[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f1b77cafef8c4d159b1daa9cd4a06794@AcuMS.aculab.com>
Date: Thu, 4 Jun 2020 13:28:02 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Christian Brauner' <christian.brauner@...ntu.com>,
Kees Cook <keescook@...omium.org>
CC: Sargun Dhillon <sargun@...gun.me>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Tycho Andersen <tycho@...ho.ws>,
Matt Denton <mpdenton@...gle.com>,
Jann Horn <jannh@...gle.com>, Chris Palmer <palmer@...gle.com>,
Aleksa Sarai <cyphar@...har.com>,
Robert Sesek <rsesek@...gle.com>,
"containers@...ts.linux-foundation.org"
<containers@...ts.linux-foundation.org>,
Giuseppe Scrivano <gscrivan@...hat.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Al Viro" <viro@...iv.linux.org.uk>,
Daniel Wagner <daniel.wagner@...-carit.de>,
"David S . Miller" <davem@...emloft.net>,
John Fastabend <john.r.fastabend@...el.com>,
Tejun Heo <tj@...nel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>,
"cgroups@...r.kernel.org" <cgroups@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>
Subject: RE: [PATCH v3 1/4] fs, net: Standardize on file_receive helper to
move fds across processes
From: Christian Brauner
> Sent: 04 June 2020 13:52
..
> For scm you can fail somewhere in the middle of putting any number of
> file descriptors so you're left in a state with only a subset of
> requested file descriptors installed so it's not really useful there.
> And if you manage to install an fd but then fail to put_user() it
> userspace can simply check it's fds via proc and has to anyway on any
> scm message error. If you fail an scm message userspace better check
> their fds.
There is a similar error path in the sctp 'peeloff' code.
If the put_user() fails it currently closes the fd before
returning -EFAULT.
I'm not at all sure this is helpful.
The application can't tell whether the SIGSEGV happened on the
copyin of the parameters or the copyout of the result.
ISTM that if the application passes an address that cannot
be written to it deserves what it gets - typically an fd it
doesn't know the number of.
What is important is that the kernel data is consistent.
So when the process exits the fd is closed and all the resources
are released.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists