| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 May 2020 01:05:37 +0100
From: Al Viro <viro@...iv.linux.org.uk>
To: Sargun Dhillon <sargun@...gun.me>
Cc: linux-kernel@...r.kernel.org,
containers@...ts.linux-foundation.org, linux-api@...r.kernel.org,
christian.brauner@...ntu.com, tycho@...ho.ws,
keescook@...omium.org, cyphar@...har.com,
Jeffrey Vander Stoep <jeffv@...gle.com>, jannh@...gle.com,
rsesek@...gle.com, palmer@...gle.com,
Matt Denton <mpdenton@...gle.com>,
Kees Cook <keescook@...gle.com>
Subject: Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user
notifier
On Sun, May 24, 2020 at 04:39:39PM -0700, Sargun Dhillon wrote:
> +static void seccomp_handle_addfd(struct seccomp_kaddfd *addfd)
> +{
> + int ret;
> +
> + /*
> + * Remove the notification, and reset the list pointers, indicating
> + * that it has been handled.
> + */
> + list_del_init(&addfd->list);
> +
> + ret = security_file_receive(addfd->file);
> + if (ret)
> + goto out;
> +
> + if (addfd->fd >= 0) {
> + ret = replace_fd(addfd->fd, addfd->file, addfd->flags);
> + if (ret >= 0)
> + fput(addfd->file);
> + } else {
> + ret = get_unused_fd_flags(addfd->flags);
> + if (ret >= 0)
> + fd_install(ret, addfd->file);
Bad refcounting rules. *IF* we go with anything of that sort (and I'm not
convinced that the entire series makes sense), it's better to have more
uniform rules re reference consumption/disposal.
Make the destructor of addfd *ALWAYS* drop its reference. And have this
function go
if (addfd->fd >= 0) {
ret = replace_fd(addfd->fd, addfd->file, addfd->flags);
} else {
ret = get_unused_fd_flags(addfd->flags);
if (ret >= 0)
fd_install(ret, get_file(addfd->file));
}
Powered by blists - more mailing lists