho.andersen@...onical.com> wrote:
>> > On Wed, Sep 30, 2015 at 11:47:05AM -0700, Andy Lutomirski wrote:
>> >> On Wed, Sep 30, 2015 at 11:41 AM, Tycho Andersen
>> >> <tycho.andersen@...onical.com> wrote:
>> >> > On Wed, Sep 30, 2015 at 11:25:41AM -0700, Andy Lutomirski wrote:
>> >> >> On Wed, Sep 30, 2015 at 11:13 AM, Tycho Andersen
>> >> >> <tycho.andersen@...onical.com> wrote:
>> >> >> > This command allows comparing the underling private data of two fds. This
>> >> >> > is useful e.g. to find out if a seccomp filter is inherited, since struct
>> >> >> > seccomp_filter are unique across tasks and are the private_data seccomp
>> >> >> > fds.
>> >> >>
>> >> >> This is very implementation-specific and may have nasty ABI
>> >> >> consequences far outside seccomp.  Let's do something specific to
>> >> >> seccomp and/or eBPF.
>> >> >
>> >> > We could change the name to a less generic KCMP_SECCOMP_FD or
>> >> > something, but without some sort of GUID on each struct
>> >> > seccomp_filter, the implementation would be effectively the same as it
>> >> > is today. Is that enough, or do we need a GUID?
>> >> >
>> >>
>> >> I don't care about the GUID.  I think we should name it
>> >> KCMP_SECCOMP_FD and make it only work on seccomp fds.
>> >
>> > Ok, I can do that.
>> >
>> >> Alternatively, we could figure out why KCMP_FILE doesn't do the trick
>> >> and consider fixing it.  IMO it's really too bad that struct file is
>> >> so heavyweight that we can't really just embed one in all kinds of
>> >> structures.
>> >
>> > The problem is that KCMP_FILE compares the file objects themselves,
>> > instead of the underlying data. If I ask for a seccomp fd for filter 0
>> > twice, I'll have two different file objects and they won't be equal. I
>> > suppose we could add some special logic inside KCMP_FILE to compare
>> > the underlying data in special cases (seccomp, ebpf, others?), but it
>> > seems cleaner to have a separate command as you described above.
>> >
>>
>> What I meant was that maybe we could get the two requests to actually
>> produce the same struct file.  But that could get very messy
>> memory-wise.
>
> I see. The attached patch seems to work with KCMP_FILE and doesn't
> look too bad if you don't mind the circular references. What do you
> think?
>

Could be reasonable.  I'm not that well versed on what fd_release
does.  Are we guaranteed that it's called when the last fd goes away
even if the struct file is pinned by the struct seccomp filter but is
otherwise unreferenced?

Kees?

How many of you will be at KS?

--Andy

> Tycho



-- 
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