lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 13 Sep 2023 14:25:48 -0700
From: Vinicius Costa Gomes <vinicius.gomes@...el.com>
To: Xabier Marquiegui <xabier.marquiegui@...il.com>
Cc: alex.maftei@....com, chrony-dev@...ony.tuxfamily.org,
 davem@...emloft.net, horms@...nel.org, mlichvar@...hat.com,
 netdev@...r.kernel.org, ntp-lists@...tcorallo.com, reibax@...il.com,
 richardcochran@...il.com, rrameshbabu@...dia.com, shuah@...nel.org
Subject: Re: [PATCH net-next v2 2/3] ptp: support multiple timestamp event
 readers

Xabier Marquiegui <xabier.marquiegui@...il.com> writes:

>> Using the pid of the task will break when using some form of file
>> descriptor passing. e.g. Task A opened the chardev, called the ioctl()
>> with some mask and then passed the fd to Task B, that's actually going
>> to use the fd.
>> 
>> Is this something that we want to support? Am I missing something?
>
> Thank you very much for your valuable comments Vinicius,
>
> Let me try to confirm if I understand what you are observing here.
>
> Let's say we have a process with two threads. One of them opens the device
> file to do IOCTL operations, and the other one opens the device file to
> read timestamp events. Since both have the same PID, all the operations
> (read,release...) would fail because I designed them under the assumption
> that only one open operation would happen per PID.
>

I was initially thinking about another scenario: when Process A passes
the open file descriptor via SCM_RIGHTS to Process B.

But your scenario also shows the limitations of the current approach.

> This is indeed not as safe as it should be and I should try to improve it.
>
> I am already looking at alternatives, but maybe someone can give me a hint.
> Do you have any suggestions on what I could do to have file operations 
> (read, release...) determine which open instance they belong to?

Taking a quick look, it seems that you would have to change 'struct
posix_clock_file_operations' to also pass around the 'struct file' of
the file being used.

That way we can track each user/"open()". And if one program decides
that it needs to have have multiple fds with different masks, and so
different queues, it should just work.

What do you think?


Cheers,
-- 
Vinicius

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