From: Oleg Nesterov <oleg@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Roland McGrath <roland@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andi Kleen <andi@firstfloor.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Richard Henderson <rth@twiddle.net>,
wezhang@redhat.com, linux-kernel@vger.kernel.org,
Michael Kerrisk <mtk.manpages@gmail.com>,
William Cohen <wcohen@redhat.com>
Subject: Re: [PATCH 1/3] sys_personality: validate personality before set_personality()
Date: Thu, 27 May 2010 19:15:30 +0200 [thread overview]
Message-ID: <20100527171530.GA18284@redhat.com> (raw)
In-Reply-To: <alpine.LFD.2.00.1005270921540.3689@i5.linux-foundation.org>
On 05/27, Linus Torvalds wrote:
>
> On Thu, 27 May 2010, Oleg Nesterov wrote:
> >
> > --- 34-rc1/kernel/exec_domain.c~1_CK_OVERFLOW_EARLIER 2009-04-06 00:03:42.000000000 +0200
> > +++ 34-rc1/kernel/exec_domain.c 2010-05-27 15:15:12.000000000 +0200
> > @@ -193,9 +193,9 @@ SYSCALL_DEFINE1(personality, u_long, per
> > u_long old = current->personality;
> >
> > if (personality != 0xffffffff) {
> > - set_personality(personality);
> > - if (current->personality != personality)
> > + if ((unsigned int)personality != personality)
> > return -EINVAL;
> > + set_personality(personality);
> > }
>
> I think this is total random noise. The whole type system is crazy - don't
> just paper over it.
Of course! I agree very much.
> And if we decide that the field must fit in an unsigned int (reasonable),
> then let's just ignore the top bits, and make it work right even if
> somebody passes in an unsigned int!
Certainly, this was my first thought.
But I didn't dare to do this change because it is obviously user-visible,
and while this is not very important, we should change the declaration
of personality() in /usr/include/sys/personality.h
> -SYSCALL_DEFINE1(personality, u_long, personality)
> +SYSCALL_DEFINE1(personality, unsigned int, personality)
Indeed!
But. Suppose an application does personality(0xffffffff << 32) on x86_64.
Before this patch we return -EINVAL (but wrongly change ->personality).
After this patch this is equal to personality(0), right?
If you think this is fine - I agree. In case we have a bug report we
know who should be blamed ;)
As for 2/3 - once again, I think this is user-space problem, but I
can't explain this to the bug-reportes.
> - u_long old = current->personality;
> + unsigned int old = current->personality;
>
> if (personality != 0xffffffff) {
> set_personality(personality);
> @@ -198,7 +198,7 @@ SYSCALL_DEFINE1(personality, u_long, personality)
> return -EINVAL;
You can also remove this "return -EINVAL", this is no longer possible.
Oleg.
next prev parent reply other threads:[~2010-05-27 17:17 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-25 14:17 Q: sys_personality() && misc oddities Oleg Nesterov
2010-05-25 19:33 ` Roland McGrath
2010-05-26 12:36 ` Oleg Nesterov
2010-05-26 20:31 ` Roland McGrath
2010-05-26 20:35 ` H. Peter Anvin
2010-05-27 15:35 ` [PATCH 0/3] (Was: Q: sys_personality() && misc oddities) Oleg Nesterov
2010-05-27 15:35 ` [PATCH 1/3] sys_personality: validate personality before set_personality() Oleg Nesterov
2010-05-27 16:39 ` Linus Torvalds
2010-05-27 17:15 ` Oleg Nesterov [this message]
2010-05-27 17:51 ` Linus Torvalds
2010-05-27 18:13 ` Oleg Nesterov
2010-05-27 18:18 ` Andi Kleen
2010-05-28 19:11 ` [PATCH 0/2] sys_personality fixes v2 Oleg Nesterov
2010-05-28 19:12 ` [PATCH 1/2] change sys_personality() to accept "unsigned int" instead of u_long Oleg Nesterov
2010-05-28 19:12 ` [PATCH 2/2] remove the bogus checks in sys_personality()->__set_personality() path Oleg Nesterov
2010-05-28 19:28 ` [PATCH 0/2] sys_personality fixes v2 Linus Torvalds
2010-05-28 19:58 ` H. Peter Anvin
2010-05-28 19:59 ` Oleg Nesterov
2010-05-27 15:36 ` [PATCH 2/3] sys_personality: make sure (int)personality >= 0 Oleg Nesterov
2010-05-27 20:02 ` H. Peter Anvin
2010-05-28 19:03 ` Oleg Nesterov
2010-05-27 15:36 ` [PATCH 3/3] __set_personality: no need to check the old ->exec_domain Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100527171530.GA18284@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=roland@redhat.com \
--cc=rth@twiddle.net \
--cc=torvalds@linux-foundation.org \
--cc=wcohen@redhat.com \
--cc=wezhang@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.