Re: [PATCH RFC 3/8] openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)

On 2024-09-02, Arnd Bergmann wrote: > On Mon, Sep 2, 2024, at 07:06, Aleksa Sarai wrote: > > While we do currently return -EFAULT in this case, it seems prudent to > > follow the behaviour of other syscalls like clone3. It seems quite > > unlikely that anyone depends on

Re: [PATCH RFC 1/8] uaccess: add copy_struct_to_user helper

On 2024-09-02, Arnd Bergmann wrote: > On Mon, Sep 2, 2024, at 07:06, Aleksa Sarai wrote: > > This is based on copy_struct_from_user(), but there is one additional > > case to consider when creating a syscall that returns an > > extensible-struct to userspace -- how should da

[PATCH RFC 8/8] selftests: clone3: add CHECK_FIELDS selftests

Signed-off-by: Aleksa Sarai --- tools/testing/selftests/clone3/.gitignore | 1 + tools/testing/selftests/clone3/Makefile| 2 +- .../testing/selftests/clone3/clone3_check_fields.c | 229 + 3 files changed, 231 insertions(+), 1 deletion(-) diff --git a

[PATCH RFC 7/8] selftests: openat2: add CHECK_FIELDS selftests

Signed-off-by: Aleksa Sarai --- tools/testing/selftests/openat2/openat2_test.c | 122 - 1 file changed, 120 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/openat2/openat2_test.c b/tools/testing/selftests/openat2/openat2_test.c index 4ca175a16ad6

[PATCH RFC 6/8] selftests: openat2: add 0xFF poisoned data after misaligned struct

We should also verify that poisoned data after a misaligned struct is also handled correctly by is_zeroed_user(). This test passes with no kernel changes needed, so is_zeroed_user() was correct already. Fixes: b28a10aedcd4 ("selftests: add openat2(2) selftests") Signed-off-by: Al

[PATCH RFC 5/8] clone3: add CHECK_FIELDS flag to usize argument

roup_supported = (how.flags & CLONE_INTO_CGROUP) && (how.cgroup != 0); break; } } Signed-off-by: Aleksa Sarai --- kernel/fork.c | 33 + 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/kernel/fo

[PATCH RFC 4/8] openat2: add CHECK_FIELDS flag to usize argument

ps://lwn.net/Articles/830666/ Signed-off-by: Aleksa Sarai --- fs/open.c| 15 +++ include/uapi/asm-generic/errno.h | 3 +++ include/uapi/linux/openat2.h | 2 ++ 3 files changed, 20 insertions(+) diff --git a/fs/open.c b/fs/open.c index 30bfcddd505d..10bfc

[PATCH RFC 3/8] openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)

("open: introduce openat2(2) syscall") Signed-off-by: Aleksa Sarai --- fs/open.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/open.c b/fs/open.c index 22adbef7ecc2..30bfcddd505d 100644 --- a/fs/open.c +++ b/fs/open.c @@ -1458,6 +1458,8 @@ SYSCALL_DEFINE4(openat2, int, dfd,

[PATCH RFC 2/8] sched_getattr: port to copy_struct_to_user

sched_getattr(2) doesn't care about trailing non-zero bytes in the (ksize > usize) case, so just use copy_struct_to_user() without checking ignored_trailing. Signed-off-by: Aleksa Sarai --- kernel/sched/syscalls.c | 42 ++ 1 file changed, 2 in

[PATCH RFC 1/8] uaccess: add copy_struct_to_user helper

elpers to make the necessary scanning easier, but it should be fairly easy to add some if necessary. Signed-off-by: Aleksa Sarai --- include/linux/uaccess.h | 98 + 1 file changed, 98 insertions(+) diff --git a/include/linux/uaccess.h b/include/lin

[PATCH RFC 0/8] extensible syscalls: CHECK_FIELDS to allow for easier feature detection

break; case EEXTSYS_NOOP: openat2_no_automount_supported = (how.flags & RESOLVE_NO_AUTOMOUNT); openat2_cwd_fd_supported = (how.cwd_fd != 0); break; } } [1]: https://lwn.net/Articles/830666/ [2]: https://youtu.be/ggD-eb3yPVs Signed-off-by: Aleksa Sarai

Re: [PATCH v2] selftests: openat2: don't print total number of tests and then skip

ff-by: Muhammad Usama Anjum > --- > Changes since v1: > - Remove simplifying if condition lines > - Update the patch message Feel free to take my Reviewed-by: Aleksa Sarai > --- > tools/testing/selftests/openat2/resolve_test.c | 3 ++- > 1 file changed, 2 insertions(+), 1 de

Re: [PATCH v4] memfd: `MFD_NOEXEC_SEAL` should not imply `MFD_ALLOW_SEALING`

for breakage, but we should give it a shot, given how new the API is (and the API itself was also broken until Linux 6.6 anyway)... Feel free to take my Reviewed-by: Aleksa Sarai Thanks. > Now, this is technically a uapi break. However, the damage is expected > to be minimal. To trigger us

Re: [PATCH] selftests: openat2: don't print total number of tests and then skip

P_SYS_ADMIN here... */ > > - if (geteuid() != 0) > > + if (geteuid()) This change isn't necessary, != 0 makes what we're checking clearer. > > ksft_exit_skip("all tests require euid == 0\n"); > > > > + ksft_set_plan(NUM_TESTS); > > + > >

Re: [PATCH v1] memfd: `MFD_NOEXEC_SEAL` should not imply `MFD_ALLOW_SEALING`

On 2024-05-28, Jeff Xu wrote: > Hi Aleksa, > > On Fri, May 24, 2024 at 9:12 AM Aleksa Sarai wrote: > > > > On 2024-05-23, Jeff Xu wrote: > > > > Regarding vm.memfd_noexec, on another topic. > > > I think in addition to vm.memfd_noexec = 1 and 2, t

Re: [PATCH v1] memfd: `MFD_NOEXEC_SEAL` should not imply `MFD_ALLOW_SEALING`

that don't use executable memfds (they are only guilty of being written before mid-2023) is not useful. In addition, making 3 less restrictive than 2 would make the original restriction mechanism useless. A malicious process could raise the setting to 3 and disable the "protection" (as discussed before, I really don't understand the threat model here, but making it possible to disable easily is pretty clearly). You could change the policy, but now you're adding more complexity for a feature that IMO doesn't really make sense in the first place. > -Jeff > > > Reviewed-by: David Rheinsberg > > > > Thanks > > David -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/> signature.asc Description: PGP signature