* [PATCH] Remove READ_IMPLIES_EXEC during restart
@ 2009-04-06 17:41 Dan Smith
[not found] ` <1239039694-22332-1-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
0 siblings, 1 reply; 7+ messages in thread
From: Dan Smith @ 2009-04-06 17:41 UTC (permalink / raw)
To: containers-qjLDD68F18O7TbgM5vRIOg
On s390, all tasks have READ_IMPLIES_EXEC set in current->personality,
which causes the restart process to map things like the stack and heap as
executable. During the restart process, remove this bit and restore the
original personality afterwards.
This seems a little ugly, but I don't know that there's a better place for
it.
Cc: orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org
Signed-off-by: Dan Smith <danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
checkpoint/restart.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/checkpoint/restart.c b/checkpoint/restart.c
index adebc1c..8958ec7 100644
--- a/checkpoint/restart.c
+++ b/checkpoint/restart.c
@@ -13,6 +13,7 @@
#include <linux/wait.h>
#include <linux/file.h>
#include <linux/magic.h>
+#include <linux/personality.h>
#include <linux/checkpoint.h>
#include <linux/checkpoint_hdr.h>
@@ -535,12 +536,18 @@ static int do_restart_root(struct cr_ctx *ctx, pid_t pid)
int do_restart(struct cr_ctx *ctx, pid_t pid)
{
int ret;
+ unsigned int original_personality;
+
+ original_personality = current->personality;
+ current->personality &= ~READ_IMPLIES_EXEC;
if (ctx)
ret = do_restart_root(ctx, pid);
else
ret = do_restart_task(pid);
+ current->personality = original_personality;
+
/* on success, adjust the return value if needed [TODO] */
return ret;
}
--
1.6.1
^ permalink raw reply related [flat|nested] 7+ messages in thread[parent not found: <1239039694-22332-1-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>]
* Re: [PATCH] Remove READ_IMPLIES_EXEC during restart [not found] ` <1239039694-22332-1-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> @ 2009-04-06 18:17 ` Serge E. Hallyn [not found] ` <20090406181748.GA24751-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> 0 siblings, 1 reply; 7+ messages in thread From: Serge E. Hallyn @ 2009-04-06 18:17 UTC (permalink / raw) To: Dan Smith; +Cc: containers-qjLDD68F18O7TbgM5vRIOg Quoting Dan Smith (danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org): > On s390, all tasks have READ_IMPLIES_EXEC set in current->personality, > which causes the restart process to map things like the stack and heap as > executable. During the restart process, remove this bit and restore the > original personality afterwards. > > This seems a little ugly, but I don't know that there's a better place for > it. Well imo the only other thing to do would be to do the same thing but just around the main restart_memory function. > Cc: orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org > Signed-off-by: Dan Smith <danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> Acked-by: Serge Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> > --- > checkpoint/restart.c | 7 +++++++ > 1 files changed, 7 insertions(+), 0 deletions(-) > > diff --git a/checkpoint/restart.c b/checkpoint/restart.c > index adebc1c..8958ec7 100644 > --- a/checkpoint/restart.c > +++ b/checkpoint/restart.c > @@ -13,6 +13,7 @@ > #include <linux/wait.h> > #include <linux/file.h> > #include <linux/magic.h> > +#include <linux/personality.h> > #include <linux/checkpoint.h> > #include <linux/checkpoint_hdr.h> > > @@ -535,12 +536,18 @@ static int do_restart_root(struct cr_ctx *ctx, pid_t pid) > int do_restart(struct cr_ctx *ctx, pid_t pid) > { > int ret; > + unsigned int original_personality; > + > + original_personality = current->personality; > + current->personality &= ~READ_IMPLIES_EXEC; > > if (ctx) > ret = do_restart_root(ctx, pid); > else > ret = do_restart_task(pid); > > + current->personality = original_personality; > + > /* on success, adjust the return value if needed [TODO] */ > return ret; > } > -- > 1.6.1 > > _______________________________________________ > Containers mailing list > Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org > https://lists.linux-foundation.org/mailman/listinfo/containers ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <20090406181748.GA24751-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>]
