Merge tag 'seccomp-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull seccomp updates from Kees Cook:
"There are a bunch of clean ups and selftest improvements along with
two major updates to the SECCOMP_RET_USER_NOTIF filter return:
EPOLLHUP support to more easily detect the death of a monitored
process, and being able to inject fds when intercepting syscalls that
expect an fd-opening side-effect (needed by both container folks and
Chrome). The latter continued the refactoring of __scm_install_fd()
started by Christoph, and in the process found and fixed a handful of
bugs in various callers.
- Improved selftest coverage, timeouts, and reporting
- Add EPOLLHUP support for SECCOMP_RET_USER_NOTIF (Christian Brauner)
- Refactor __scm_install_fd() into __receive_fd() and fix buggy
callers
- Introduce 'addfd' command for SECCOMP_RET_USER_NOTIF (Sargun
Dhillon)"
* tag 'seccomp-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (30 commits)
selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD
seccomp: Introduce addfd ioctl to seccomp user notifier
fs: Expand __receive_fd() to accept existing fd
pidfd: Replace open-coded receive_fd()
fs: Add receive_fd() wrapper for __receive_fd()
fs: Move __scm_install_fd() to __receive_fd()
net/scm: Regularize compat handling of scm_detach_fds()
pidfd: Add missing sock updates for pidfd_getfd()
net/compat: Add missing sock updates for SCM_RIGHTS
selftests/seccomp: Check ENOSYS under tracing
selftests/seccomp: Refactor to use fixture variants
selftests/harness: Clean up kern-doc for fixtures
seccomp: Use -1 marker for end of mode 1 syscall list
seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID
selftests/seccomp: Rename user_trap_syscall() to user_notif_syscall()
selftests/seccomp: Make kcmp() less required
seccomp: Use pr_fmt
selftests/seccomp: Improve calibration loop
selftests/seccomp: use 90s as timeout
selftests/seccomp: Expand benchmark to per-filter measurements
...
This commit is contained in:
Linus Torvalds
@@ -280,36 +280,6 @@ void put_cmsg_scm_timestamping(struct msghdr *msg, struct scm_timestamping_inter
|
||||
}
|
||||
EXPORT_SYMBOL(put_cmsg_scm_timestamping);
|
||||
|
||||
static int __scm_install_fd(struct file *file, int __user *ufd, int o_flags)
|
||||
{
|
||||
struct socket *sock;
|
||||
int new_fd;
|
||||
int error;
|
||||
|
||||
error = security_file_receive(file);
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
new_fd = get_unused_fd_flags(o_flags);
|
||||
if (new_fd < 0)
|
||||
return new_fd;
|
||||
|
||||
error = put_user(new_fd, ufd);
|
||||
if (error) {
|
||||
put_unused_fd(new_fd);
|
||||
return error;
|
||||
}
|
||||
|
||||
/* Bump the usage count and install the file. */
|
||||
sock = sock_from_file(file, &error);
|
||||
if (sock) {
|
||||
sock_update_netprioidx(&sock->sk->sk_cgrp_data);
|
||||
sock_update_classid(&sock->sk->sk_cgrp_data);
|
||||
}
|
||||
fd_install(new_fd, get_file(file));
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int scm_max_fds(struct msghdr *msg)
|
||||
{
|
||||
if (msg->msg_controllen <= sizeof(struct cmsghdr))
|
||||
@@ -319,29 +289,29 @@ static int scm_max_fds(struct msghdr *msg)
|
||||
|
||||
void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
|
||||
{
|
||||
struct cmsghdr __user *cm
|
||||
= (__force struct cmsghdr __user*)msg->msg_control;
|
||||
int o_flags = (msg->msg_flags & MSG_CMSG_CLOEXEC) ? O_CLOEXEC : 0;
|
||||
struct cmsghdr __user *cm =
|
||||
(__force struct cmsghdr __user *)msg->msg_control;
|
||||
unsigned int o_flags = (msg->msg_flags & MSG_CMSG_CLOEXEC) ? O_CLOEXEC : 0;
|
||||
int fdmax = min_t(int, scm_max_fds(msg), scm->fp->count);
|
||||
int __user *cmsg_data = CMSG_USER_DATA(cm);
|
||||
int err = 0, i;
|
||||
|
||||
/* no use for FD passing from kernel space callers */
|
||||
if (WARN_ON_ONCE(!msg->msg_control_is_user))
|
||||
return;
|
||||
|
||||
if (msg->msg_flags & MSG_CMSG_COMPAT) {
|
||||
scm_detach_fds_compat(msg, scm);
|
||||
return;
|
||||
}
|
||||
|
||||
/* no use for FD passing from kernel space callers */
|
||||
if (WARN_ON_ONCE(!msg->msg_control_is_user))
|
||||
return;
|
||||
|
||||
for (i = 0; i < fdmax; i++) {
|
||||
err = __scm_install_fd(scm->fp->fp[i], cmsg_data + i, o_flags);
|
||||
if (err)
|
||||
err = receive_fd_user(scm->fp->fp[i], cmsg_data + i, o_flags);
|
||||
if (err < 0)
|
||||
break;
|
||||
}
|
||||
|
||||
if (i > 0) {
|
||||
if (i > 0) {
|
||||
int cmlen = CMSG_LEN(i * sizeof(int));
|
||||
|
||||
err = put_user(SOL_SOCKET, &cm->cmsg_level);
|
||||
|
||||
@@ -2842,6 +2842,27 @@ int sock_no_mmap(struct file *file, struct socket *sock, struct vm_area_struct *
|
||||
}
|
||||
EXPORT_SYMBOL(sock_no_mmap);
|
||||
|
||||
/*
|
||||
* When a file is received (via SCM_RIGHTS, etc), we must bump the
|
||||
* various sock-based usage counts.
|
||||
*/
|
||||
void __receive_sock(struct file *file)
|
||||
{
|
||||
struct socket *sock;
|
||||
int error;
|
||||
|
||||
/*
|
||||
* The resulting value of "error" is ignored here since we only
|
||||
* need to take action when the file is a socket and testing
|
||||
* "sock" for NULL is sufficient.
|
||||
*/
|
||||
sock = sock_from_file(file, &error);
|
||||
if (sock) {
|
||||
sock_update_netprioidx(&sock->sk->sk_cgrp_data);
|
||||
sock_update_classid(&sock->sk->sk_cgrp_data);
|
||||
}
|
||||
}
|
||||
|
||||
ssize_t sock_no_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags)
|
||||
{
|
||||
ssize_t res;
|
||||
|
||||
Reference in New Issue
Block a user