On Thu, May 27, 2021 at 01:51:13PM +0200, Rodrigo Campos wrote: > On Mon, May 17, 2021 at 9:39 PM Sargun Dhillon <sargun@xxxxxxxxx> wrote: > > > > This refactors the user notification code to have a do / while loop around > > the completion condition. This has a small change in semantic, in that > > previously we ignored addfd calls upon wakeup if the notification had been > > responded to, but instead with the new change we check for an outstanding > > addfd calls prior to returning to userspace. > > > > Rodrigo Campos also identified a bug that can result in addfd causing > > an early return, when the supervisor didn't actually handle the > > syscall [1]. > > > > [1]: https://lore.kernel.org/lkml/20210413160151.3301-1-rodrigo@xxxxxxxxxx/ > > > > Fixes: 7cf97b125455 ("seccomp: Introduce addfd ioctl to seccomp user notifier") > > Signed-off-by: Sargun Dhillon <sargun@xxxxxxxxx> > > Acked-by: Tycho Andersen <tycho@tycho.pizza> > > Kees, as I mentioned in the linked thread, this issue is present in > 5.9+ kernels. Should we add the cc to stable for this patch? Or should > we cc to stable the one linked, that just fixes the issue without > semantic changes to userspace? It sounds like the problem is with Go, using addfd, on 5.9-5.13 kernels, yes? Would the semantic change be a problem there? (i.e. it sounds like the semantic change was fine for the 5.14+ kernels, so I'm assuming it's fine for earlier ones too.) > Just to be clear, the other patch that fixes the problem without > userspace visible changes is this: > https://lore.kernel.org/lkml/20210413160151.3301-1-rodrigo@xxxxxxxxxx/ I'd prefer to use the now-in-next fix if we can. Is it possible to build a test case that triggers the race so we can have some certainty that any fix in -stable covers it appropriately? -Kees -- Kees Cook