* Re: [PATCH] Remove READ_IMPLIES_EXEC during restart [not found] ` <20090406181748.GA24751-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> @ 2009-04-14 5:59 ` Oren Laadan [not found] ` <49E42646.4040703-eQaUEPhvms7ENvBUuze7eA@public.gmane.org> 0 siblings, 1 reply; 7+ messages in thread From: Oren Laadan @ 2009-04-14 5:59 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: containers-qjLDD68F18O7TbgM5vRIOg, Dan Smith Serge E. Hallyn wrote: > Quoting Dan Smith (danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org): >> On s390, all tasks have READ_IMPLIES_EXEC set in current->personality, >> which causes the restart process to map things like the stack and heap as >> executable. During the restart process, remove this bit and restore the >> original personality afterwards. >> >> This seems a little ugly, but I don't know that there's a better place for >> it. > > Well imo the only other thing to do would be to do the same thing but > just around the main restart_memory function. > I second that. Added. Oren. >> Cc: orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org >> Signed-off-by: Dan Smith <danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> > > Acked-by: Serge Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> > >> --- >> checkpoint/restart.c | 7 +++++++ >> 1 files changed, 7 insertions(+), 0 deletions(-) >> >> diff --git a/checkpoint/restart.c b/checkpoint/restart.c >> index adebc1c..8958ec7 100644 >> --- a/checkpoint/restart.c >> +++ b/checkpoint/restart.c >> @@ -13,6 +13,7 @@ >> #include <linux/wait.h> >> #include <linux/file.h> >> #include <linux/magic.h> >> +#include <linux/personality.h> >> #include <linux/checkpoint.h> >> #include <linux/checkpoint_hdr.h> >> >> @@ -535,12 +536,18 @@ static int do_restart_root(struct cr_ctx *ctx, pid_t pid) >> int do_restart(struct cr_ctx *ctx, pid_t pid) >> { >> int ret; >> + unsigned int original_personality; >> + >> + original_personality = current->personality; >> + current->personality &= ~READ_IMPLIES_EXEC; >> >> if (ctx) >> ret = do_restart_root(ctx, pid); >> else >> ret = do_restart_task(pid); >> >> + current->personality = original_personality; >> + >> /* on success, adjust the return value if needed [TODO] */ >> return ret; >> } >> -- >> 1.6.1 >> >> _______________________________________________ >> Containers mailing list >> Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org >> https://lists.linux-foundation.org/mailman/listinfo/containers > _______________________________________________ > Containers mailing list > Containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org > https://lists.linux-foundation.org/mailman/listinfo/containers > ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <49E42646.4040703-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>]
* Re: [PATCH] Remove READ_IMPLIES_EXEC during restart [not found] ` <49E42646.4040703-eQaUEPhvms7ENvBUuze7eA@public.gmane.org> @ 2009-04-14 6:05 ` Oren Laadan [not found] ` <49E4278C.3060500-eQaUEPhvms7ENvBUuze7eA@public.gmane.org> 0 siblings, 1 reply; 7+ messages in thread From: Oren Laadan @ 2009-04-14 6:05 UTC (permalink / raw) To: Serge E. Hallyn; +Cc: containers-qjLDD68F18O7TbgM5vRIOg, Dan Smith Oren Laadan wrote: > > Serge E. Hallyn wrote: >> Quoting Dan Smith (danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org): >>> On s390, all tasks have READ_IMPLIES_EXEC set in current->personality, >>> which causes the restart process to map things like the stack and heap as >>> executable. During the restart process, remove this bit and restore the >>> original personality afterwards. >>> >>> This seems a little ugly, but I don't know that there's a better place for >>> it. >> Well imo the only other thing to do would be to do the same thing but >> just around the main restart_memory function. >> > > I second that. Added. > In fact, if elsewhere we restore current->personality of the task, then unless we move it to cr_read_mm(), it will overwrite it :( Oren. ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <49E4278C.3060500-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>]
