| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Jun 2019 13:24:30 +0200
From: Christian Brauner <christian@...uner.io>
To: torvalds@...ux-foundation.org
Cc: linux-kernel@...r.kernel.org, ldv@...linux.org,
viro@...iv.linux.org.uk, jannh@...gle.com
Subject: [GIT PULL] fixes for v5.2-rc7
Hi Linus,
This contains a couple of fixes for the pidfd api by Dmitry, Al, and
myself:
The following changes since commit 4b972a01a7da614b4796475f933094751a295a2f:
Linux 5.2-rc6 (2019-06-22 16:01:36 -0700)
are available in the Git repository at:
git@...olite.kernel.org:pub/scm/linux/kernel/git/brauner/linux tags/for-linus-20190627
for you to fetch changes up to 30d158b143b6575261ab610ae7b1b4f7fe3830b3:
proc: remove useless d_is_dir() check (2019-06-27 12:25:09 +0200)
/* Remove check for pidfd == 0 with CLONE_PIDFD */
Userspace tools and libraries such as strace or glibc need a cheap and
reliable way to tell whether CLONE_PIDFD is supported.
The easiest way is to pass an invalid fd value in the return argument,
perform the syscall and verify the value in the return argument has been
changed to a valid fd.
However, if CLONE_PIDFD is specified we currently check if pidfd == 0 and
return EINVAL if not.
The check for pidfd == 0 was originally added to enable us to abuse the
return argument for passing additional flags along with CLONE_PIDFD in the
future.
Since extending legacy clone this way would be a terrible idea and with
clone3 on the horizon and the ability to reuse CLONE_DETACHED with
CLONE_PIDFD there's no real need for this clutch. So remove the pidfd == 0
check and help userspace out.
/* Avoid using anon_inode_getfd() and ksys_close() */
Accordig to Al, anon_inode_getfd() should only be used past the point of no
failure and ksys_close() should not be used at all since it is far too easy
to get wrong. Al's motto being "basically, once it's in descriptor table,
it's out of your control".
So Al's patch switches back to what we already had in v1 of the original
patchset and uses a anon_inode_getfile() + put_user() + fd_install()
sequence in the success path and a fput() + put_unused_fd() in the failure
path.
The other two changes should be trivial.
Please consider pulling these changes from the signed for-linus-20190627 tag.
Thanks!
Christian
----------------------------------------------------------------
for-linus-20190627
----------------------------------------------------------------
Al Viro (1):
copy_process(): don't use ksys_close() on cleanups
Christian Brauner (1):
proc: remove useless d_is_dir() check
Dmitry V. Levin (2):
fork: don't check parent_tidptr with CLONE_PIDFD
samples: make pidfd-metadata fail gracefully on older kernels
fs/proc/base.c | 3 +--
kernel/fork.c | 58 +++++++++++++-----------------------------
samples/pidfd/pidfd-metadata.c | 8 ++++--
3 files changed, 25 insertions(+), 44 deletions(-)
Powered by blists - more mailing lists