lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190627112430.6590-1-christian@brauner.io>
Date:   Thu, 27 Jun 2019 13:24:30 +0200
From:   Christian Brauner <christian@...uner.io>
To:     torvalds@...ux-foundation.org
Cc:     linux-kernel@...r.kernel.org, ldv@...linux.org,
        viro@...iv.linux.org.uk, jannh@...gle.com
Subject: [GIT PULL] fixes for v5.2-rc7

Hi Linus,

This contains a couple of fixes for the pidfd api by Dmitry, Al, and
myself:

The following changes since commit 4b972a01a7da614b4796475f933094751a295a2f:

  Linux 5.2-rc6 (2019-06-22 16:01:36 -0700)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/brauner/linux tags/for-linus-20190627

for you to fetch changes up to 30d158b143b6575261ab610ae7b1b4f7fe3830b3:

  proc: remove useless d_is_dir() check (2019-06-27 12:25:09 +0200)

/* Remove check for pidfd == 0 with CLONE_PIDFD */
Userspace tools and libraries such as strace or glibc need a cheap and
reliable way to tell whether CLONE_PIDFD is supported.
The easiest way is to pass an invalid fd value in the return argument,
perform the syscall and verify the value in the return argument has been
changed to a valid fd.

However, if CLONE_PIDFD is specified we currently check if pidfd == 0 and
return EINVAL if not.

The check for pidfd == 0 was originally added to enable us to abuse the
return argument for passing additional flags along with CLONE_PIDFD in the
future.

Since extending legacy clone this way would be a terrible idea and with
clone3 on the horizon and the ability to reuse CLONE_DETACHED with
CLONE_PIDFD there's no real need for this clutch. So remove the pidfd == 0
check and help userspace out.

/* Avoid using anon_inode_getfd() and ksys_close() */
Accordig to Al, anon_inode_getfd() should only be used past the point of no
failure and ksys_close() should not be used at all since it is far too easy
to get wrong. Al's motto being "basically, once it's in descriptor table,
it's out of your control".
So Al's patch switches back to what we already had in v1 of the original
patchset and uses a anon_inode_getfile() + put_user() + fd_install()
sequence in the success path and a fput() + put_unused_fd() in the failure
path.

The other two changes should be trivial.

Please consider pulling these changes from the signed for-linus-20190627 tag.

Thanks!
Christian

----------------------------------------------------------------
for-linus-20190627

----------------------------------------------------------------
Al Viro (1):
      copy_process(): don't use ksys_close() on cleanups

Christian Brauner (1):
      proc: remove useless d_is_dir() check

Dmitry V. Levin (2):
      fork: don't check parent_tidptr with CLONE_PIDFD
      samples: make pidfd-metadata fail gracefully on older kernels

 fs/proc/base.c                 |  3 +--
 kernel/fork.c                  | 58 +++++++++++++-----------------------------
 samples/pidfd/pidfd-metadata.c |  8 ++++--
 3 files changed, 25 insertions(+), 44 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