* Re: [PATCH] Remove READ_IMPLIES_EXEC during restart [not found] ` <49E4278C.3060500-eQaUEPhvms7ENvBUuze7eA@public.gmane.org> @ 2009-04-14 13:32 ` Dan Smith [not found] ` <87y6u3cqd0.fsf-FLMGYpZoEPULwtHQx/6qkW3U47Q5hpJU@public.gmane.org> 0 siblings, 1 reply; 7+ messages in thread From: Dan Smith @ 2009-04-14 13:32 UTC (permalink / raw) To: Oren Laadan; +Cc: containers-qjLDD68F18O7TbgM5vRIOg OL> In fact, if elsewhere we restore current->personality of the task, OL> then unless we move it to cr_read_mm(), it will overwrite it :( Should we move it or just remove RIE before we start the restart and let the task regain the flag if it had it before? -- Dan Smith IBM Linux Technology Center email: danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <87y6u3cqd0.fsf-FLMGYpZoEPULwtHQx/6qkW3U47Q5hpJU@public.gmane.org>]
* Re: [PATCH] Remove READ_IMPLIES_EXEC during restart [not found] ` <87y6u3cqd0.fsf-FLMGYpZoEPULwtHQx/6qkW3U47Q5hpJU@public.gmane.org> @ 2009-04-14 14:40 ` Oren Laadan 2009-05-14 16:10 ` Oren Laadan 1 sibling, 0 replies; 7+ messages in thread From: Oren Laadan @ 2009-04-14 14:40 UTC (permalink / raw) To: Dan Smith; +Cc: containers-qjLDD68F18O7TbgM5vRIOg Probably best is to (a) save and restore the task's personality (regardless), and (b) in do_restart() (re)set the personality as we wish, with a clear comment about why and the fact that the 'real' personality is restore later. Oren. Dan Smith wrote: > OL> In fact, if elsewhere we restore current->personality of the task, > OL> then unless we move it to cr_read_mm(), it will overwrite it :( > > Should we move it or just remove RIE before we start the restart and > let the task regain the flag if it had it before? > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] Remove READ_IMPLIES_EXEC during restart [not found] ` <87y6u3cqd0.fsf-FLMGYpZoEPULwtHQx/6qkW3U47Q5hpJU@public.gmane.org> 2009-04-14 14:40 ` Oren Laadan @ 2009-05-14 16:10 ` Oren Laadan 1 sibling, 0 replies; 7+ messages in thread From: Oren Laadan @ 2009-05-14 16:10 UTC (permalink / raw) To: Dan Smith; +Cc: containers-qjLDD68F18O7TbgM5vRIOg Dan, Now after the rework of the patchset, it's probably a good time to add support for this. I'm unsure if the personality can affect other restore actions that take place elsewhere If so, probably the correct way is to: 1) restore personality as part of the task (in the beginning) 2) temporarily change it around those places where we want the "native" personality, e.g. the call to do_mmap_pgoff(), or shmat(), (The reason not to put it around the entire restore_mm() is to be safe in case a personality makes a difference when you open files. This way we isolate the effect of changing personality). Any thoughts ? Oren. Dan Smith wrote: > OL> In fact, if elsewhere we restore current->personality of the task, > OL> then unless we move it to cr_read_mm(), it will overwrite it :( > > Should we move it or just remove RIE before we start the restart and > let the task regain the flag if it had it before? > ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2009-05-14 16:10 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-06 17:41 [PATCH] Remove READ_IMPLIES_EXEC during restart Dan Smith
[not found] ` <1239039694-22332-1-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-04-06 18:17 ` Serge E. Hallyn
[not found] ` <20090406181748.GA24751-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-04-14 5:59 ` Oren Laadan
[not found] ` <49E42646.4040703-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-14 6:05 ` Oren Laadan
[not found] ` <49E4278C.3060500-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-14 13:32 ` Dan Smith
[not found] ` <87y6u3cqd0.fsf-FLMGYpZoEPULwtHQx/6qkW3U47Q5hpJU@public.gmane.org>
2009-04-14 14:40 ` Oren Laadan
2009-05-14 16:10 ` Oren Laadan
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.