Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 19 Apr 2017 00:47:54 +0200
From: Mickaël Salaün <mic@...ikod.net>
To: Kees Cook <keescook@...omium.org>
Cc: LKML <linux-kernel@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
        Andy Lutomirski <luto@...capital.net>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Casey Schaufler <casey@...aufler-ca.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        David Drysdale
 <drysdale@...gle.com>,
        "David S . Miller" <davem@...emloft.net>,
        "Eric W . Biederman" <ebiederm@...ssion.com>,
        James Morris <james.l.morris@...cle.com>, Jann Horn <jann@...jh.net>,
        Jonathan Corbet <corbet@....net>,
        Matthew Garrett <mjg59@...f.ucam.org>,
        Michael Kerrisk <mtk.manpages@...il.com>,
        Paul Moore <paul@...l-moore.com>, Sargun Dhillon <sargun@...gun.me>,
        "Serge E . Hallyn" <serge@...lyn.com>, Shuah Khan <shuah@...nel.org>,
        Tejun Heo <tj@...nel.org>, Thomas Graf <tgraf@...g.ch>,
        Will Drewry <wad@...omium.org>,
        "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>,
        Linux API <linux-api@...r.kernel.org>,
        linux-security-module <linux-security-module@...r.kernel.org>,
        Network Development <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next v6 05/11] seccomp: Split put_seccomp_filter()
 with put_seccomp()


On 19/04/2017 00:23, Kees Cook wrote:
> On Tue, Mar 28, 2017 at 4:46 PM, Mickaël Salaün <mic@...ikod.net> wrote:
>> The semantic is unchanged. This will be useful for the Landlock
>> integration with seccomp (next commit).
>>
>> Signed-off-by: Mickaël Salaün <mic@...ikod.net>
>> Cc: Kees Cook <keescook@...omium.org>
>> Cc: Andy Lutomirski <luto@...capital.net>
>> Cc: Will Drewry <wad@...omium.org>
>> ---
>>  include/linux/seccomp.h |  4 ++--
>>  kernel/fork.c           |  2 +-
>>  kernel/seccomp.c        | 18 +++++++++++++-----
>>  3 files changed, 16 insertions(+), 8 deletions(-)
>>
>> diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h
>> index ecc296c137cd..e25aee2cdfc0 100644
>> --- a/include/linux/seccomp.h
>> +++ b/include/linux/seccomp.h
>> @@ -77,10 +77,10 @@ static inline int seccomp_mode(struct seccomp *s)
>>  #endif /* CONFIG_SECCOMP */
>>
>>  #ifdef CONFIG_SECCOMP_FILTER
>> -extern void put_seccomp_filter(struct task_struct *tsk);
>> +extern void put_seccomp(struct task_struct *tsk);
>>  extern void get_seccomp_filter(struct task_struct *tsk);
>>  #else  /* CONFIG_SECCOMP_FILTER */
>> -static inline void put_seccomp_filter(struct task_struct *tsk)
>> +static inline void put_seccomp(struct task_struct *tsk)
>>  {
>>         return;
>>  }
>> diff --git a/kernel/fork.c b/kernel/fork.c
>> index 6c463c80e93d..a27d8e67ce33 100644
>> --- a/kernel/fork.c
>> +++ b/kernel/fork.c
>> @@ -363,7 +363,7 @@ void free_task(struct task_struct *tsk)
>>  #endif
>>         rt_mutex_debug_task_free(tsk);
>>         ftrace_graph_exit_task(tsk);
>> -       put_seccomp_filter(tsk);
>> +       put_seccomp(tsk);
>>         arch_release_task_struct(tsk);
>>         if (tsk->flags & PF_KTHREAD)
>>                 free_kthread_struct(tsk);
>> diff --git a/kernel/seccomp.c b/kernel/seccomp.c
>> index 65f61077ad50..326f79e32127 100644
>> --- a/kernel/seccomp.c
>> +++ b/kernel/seccomp.c
>> @@ -64,6 +64,8 @@ struct seccomp_filter {
>>  /* Limit any path through the tree to 256KB worth of instructions. */
>>  #define MAX_INSNS_PER_PATH ((1 << 18) / sizeof(struct sock_filter))
>>
>> +static void put_seccomp_filter(struct seccomp_filter *filter);
> 
> Can this be reorganized easily to avoid a forward-declaration?

I didn't want to move too much code but I will.

> 
>> +
>>  /*
>>   * Endianness is explicitly ignored and left for BPF program authors to manage
>>   * as per the specific architecture.
>> @@ -314,7 +316,7 @@ static inline void seccomp_sync_threads(void)
>>                  * current's path will hold a reference.  (This also
>>                  * allows a put before the assignment.)
>>                  */
>> -               put_seccomp_filter(thread);
>> +               put_seccomp_filter(thread->seccomp.filter);
>>                 smp_store_release(&thread->seccomp.filter,
>>                                   caller->seccomp.filter);
>>
>> @@ -476,10 +478,11 @@ static inline void seccomp_filter_free(struct seccomp_filter *filter)
>>         }
>>  }
>>
>> -/* put_seccomp_filter - decrements the ref count of tsk->seccomp.filter */
>> -void put_seccomp_filter(struct task_struct *tsk)
>> +/* put_seccomp_filter - decrements the ref count of a filter */
>> +static void put_seccomp_filter(struct seccomp_filter *filter)
>>  {
>> -       struct seccomp_filter *orig = tsk->seccomp.filter;
>> +       struct seccomp_filter *orig = filter;
>> +
>>         /* Clean up single-reference branches iteratively. */
>>         while (orig && atomic_dec_and_test(&orig->usage)) {
>>                 struct seccomp_filter *freeme = orig;
>> @@ -488,6 +491,11 @@ void put_seccomp_filter(struct task_struct *tsk)
>>         }
>>  }
>>
>> +void put_seccomp(struct task_struct *tsk)
>> +{
>> +       put_seccomp_filter(tsk->seccomp.filter);
>> +}
>> +
>>  static void seccomp_init_siginfo(siginfo_t *info, int syscall, int reason)
>>  {
>>         memset(info, 0, sizeof(*info));
>> @@ -914,7 +922,7 @@ long seccomp_get_filter(struct task_struct *task, unsigned long filter_off,
>>         if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog)))
>>                 ret = -EFAULT;
>>
>> -       put_seccomp_filter(task);
>> +       put_seccomp_filter(task->seccomp.filter);
>>         return ret;
> 
> I don't like that the arguments to get_seccomp_filter() and
> put_seccomp_filter() are now different. I think they should match for
> readability.

OK, I can do that.



Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.