| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <68224a16ebe11_e985e29446@willemb.c.googlers.com.notmuch>
Date: Mon, 12 May 2025 15:20:54 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Kuniyuki Iwashima <kuniyu@...zon.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Willem de Bruijn <willemb@...gle.com>
Cc: Simon Horman <horms@...nel.org>,
Christian Brauner <brauner@...nel.org>,
Kuniyuki Iwashima <kuniyu@...zon.com>,
Kuniyuki Iwashima <kuni1840@...il.com>,
netdev@...r.kernel.org
Subject: Re: [PATCH v2 net-next 6/9] af_unix: Move SOCK_PASS{CRED,PIDFD,SEC}
to struct sock.
Kuniyuki Iwashima wrote:
> As explained in the next patch, SO_PASSRIGHTS would have a problem
> if we assigned a corresponding bit to socket->flags, so it must be
> managed in struct sock.
>
> Mixing socket->flags and sk->sk_flags for similar options will look
> confusing, and sk->sk_flags does not have enough space on 32bit system.
>
> Also, as mentioned in commit 16e572626961 ("af_unix: dont send
> SCM_CREDENTIALS by default"), SOCK_PASSCRED and SOCK_PASSPID handling
> is known to be slow, and managing the flags in struct socket cannot
> avoid that for embryo sockets.
>
> Let's move SOCK_PASS{CRED,PIDFD,SEC} to struct sock.
>
> While at it, other SOCK_XXX flags in net.h are grouped as enum.
>
> Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> diff --git a/net/core/sock.c b/net/core/sock.c
> index 1ab59efbafc5..9540cbe3d83e 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -1224,19 +1224,19 @@ int sk_setsockopt(struct sock *sk, int level, int optname,
> if (!sk_may_scm_recv(sk))
> return -EOPNOTSUPP;
>
> - assign_bit(SOCK_PASSSEC, &sock->flags, valbool);
> + sk->sk_scm_security = valbool;
Is it safe to switch from atomic to non-atomic updates?
Reads and writes can race. Especially given that these are bit stores, so RMW.
> return 0;
> case SO_PASSCRED:
> if (!sk_may_scm_recv(sk))
> return -EOPNOTSUPP;
>
> - assign_bit(SOCK_PASSCRED, &sock->flags, valbool);
> + sk->sk_scm_credentials = valbool;
> return 0;
> case SO_PASSPIDFD:
> if (!sk_is_unix(sk))
> return -EOPNOTSUPP;
>
> - assign_bit(SOCK_PASSPIDFD, &sock->flags, valbool);
> + sk->sk_scm_pidfd = valbool;
> return 0;
> case SO_TYPE:
> case SO_PROTOCOL:
> @@ -1865,14 +1865,14 @@ int sk_getsockopt(struct sock *sk, int level, int optname,
>
> case SO_PASSCRED:
> if (sk_may_scm_recv(sk))
> - v.val = !!test_bit(SOCK_PASSCRED, &sock->flags);
> + v.val = sk->sk_scm_credentials;
> else
> v.val = 0;
> break;
>
> case SO_PASSPIDFD:
> if (sk_is_unix(sk))
> - v.val = !!test_bit(SOCK_PASSPIDFD, &sock->flags);
> + v.val = sk->sk_scm_pidfd;
> else
> v.val = 0;
> break;
> @@ -1972,7 +1972,7 @@ int sk_getsockopt(struct sock *sk, int level, int optname,
>
> case SO_PASSSEC:
> if (sk_may_scm_recv(sk))
> - v.val = !!test_bit(SOCK_PASSSEC, &sock->flags);
> + v.val = sk->sk_scm_security;
> else
> v.val = 0;
> break;
Powered by blists - more mailing lists