Skip to content
Snippets Groups Projects
  • Ulrich Drepper's avatar
    4a19542e
    O_CLOEXEC for SCM_RIGHTS · 4a19542e
    Ulrich Drepper authored
    
    Part two in the O_CLOEXEC saga: adding support for file descriptors received
    through Unix domain sockets.
    
    The patch is once again pretty minimal, it introduces a new flag for recvmsg
    and passes it just like the existing MSG_CMSG_COMPAT flag.  I think this bit
    is not used otherwise but the networking people will know better.
    
    This new flag is not recognized by recvfrom and recv.  These functions cannot
    be used for that purpose and the asymmetry this introduces is not worse than
    the already existing MSG_CMSG_COMPAT situations.
    
    The patch must be applied on the patch which introduced O_CLOEXEC.  It has to
    remove static from the new get_unused_fd_flags function but since scm.c cannot
    live in a module the function still hasn't to be exported.
    
    Here's a test program to make sure the code works.  It's so much longer than
    the actual patch...
    
    #include <errno.h>
    #include <error.h>
    #include <fcntl.h>
    #include <stdio.h>
    #include <string.h>
    #include <unistd.h>
    #include <sys/socket.h>
    #include <sys/un.h>
    
    #ifndef O_CLOEXEC
    # define O_CLOEXEC 02000000
    #endif
    #ifndef MSG_CMSG_CLOEXEC
    # define MSG_CMSG_CLOEXEC 0x40000000
    #endif
    
    int
    main (int argc, char *argv[])
    {
      if (argc > 1)
        {
          int fd = atol (argv[1]);
          printf ("child: fd = %d\n", fd);
          if (fcntl (fd, F_GETFD) == 0 || errno != EBADF)
            {
              puts ("file descriptor valid in child");
              return 1;
            }
          return 0;
    
        }
    
      struct sockaddr_un sun;
      strcpy (sun.sun_path, "./testsocket");
      sun.sun_family = AF_UNIX;
    
      char databuf[] = "hello";
      struct iovec iov[1];
      iov[0].iov_base = databuf;
      iov[0].iov_len = sizeof (databuf);
    
      union
      {
        struct cmsghdr hdr;
        char bytes[CMSG_SPACE (sizeof (int))];
      } buf;
      struct msghdr msg = { .msg_iov = iov, .msg_iovlen = 1,
                            .msg_control = buf.bytes,
                            .msg_controllen = sizeof (buf) };
      struct cmsghdr *cmsg = CMSG_FIRSTHDR (&msg);
    
      cmsg->cmsg_level = SOL_SOCKET;
      cmsg->cmsg_type = SCM_RIGHTS;
      cmsg->cmsg_len = CMSG_LEN (sizeof (int));
    
      msg.msg_controllen = cmsg->cmsg_len;
    
      pid_t child = fork ();
      if (child == -1)
        error (1, errno, "fork");
      if (child == 0)
        {
          int sock = socket (PF_UNIX, SOCK_STREAM, 0);
          if (sock < 0)
            error (1, errno, "socket");
    
          if (bind (sock, (struct sockaddr *) &sun, sizeof (sun)) < 0)
            error (1, errno, "bind");
          if (listen (sock, SOMAXCONN) < 0)
            error (1, errno, "listen");
    
          int conn = accept (sock, NULL, NULL);
          if (conn == -1)
            error (1, errno, "accept");
    
          *(int *) CMSG_DATA (cmsg) = sock;
          if (sendmsg (conn, &msg, MSG_NOSIGNAL) < 0)
            error (1, errno, "sendmsg");
    
          return 0;
        }
    
      /* For a test suite this should be more robust like a
         barrier in shared memory.  */
      sleep (1);
    
      int sock = socket (PF_UNIX, SOCK_STREAM, 0);
      if (sock < 0)
        error (1, errno, "socket");
    
      if (connect (sock, (struct sockaddr *) &sun, sizeof (sun)) < 0)
        error (1, errno, "connect");
      unlink (sun.sun_path);
    
