From: Cyrill Gorcunov <gorcunov-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Josh Triplett <josh-iaAMLnmF4UmaiuxdJuQwMA@public.gmane.org>
Cc: Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Johannes Weiner <hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org>,
Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org>,
Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Andy Lutomirski <luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Petr Mladek <pmladek-IBi9RG/b67k@public.gmane.org>,
Thomas Garnier <thgarnie-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Ard Biesheuvel
<ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
Nicolas Pitre
<nicolas.pitre-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
Zefan Li <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>,
Li Bin <huawei.libin-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Dmitry Vyukov <dvyukov-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Ralf Baechle <ralf-6z/3iImG2C8G8FEW9MqTrA@public.gmane.org>,
Alex Thorlton <athorlton-sJ/iWh9BUns@public.gmane.org>,
Michal Hocko <mhocko-IBi9RG/b67k@public.gmane.org>,
Mateusz Guzik <mguzik-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
John Stultz <john.stultz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
Zach Brown <zab-H+wXaHxf7aJhl2p70BpVqQ@public.gmane.org>
Subject: Re: [PATCH 1/2] kernel: Move prctl and helpers from kernel/sys.c to new kernel/prctl.c
Date: Wed, 9 Nov 2016 10:02:38 +0300 [thread overview]
Message-ID: <20161109070238.GA1870@uranus.lan> (raw)
In-Reply-To: <afb9a2bb41be9e129ececea27e09a7d69d1c5e6c.1478650356.git-series.josh-iaAMLnmF4UmaiuxdJuQwMA@public.gmane.org>
On Tue, Nov 08, 2016 at 04:18:13PM -0800, Josh Triplett wrote:
> This prepares for making prctl optional.
>
> Signed-off-by: Josh Triplett <josh-iaAMLnmF4UmaiuxdJuQwMA@public.gmane.org>
> +
...
> +static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
> +{
> + struct fd exe;
> + struct file *old_exe, *exe_file;
> + struct inode *inode;
> + int err;
> +
> + exe = fdget(fd);
> + if (!exe.file)
> + return -EBADF;
> +
> + inode = file_inode(exe.file);
> +
> + /*
> + * Because the original mm->exe_file points to executable file, make
> + * sure that this one is executable as well, to avoid breaking an
> + * overall picture.
> + */
> + err = -EACCES;
> + if (!S_ISREG(inode->i_mode) || path_noexec(&exe.file->f_path))
> + goto exit;
> +
> + err = inode_permission(inode, MAY_EXEC);
> + if (err)
> + goto exit;
> +
> + /*
> + * Forbid mm->exe_file change if old file still mapped.
> + */
> + exe_file = get_mm_exe_file(mm);
> + err = -EBUSY;
> + if (exe_file) {
> + struct vm_area_struct *vma;
> +
> + down_read(&mm->mmap_sem);
> + for (vma = mm->mmap; vma; vma = vma->vm_next) {
> + if (!vma->vm_file)
> + continue;
> + if (path_equal(&vma->vm_file->f_path,
> + &exe_file->f_path))
> + goto exit_err;
> + }
> +
> + up_read(&mm->mmap_sem);
> + fput(exe_file);
> + }
> +
> + /*
> + * The symlink can be changed only once, just to disallow arbitrary
> + * transitions malicious software might bring in. This means one
> + * could make a snapshot over all processes running and monitor
> + * /proc/pid/exe changes to notice unusual activity if needed.
> + */
> + err = -EPERM;
> + if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags))
> + goto exit;
IIRC this snippet has been dropped in linux-next tree. Stas CC'ed.
The rest looks cool for me. Thanks!
Reviewed-by: Cyrill Gorcunov <gorcunov-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
WARNING: multiple messages have this Message-ID (diff)
From: Cyrill Gorcunov <gorcunov@gmail.com>
To: Josh Triplett <josh@joshtriplett.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Johannes Weiner <hannes@cmpxchg.org>,
Arnd Bergmann <arnd@arndb.de>, Ingo Molnar <mingo@kernel.org>,
Andy Lutomirski <luto@kernel.org>, Petr Mladek <pmladek@suse.com>,
Thomas Garnier <thgarnie@google.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Nicolas Pitre <nicolas.pitre@linaro.org>,
Zefan Li <lizefan@huawei.com>, Li Bin <huawei.libin@huawei.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Dmitry Vyukov <dvyukov@google.com>,
Ralf Baechle <ralf@linux-mips.org>,
Alex Thorlton <athorlton@sgi.com>, Michal Hocko <mhocko@suse.com>,
Mateusz Guzik <mguzik@redhat.com>,
John Stultz <john.stultz@linaro.org>,
Al Viro <viro@zeniv.linux.org.uk>, Zach Brown <zab@redhat.com>,
Anna Schumaker <Anna.Schumaker@Netapp.com>,
Dave Hansen <dave.hansen@intel.com>,
linux-kernel@vger.kernel.org, linux-api@vger.kernel.org
Subject: Re: [PATCH 1/2] kernel: Move prctl and helpers from kernel/sys.c to new kernel/prctl.c
Date: Wed, 9 Nov 2016 10:02:38 +0300 [thread overview]
Message-ID: <20161109070238.GA1870@uranus.lan> (raw)
In-Reply-To: <afb9a2bb41be9e129ececea27e09a7d69d1c5e6c.1478650356.git-series.josh@joshtriplett.org>
On Tue, Nov 08, 2016 at 04:18:13PM -0800, Josh Triplett wrote:
> This prepares for making prctl optional.
