Re: > [PATCH] Security: Handle hidepid option correctly

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: 程洋 <d17103513@gmail.com>
To: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	David Howells <dhowells@redhat.com>,
	"Peter Zijlstra (Intel)" <peterz@infradead.org>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Johannes Weiner <hannes@cmpxchg.org>,
	Davidlohr Bueso <dbueso@suse.de>,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: > [PATCH] Security: Handle hidepid option correctly
Date: Mon, 17 Dec 2018 12:21:40 +0800	[thread overview]
Message-ID: <CADd0cq21TfsncsoViQD+1Q=GKyjG5fKuWEnZr8JxevLh3mSeag@mail.gmail.com> (raw)
In-Reply-To: <20181214154436.GA16772@avx2>

Actually I'm pretty sure kernel calls proc_mount()
Here is the call stack
[    0.003450] [<ffffff8bef2a0190>] proc_mount+0x2c/0x98
[    0.003459] [<ffffff8bef22e560>] mount_fs+0x164/0x190
[    0.003465] [<ffffff8bef24c138>] vfs_kern_mount+0x74/0x168
[    0.003469] [<ffffff8bef24c244>] kern_mount_data+0x18/0x30
[    0.003474] [<ffffff8bef2a0258>] pid_ns_prepare_proc+0x24/0x40
[    0.003484] [<ffffff8bef0cd5ec>] alloc_pid+0x498/0x4b4
[    0.003492] [<ffffff8bef0a9b94>] copy_process.isra.73.part.74+0xed0/0x1708
[    0.003496] [<ffffff8bef0aa560>] _do_fork+0xdc/0x3f8
[    0.003501] [<ffffff8bef0aa8c8>] kernel_thread+0x34/0x3c
[    0.003511] [<ffffff8bf00cd498>] rest_init+0x20/0x80
[    0.003522] [<ffffff8bf0c00c7c>] start_kernel+0x3e4/0x43c
[    0.003527] [<ffffff8bf0c001e8>] __primary_switched+0x64/0x90
Alexey Dobriyan <adobriyan@gmail.com> 于2018年12月14日周五 下午11:44写道：
>
> On Wed, Dec 05, 2018 at 03:26:04PM +0800, 程洋 wrote:
> > Anyone who can review my patch?
> >
> > 程洋 <chengyang@xiaomi.com> 于2018年11月30日周五 上午10:34写道：
> > >
> > > Here is an article illustrates the details.
> > > https://medium.com/@topjohnwu/from-anime-game-to-android-system-security-vulnerability-9b955a182f20
> > >
> > > And There is a similar fix on kernel-4.4:
> > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=99663be772c827b8f5f594fe87eb4807be1994e5
> > >
> > > Q: Other filesystems parse the options from fill_super().  Is proc special in some fashion?
> > > A: According to my research, start_kernel will call proc_mount first, and initialize sb->s_root before any userspace process runs. If others want to mount it, all options will be ignored.
> > >      AOSP change here: https://android-review.googlesource.com/c/platform/system/core/+/181345/4/init/init.cpp
> > >      At first I though we should mount it with MS_REMOUNT flag. But kernel will crash if we did this.
>
> This is not true: /proc is mounted by userspace (and it is easy to see
> from the fact that proc_mount() is not called from kernel anywhere).
>
> hidepid= in its current form is misdesigned, so might as well not bother
> changing anything. IIRC there were(?) patches to make it per-mount.

next prev parent reply	other threads:[~2018-12-17  4:21 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-30  2:34 > [PATCH] Security: Handle hidepid option correctly 程洋
2018-11-30  5:58 ` 程洋
2018-11-30  7:34 ` 程洋
2018-12-05  7:26 ` 程洋
2018-12-07  7:03   ` 程洋
2018-12-14 15:44   ` Alexey Dobriyan
2018-12-17  4:21     ` 程洋 [this message]
2018-12-21 18:10       ` Alexey Dobriyan
     [not found] <cover.1543472629.git.chengyang@xiaomi.com>
2018-11-29 11:08 ` d17103513
2018-11-29 20:30   ` Andrew Morton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CADd0cq21TfsncsoViQD+1Q=GKyjG5fKuWEnZr8JxevLh3mSeag@mail.gmail.com' \
    --to=d17103513@gmail.com \
    --cc=adobriyan@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=dbueso@suse.de \
    --cc=dhowells@redhat.com \
    --cc=hannes@cmpxchg.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=peterz@infradead.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).