[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230901203322.56399-1-kuniyu@amazon.com>
Date: Fri, 1 Sep 2023 13:33:22 -0700
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: <hca@...ux.ibm.com>
CC: <aleksandr.mikhalitsyn@...onical.com>, <arnd@...db.de>,
<bluca@...ian.org>, <brauner@...nel.org>, <davem@...emloft.net>,
<dsahern@...nel.org>, <edumazet@...gle.com>,
<keescook@...omium.org>, <kuba@...nel.org>, <kuniyu@...zon.com>,
<ldv@...ace.io>, <leon@...nel.org>, <linux-arch@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, <mzxreary@...inter.de>,
<netdev@...r.kernel.org>, <pabeni@...hat.com>
Subject: Re: [PATCH net-next v7 1/4] scm: add SO_PASSPIDFD and SCM_PIDFD
From: Heiko Carstens <hca@...ux.ibm.com>
Date: Fri, 1 Sep 2023 22:05:17 +0200
> On Thu, Jun 08, 2023 at 10:26:25PM +0200, Alexander Mikhalitsyn wrote:
> > Implement SCM_PIDFD, a new type of CMSG type analogical to SCM_CREDENTIALS,
> > but it contains pidfd instead of plain pid, which allows programmers not
> > to care about PID reuse problem.
> >
> > We mask SO_PASSPIDFD feature if CONFIG_UNIX is not builtin because
> > it depends on a pidfd_prepare() API which is not exported to the kernel
> > modules.
> >
> > Idea comes from UAPI kernel group:
> > https://uapi-group.org/kernel-features/
> >
> > Big thanks to Christian Brauner and Lennart Poettering for productive
> > discussions about this.
> >
> > Cc: "David S. Miller" <davem@...emloft.net>
> > Cc: Eric Dumazet <edumazet@...gle.com>
> > Cc: Jakub Kicinski <kuba@...nel.org>
> > Cc: Paolo Abeni <pabeni@...hat.com>
> > Cc: Leon Romanovsky <leon@...nel.org>
> > Cc: David Ahern <dsahern@...nel.org>
> > Cc: Arnd Bergmann <arnd@...db.de>
> > Cc: Kees Cook <keescook@...omium.org>
> > Cc: Christian Brauner <brauner@...nel.org>
> > Cc: Kuniyuki Iwashima <kuniyu@...zon.com>
> > Cc: Lennart Poettering <mzxreary@...inter.de>
> > Cc: Luca Boccassi <bluca@...ian.org>
> > Cc: linux-kernel@...r.kernel.org
> > Cc: netdev@...r.kernel.org
> > Cc: linux-arch@...r.kernel.org
> > Tested-by: Luca Boccassi <bluca@...ian.org>
> > Reviewed-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> > Reviewed-by: Christian Brauner <brauner@...nel.org>
> > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>
> > ---
> > arch/alpha/include/uapi/asm/socket.h | 2 ++
> > arch/mips/include/uapi/asm/socket.h | 2 ++
> > arch/parisc/include/uapi/asm/socket.h | 2 ++
> > arch/sparc/include/uapi/asm/socket.h | 2 ++
> > include/linux/net.h | 1 +
> > include/linux/socket.h | 1 +
> > include/net/scm.h | 39 +++++++++++++++++++++++--
> > include/uapi/asm-generic/socket.h | 2 ++
> > net/core/sock.c | 11 +++++++
> > net/mptcp/sockopt.c | 1 +
> > net/unix/af_unix.c | 18 ++++++++----
> > tools/include/uapi/asm-generic/socket.h | 2 ++
> > 12 files changed, 76 insertions(+), 7 deletions(-)
> ...
> > +static __inline__ void scm_pidfd_recv(struct msghdr *msg, struct scm_cookie *scm)
> > +{
> > + struct file *pidfd_file = NULL;
> > + int pidfd;
> > +
> > + /*
> > + * put_cmsg() doesn't return an error if CMSG is truncated,
> > + * that's why we need to opencode these checks here.
> > + */
> > + if ((msg->msg_controllen <= sizeof(struct cmsghdr)) ||
> > + (msg->msg_controllen - sizeof(struct cmsghdr)) < sizeof(int)) {
> > + msg->msg_flags |= MSG_CTRUNC;
> > + return;
> > + }
>
> This does not work for compat tasks since the size of struct cmsghdr (aka
> struct compat_cmsghdr) is differently. If the check from put_cmsg() is
> open-coded here, then also a different check for compat tasks needs to be
> added.
>
> Discovered this because I was wondering why strace compat tests fail; it
> seems because of this.
>
> See https://github.com/strace/strace/blob/master/tests/scm_pidfd.c
>
> For compat tasks recvmsg() returns with msg_flags=MSG_CTRUNC since the
> above code expects a larger buffer than is necessary.
Can you test this ?
---8<---
diff --git a/include/net/scm.h b/include/net/scm.h
index c5bcdf65f55c..099497ce4aee 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -9,6 +9,7 @@
#include <linux/pid.h>
#include <linux/nsproxy.h>
#include <linux/sched/signal.h>
+#include <net/compat.h>
/* Well, we should have at least one descriptor open
* to accept passed FDs 8)
@@ -125,14 +126,19 @@ static __inline__ void scm_pidfd_recv(struct msghdr *msg, struct scm_cookie *scm
struct file *pidfd_file = NULL;
int pidfd;
- /*
- * put_cmsg() doesn't return an error if CMSG is truncated,
+ /* put_cmsg() doesn't return an error if CMSG is truncated,
* that's why we need to opencode these checks here.
*/
- if ((msg->msg_controllen <= sizeof(struct cmsghdr)) ||
- (msg->msg_controllen - sizeof(struct cmsghdr)) < sizeof(int)) {
- msg->msg_flags |= MSG_CTRUNC;
- return;
+ if (msg->msg_flags & MSG_CMSG_COMPAT) {
+ if (msg->msg_controllen < sizeof(struct compat_cmsghdr) + sizeof(int)) {
+ msg->msg_flags |= MSG_CTRUNC;
+ return;
+ }
+ } else {
+ if (msg->msg_controllen < sizeof(struct cmsghdr) + sizeof(int)) {
+ msg->msg_flags |= MSG_CTRUNC;
+ return;
+ }
}
if (!scm->pid)
---8<---
Powered by blists - more mailing lists