>
> Signed-off-by: Josh Triplett <josh@joshtriplett.org>
> +
...
> +static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
> +{
> + struct fd exe;
> + struct file *old_exe, *exe_file;
> + struct inode *inode;
> + int err;
> +
> + exe = fdget(fd);
> + if (!exe.file)
> + return -EBADF;
> +
> + inode = file_inode(exe.file);
> +
> + /*
> + * Because the original mm->exe_file points to executable file, make
> + * sure that this one is executable as well, to avoid breaking an
> + * overall picture.
> + */
> + err = -EACCES;
> + if (!S_ISREG(inode->i_mode) || path_noexec(&exe.file->f_path))
> + goto exit;
> +
> + err = inode_permission(inode, MAY_EXEC);
> + if (err)
> + goto exit;
> +
> + /*
> + * Forbid mm->exe_file change if old file still mapped.
> + */
> + exe_file = get_mm_exe_file(mm);
> + err = -EBUSY;
> + if (exe_file) {
> + struct vm_area_struct *vma;
> +
> + down_read(&mm->mmap_sem);
> + for (vma = mm->mmap; vma; vma = vma->vm_next) {
> + if (!vma->vm_file)
> + continue;
> + if (path_equal(&vma->vm_file->f_path,
> + &exe_file->f_path))
> + goto exit_err;
> + }
> +
> + up_read(&mm->mmap_sem);
> + fput(exe_file);
> + }
> +
> + /*
> + * The symlink can be changed only once, just to disallow arbitrary
> + * transitions malicious software might bring in. This means one
> + * could make a snapshot over all processes running and monitor
> + * /proc/pid/exe changes to notice unusual activity if needed.
> + */
> + err = -EPERM;
> + if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags))
> + goto exit;
IIRC this snippet has been dropped in linux-next tree. Stas CC'ed.
The rest looks cool for me. Thanks!
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
next prev parent reply other threads:[~2016-11-09 7:02 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-09 0:17 [PATCH 0/2] Support compiling out the prctl syscall Josh Triplett
2016-11-09 0:17 ` Josh Triplett
[not found] ` <cover.c693f10dfc19e12c214758e4b13ca9b4e4cf9668.1478650356.git-series.josh-iaAMLnmF4UmaiuxdJuQwMA@public.gmane.org>
2016-11-09 0:18 ` [PATCH 1/2] kernel: Move prctl and helpers from kernel/sys.c to new kernel/prctl.c Josh Triplett
2016-11-09 0:18 ` Josh Triplett
[not found] ` <afb9a2bb41be9e129ececea27e09a7d69d1c5e6c.1478650356.git-series.josh-iaAMLnmF4UmaiuxdJuQwMA@public.gmane.org>
2016-11-09 0:19 ` Andy Lutomirski
2016-11-09 0:19 ` Andy Lutomirski
2016-11-09 7:02 ` Cyrill Gorcunov [this message]
2016-11-09 7:02 ` Cyrill Gorcunov
2016-11-09 0:18 ` [PATCH 2/2] kernel: Support compiling out the prctl syscall Josh Triplett
2016-11-09 0:18 ` Josh Triplett
[not found] ` <b5c45594261252a486b891090eba8f10aa7ed329.1478650356.git-series.josh-iaAMLnmF4UmaiuxdJuQwMA@public.gmane.org>
2016-11-09 0:40 ` Kees Cook
2016-11-09 0:40 ` Kees Cook
[not found] ` <CAGXu5j+V11oF0gcqBQTsBMgetsSdRqLQffobhyEbze82gbW2vA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-09 0:47 ` Josh Triplett
2016-11-09 0:47 ` Josh Triplett
2016-11-09 0:56 ` Kees Cook
2016-11-09 0:56 ` Kees Cook
[not found] ` <CAGXu5jK-dh0DYGp=syrJb6NQ6x_FNBc-migCj4fvBHv4yvukpA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-11-09 1:08 ` Josh Triplett
2016-11-09 1:08 ` Josh Triplett
2016-11-09 0:26 ` [PATCH 0/2] " Arnd Bergmann
2016-11-09 0:26 ` Arnd Bergmann
2016-11-09 3:42 ` Josh Triplett
2016-11-09 3:42 ` Josh Triplett
2016-11-09 0:30 ` Nicolas Pitre
2016-11-09 0:30 ` Nicolas Pitre
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161109070238.GA1870@uranus.lan \
--to=gorcunov-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=ard.biesheuvel-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=arnd-r2nGTMty4D4@public.gmane.org \
--cc=athorlton-sJ/iWh9BUns@public.gmane.org \
--cc=dvyukov-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org \
--cc=huawei.libin-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=john.stultz-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=josh-iaAMLnmF4UmaiuxdJuQwMA@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=mguzik-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=mhocko-IBi9RG/b67k@public.gmane.org \
--cc=mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=nicolas.pitre-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=pmladek-IBi9RG/b67k@public.gmane.org \
--cc=ralf-6z/3iImG2C8G8FEW9MqTrA@public.gmane.org \
--cc=thgarnie-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
--cc=zab-H+wXaHxf7aJhl2p70BpVqQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.