      *(int *) CMSG_DATA (cmsg) = -1;
    
      if (recvmsg (sock, &msg, MSG_CMSG_CLOEXEC) < 0)
        error (1, errno, "recvmsg");
    
      int fd = *(int *) CMSG_DATA (cmsg);
      if (fd == -1)
        error (1, 0, "no descriptor received");
    
      char fdname[20];
      snprintf (fdname, sizeof (fdname), "%d", fd);
      execl ("/proc/self/exe", argv[0], fdname, NULL);
      puts ("execl failed");
      return 1;
    }
    
    [akpm@linux-foundation.org: Fix fastcall inconsistency noted by Michael Buesch]
    [akpm@linux-foundation.org: build fix]
    Signed-off-by: default avatarUlrich Drepper <drepper@redhat.com>
    Cc: Ingo Molnar <mingo@elte.hu>
    Cc: Michael Buesch <mb@bu3sch.de>
    Cc: Michael Kerrisk <mtk-manpages@gmx.net>
    Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    4a19542e
    History
    O_CLOEXEC for SCM_RIGHTS
    Ulrich Drepper authored
    
    Part two in the O_CLOEXEC saga: adding support for file descriptors received
    through Unix domain sockets.
    
    The patch is once again pretty minimal, it introduces a new flag for recvmsg
    and passes it just like the existing MSG_CMSG_COMPAT flag.  I think this bit
    is not used otherwise but the networking people will know better.
    
    This new flag is not recognized by recvfrom and recv.  These functions cannot
    be used for that purpose and the asymmetry this introduces is not worse than
    the already existing MSG_CMSG_COMPAT situations.
    
    The patch must be applied on the patch which introduced O_CLOEXEC.  It has to
    remove static from the new get_unused_fd_flags function but since scm.c cannot
    live in a module the function still hasn't to be exported.
    
    Here's a test program to make sure the code works.  It's so much longer than
    the actual patch...
    
    #include <errno.h>
    #include <error.h>
    #include <fcntl.h>
    #include <stdio.h>
    #include <string.h>
    #include <unistd.h>
    #include <sys/socket.h>
    #include <sys/un.h>
    
    #ifndef O_CLOEXEC
    # define O_CLOEXEC 02000000
    #endif
    #ifndef MSG_CMSG_CLOEXEC
    # define MSG_CMSG_CLOEXEC 0x40000000
    #endif
    
    int
    main (int argc, char *argv[])
    {
      if (argc > 1)
        {
          int fd = atol (argv[1]);
          printf ("child: fd = %d\n", fd);
          if (fcntl (fd, F_GETFD) == 0 || errno != EBADF)
            {
              puts ("file descriptor valid in child");
              return 1;
            }
          return 0;
    
        }
    
      struct sockaddr_un sun;
      strcpy (sun.sun_path, "./testsocket");
      sun.sun_family = AF_UNIX;
    
      char databuf[] = "hello";
      struct iovec iov[1];
      iov[0].iov_base = databuf;
      iov[0].iov_len = sizeof (databuf);
    
      union
      {
        struct cmsghdr hdr;
        char bytes[CMSG_SPACE (sizeof (int))];
      } buf;
      struct msghdr msg = { .msg_iov = iov, .msg_iovlen = 1,
                            .msg_control = buf.bytes,
                            .msg_controllen = sizeof (buf) };
      struct cmsghdr *cmsg = CMSG_FIRSTHDR (&msg);
    
      cmsg->cmsg_level = SOL_SOCKET;
      cmsg->cmsg_type = SCM_RIGHTS;
      cmsg->cmsg_len = CMSG_LEN (sizeof (int));
    
      msg.msg_controllen = cmsg->cmsg_len;
    
      pid_t child = fork ();
      if (child == -1)
        error (1, errno, "fork");
      if (child == 0)
        {
          int sock = socket (PF_UNIX, SOCK_STREAM, 0);
          if (sock < 0)
            error (1, errno, "socket");
    
          if (bind (sock, (struct sockaddr *) &sun, sizeof (sun)) < 0)
            error (1, errno, "bind");
          if (listen (sock, SOMAXCONN) < 0)
            error (1, errno, "listen");
    
          int conn = accept (sock, NULL, NULL);
          if (conn == -1)
            error (1, errno, "accept");
    
