On 2024-09-02, Arnd Bergmann wrote:
> On Mon, Sep 2, 2024, at 07:06, Aleksa Sarai wrote:
> > While we do currently return -EFAULT in this case, it seems prudent to
> > follow the behaviour of other syscalls like clone3. It seems quite
> > unlikely that anyone depends on
On 2024-09-02, Arnd Bergmann wrote:
> On Mon, Sep 2, 2024, at 07:06, Aleksa Sarai wrote:
> > This is based on copy_struct_from_user(), but there is one additional
> > case to consider when creating a syscall that returns an
> > extensible-struct to userspace -- how should da
Signed-off-by: Aleksa Sarai
---
tools/testing/selftests/clone3/.gitignore | 1 +
tools/testing/selftests/clone3/Makefile| 2 +-
.../testing/selftests/clone3/clone3_check_fields.c | 229 +
3 files changed, 231 insertions(+), 1 deletion(-)
diff --git a
Signed-off-by: Aleksa Sarai
---
tools/testing/selftests/openat2/openat2_test.c | 122 -
1 file changed, 120 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/openat2/openat2_test.c
b/tools/testing/selftests/openat2/openat2_test.c
index 4ca175a16ad6
We should also verify that poisoned data after a misaligned struct is
also handled correctly by is_zeroed_user(). This test passes with no
kernel changes needed, so is_zeroed_user() was correct already.
Fixes: b28a10aedcd4 ("selftests: add openat2(2) selftests")
Signed-off-by: Al
roup_supported = (how.flags & CLONE_INTO_CGROUP) &&
(how.cgroup != 0);
break;
}
}
Signed-off-by: Aleksa Sarai
---
kernel/fork.c | 33 +
1 file changed, 29 insertions(+), 4 deletions(-)
diff --git a/kernel/fo
ps://lwn.net/Articles/830666/
Signed-off-by: Aleksa Sarai
---
fs/open.c| 15 +++
include/uapi/asm-generic/errno.h | 3 +++
include/uapi/linux/openat2.h | 2 ++
3 files changed, 20 insertions(+)
diff --git a/fs/open.c b/fs/open.c
index 30bfcddd505d..10bfc
("open: introduce openat2(2) syscall")
Signed-off-by: Aleksa Sarai
---
fs/open.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/open.c b/fs/open.c
index 22adbef7ecc2..30bfcddd505d 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -1458,6 +1458,8 @@ SYSCALL_DEFINE4(openat2, int, dfd,
sched_getattr(2) doesn't care about trailing non-zero bytes in the
(ksize > usize) case, so just use copy_struct_to_user() without checking
ignored_trailing.
Signed-off-by: Aleksa Sarai
---
kernel/sched/syscalls.c | 42 ++
1 file changed, 2 in
elpers to make the necessary scanning easier, but it should
be fairly easy to add some if necessary.
Signed-off-by: Aleksa Sarai
---
include/linux/uaccess.h | 98 +
1 file changed, 98 insertions(+)
diff --git a/include/linux/uaccess.h b/include/lin
break;
case EEXTSYS_NOOP:
openat2_no_automount_supported = (how.flags & RESOLVE_NO_AUTOMOUNT);
openat2_cwd_fd_supported = (how.cwd_fd != 0);
break;
}
}
[1]: https://lwn.net/Articles/830666/
[2]: https://youtu.be/ggD-eb3yPVs
Signed-off-by: Aleksa Sarai
ff-by: Muhammad Usama Anjum
> ---
> Changes since v1:
> - Remove simplifying if condition lines
> - Update the patch message
Feel free to take my
Reviewed-by: Aleksa Sarai
> ---
> tools/testing/selftests/openat2/resolve_test.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 de
for breakage, but we
should give it a shot, given how new the API is (and the API itself was
also broken until Linux 6.6 anyway)...
Feel free to take my
Reviewed-by: Aleksa Sarai
Thanks.
> Now, this is technically a uapi break. However, the damage is expected
> to be minimal. To trigger us
P_SYS_ADMIN here... */
> > - if (geteuid() != 0)
> > + if (geteuid())
This change isn't necessary, != 0 makes what we're checking clearer.
> > ksft_exit_skip("all tests require euid == 0\n");
> >
> > + ksft_set_plan(NUM_TESTS);
> > +
> >
On 2024-05-28, Jeff Xu wrote:
> Hi Aleksa,
>
> On Fri, May 24, 2024 at 9:12 AM Aleksa Sarai wrote:
> >
> > On 2024-05-23, Jeff Xu wrote:
>
> > > Regarding vm.memfd_noexec, on another topic.
> > > I think in addition to vm.memfd_noexec = 1 and 2, t
that don't use executable memfds (they are only guilty of being written
before mid-2023) is not useful.
In addition, making 3 less restrictive than 2 would make the original
restriction mechanism useless. A malicious process could raise the
setting to 3 and disable the "protection" (as discussed before, I really
don't understand the threat model here, but making it possible to
disable easily is pretty clearly). You could change the policy, but now
you're adding more complexity for a feature that IMO doesn't really make
sense in the first place.
> -Jeff
>
> > Reviewed-by: David Rheinsberg
> >
> > Thanks
> > David
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
signature.asc
Description: PGP signature
16 matches
Mail list logo