Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier

[PATCH 0/5] Add seccomp notifier ioctl that enables adding fds · Sargun Dhillon <hidden> · 2020-05-24
[PATCH 1/5] seccomp: Add find_notification helper · Sargun Dhillon <hidden> · 2020-05-24
Re: [PATCH 1/5] seccomp: Add find_notification helper · Tycho Andersen <hidden> · 2020-05-24
Re: [PATCH 1/5] seccomp: Add find_notification helper · Christian Brauner <hidden> · 2020-05-25
[PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier · Sargun Dhillon <hidden> · 2020-05-24
Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier · Tycho Andersen <hidden> · 2020-05-24
Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier · Tycho Andersen <hidden> · 2020-05-24
Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier · Al Viro <viro@zeniv.linux.org.uk> · 2020-05-25
Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier · Sargun Dhillon <hidden> · 2020-05-25
Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier · Al Viro <viro@zeniv.linux.org.uk> · 2020-05-25
Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier · Christian Brauner <hidden> · 2020-05-25
Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier · Sargun Dhillon <hidden> · 2020-05-26
Re: [PATCH 2/5] seccomp: Introduce addfd ioctl to seccomp user notifier · Christian Brauner <hidden> · 2020-05-26
[PATCH 3/5] selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD · Sargun Dhillon <hidden> · 2020-05-24
[PATCH 4/5] seccomp: Add SECCOMP_ADDFD_FLAG_MOVE flag to add fd ioctl · Sargun Dhillon <hidden> · 2020-05-24
Re: [PATCH 4/5] seccomp: Add SECCOMP_ADDFD_FLAG_MOVE flag to add fd ioctl · Christian Brauner <hidden> · 2020-05-25
Re: [PATCH 4/5] seccomp: Add SECCOMP_ADDFD_FLAG_MOVE flag to add fd ioctl · Sargun Dhillon <hidden> · 2020-05-26
[PATCH 5/5] selftests/seccomp: Add test for addfd move semantics · Sargun Dhillon <hidden> · 2020-05-24

From: Tycho Andersen <hidden>
Date: 2020-05-24 23:58:36
Also in: lkml

On Sun, May 24, 2020 at 05:57:32PM -0600, Tycho Andersen wrote:

On Sun, May 24, 2020 at 04:39:39PM -0700, Sargun Dhillon wrote:

quoted

+static void seccomp_handle_addfd(struct seccomp_kaddfd *addfd)
+{
+	int ret;
+
+	/*
+	 * Remove the notification, and reset the list pointers, indicating
+	 * that it has been handled.
+	 */
+	list_del_init(&addfd->list);
+
+	ret = security_file_receive(addfd->file);
+	if (ret)
+		goto out;
+
+	if (addfd->fd >= 0) {
+		ret = replace_fd(addfd->fd, addfd->file, addfd->flags);
+		if (ret >= 0)
+			fput(addfd->file);
+	} else {
+		ret = get_unused_fd_flags(addfd->flags);
+		if (ret >= 0)
+			fd_install(ret, addfd->file);
+	}
+
+out:
+	addfd->ret = ret;
+	complete(&addfd->completion);
+}

My previous comment about SCM_RIGHTS still applies, right? That is, we
should do,

		sock = sock_from_file(fp[i], &err);
		if (sock) {
				sock_update_netprioidx(&sock->sk->sk_cgrp_data);
				sock_update_classid(&sock->sk->sk_cgrp_data);
		}

and perhaps lift that into a helper.

Oh, and now I see the later patch. But is there a reason to separate
these? I can't think of one.

Tycho

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help