          *(int *) CMSG_DATA (cmsg) = sock;
          if (sendmsg (conn, &msg, MSG_NOSIGNAL) < 0)
            error (1, errno, "sendmsg");
    
          return 0;
        }
    
      /* For a test suite this should be more robust like a
         barrier in shared memory.  */
      sleep (1);
    
      int sock = socket (PF_UNIX, SOCK_STREAM, 0);
      if (sock < 0)
        error (1, errno, "socket");
    
      if (connect (sock, (struct sockaddr *) &sun, sizeof (sun)) < 0)
        error (1, errno, "connect");
      unlink (sun.sun_path);
    
      *(int *) CMSG_DATA (cmsg) = -1;
    
      if (recvmsg (sock, &msg, MSG_CMSG_CLOEXEC) < 0)
        error (1, errno, "recvmsg");
    
      int fd = *(int *) CMSG_DATA (cmsg);
      if (fd == -1)
        error (1, 0, "no descriptor received");
    
      char fdname[20];
      snprintf (fdname, sizeof (fdname), "%d", fd);
      execl ("/proc/self/exe", argv[0], fdname, NULL);
      puts ("execl failed");
      return 1;
    }
    
    [akpm@linux-foundation.org: Fix fastcall inconsistency noted by Michael Buesch]
    [akpm@linux-foundation.org: build fix]
    Signed-off-by: default avatarUlrich Drepper <drepper@redhat.com>
    Cc: Ingo Molnar <mingo@elte.hu>
    Cc: Michael Buesch <mb@bu3sch.de>
    Cc: Michael Kerrisk <mtk-manpages@gmx.net>
    Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
compat.c 19.46 KiB
/*
 * 32bit Socket syscall emulation. Based on arch/sparc64/kernel/sys_sparc32.c.
 *
 * Copyright (C) 2000		VA Linux Co
 * Copyright (C) 2000		Don Dugger <n0ano@valinux.com>
 * Copyright (C) 1999 		Arun Sharma <arun.sharma@intel.com>
 * Copyright (C) 1997,1998 	Jakub Jelinek (jj@sunsite.mff.cuni.cz)
 * Copyright (C) 1997 		David S. Miller (davem@caip.rutgers.edu)
 * Copyright (C) 2000		Hewlett-Packard Co.
 * Copyright (C) 2000		David Mosberger-Tang <davidm@hpl.hp.com>
 * Copyright (C) 2000,2001	Andi Kleen, SuSE Labs
 */

#include <linux/kernel.h>
#include <linux/fs.h>
#include <linux/types.h>
#include <linux/file.h>
#include <linux/icmpv6.h>
#include <linux/socket.h>
#include <linux/syscalls.h>
#include <linux/filter.h>
#include <linux/compat.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/security.h>

#include <net/scm.h>
#include <net/sock.h>
#include <asm/uaccess.h>
#include <net/compat.h>

static inline int iov_from_user_compat_to_kern(struct iovec *kiov,
					  struct compat_iovec __user *uiov32,
					  int niov)
{
	int tot_len = 0;

	while (niov > 0) {
		compat_uptr_t buf;
		compat_size_t len;

		if (get_user(len, &uiov32->iov_len) ||
		   get_user(buf, &uiov32->iov_base)) {
			tot_len = -EFAULT;
			break;
		}
		tot_len += len;
		kiov->iov_base = compat_ptr(buf);
		kiov->iov_len = (__kernel_size_t) len;
		uiov32++;
		kiov++;
		niov--;
	}
	return tot_len;
}

int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
{
	compat_uptr_t tmp1, tmp2, tmp3;

	if (!access_ok(VERIFY_READ, umsg, sizeof(*umsg)) ||
	    __get_user(tmp1, &umsg->msg_name) ||
	    __get_user(kmsg->msg_namelen, &umsg->msg_namelen) ||
	    __get_user(tmp2, &umsg->msg_iov) ||
	    __get_user(kmsg->msg_iovlen, &umsg->msg_iovlen) ||
	    __get_user(tmp3, &umsg->msg_control) ||
	    __get_user(kmsg->msg_controllen, &umsg->msg_controllen) ||
	    __get_user(kmsg->msg_flags, &umsg->msg_flags))
		return -EFAULT;
	kmsg->msg_name = compat_ptr(tmp1);
	kmsg->msg_iov = compat_ptr(tmp2);