Re: [PATCH v6 4/7] pidfd: Replace open-coded partial receive_fd()
From: Kees Cook <hidden>
Date: 2020-07-09 06:35:48
Also in:
linux-fsdevel, linux-kselftest, lkml, netdev
On Tue, Jul 07, 2020 at 02:22:20PM +0200, Christian Brauner wrote:
quoted hunk ↗ jump to hunk
So while the patch is correct it leaves 5.6 and 5.7 with a bug in the pidfd_getfd() implementation and that just doesn't seem right. I'm wondering whether we should introduce: void sock_update(struct file *file) { struct socket *sock; int error; sock = sock_from_file(file, &error); if (sock) { sock_update_netprioidx(&sock->sk->sk_cgrp_data); sock_update_classid(&sock->sk->sk_cgrp_data); } } and switch pidfd_getfd() over to:diff --git a/kernel/pid.c b/kernel/pid.c index f1496b757162..c26bba822be3 100644 --- a/kernel/pid.c +++ b/kernel/pid.c@@ -642,10 +642,12 @@ static int pidfd_getfd(struct pid *pid, int fd) } ret = get_unused_fd_flags(O_CLOEXEC); - if (ret < 0) + if (ret < 0) { fput(file); - else + } else { + sock_update(file); fd_install(ret, file); + } return ret; }first thing in the series and then all of the other patches on top of it so that we can Cc stable for this and that can get it backported to 5.6, 5.7, and 5.8. Alternatively, I can make this a separate bugfix patch series which I'll send upstream soonish. Or we have specific patches just for 5.6, 5.7, and 5.8. Thoughts?
Okay, I looked at hch's clean-ups again and I'm reminded why they don't make great -stable material. :) The compat bug (also missing the sock_update()) needs a similar fix (going back to 3.6...), so, yeah, for ease of backport, probably an explicit sock_update() implementation (with compat and native scm using it), and a second patch for pidfd. Let me see what I looks best... -- Kees Cook