From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ed1-f66.google.com ([209.85.208.66]:43584 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726318AbeLQEV4 (ORCPT ); Sun, 16 Dec 2018 23:21:56 -0500 MIME-Version: 1.0 References: <18d54cd3edbf4fd3a7c01962f41ead58@cnbox5.mioffice.cn> <20181214154436.GA16772@avx2> In-Reply-To: <20181214154436.GA16772@avx2> From: =?UTF-8?B?56iL5rSL?= Date: Mon, 17 Dec 2018 12:21:40 +0800 Message-ID: Subject: Re: > [PATCH] Security: Handle hidepid option correctly To: Alexey Dobriyan Cc: Andrew Morton , David Howells , "Peter Zijlstra (Intel)" , Al Viro , Johannes Weiner , Davidlohr Bueso , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Actually I'm pretty sure kernel calls proc_mount() Here is the call stack [ 0.003450] [] proc_mount+0x2c/0x98 [ 0.003459] [] mount_fs+0x164/0x190 [ 0.003465] [] vfs_kern_mount+0x74/0x168 [ 0.003469] [] kern_mount_data+0x18/0x30 [ 0.003474] [] pid_ns_prepare_proc+0x24/0x40 [ 0.003484] [] alloc_pid+0x498/0x4b4 [ 0.003492] [] copy_process.isra.73.part.74+0xed0/0x17= 08 [ 0.003496] [] _do_fork+0xdc/0x3f8 [ 0.003501] [] kernel_thread+0x34/0x3c [ 0.003511] [] rest_init+0x20/0x80 [ 0.003522] [] start_kernel+0x3e4/0x43c [ 0.003527] [] __primary_switched+0x64/0x90 Alexey Dobriyan =E4=BA=8E2018=E5=B9=B412=E6=9C=8814= =E6=97=A5=E5=91=A8=E4=BA=94 =E4=B8=8B=E5=8D=8811:44=E5=86=99=E9=81=93=EF=BC= =9A > > On Wed, Dec 05, 2018 at 03:26:04PM +0800, =E7=A8=8B=E6=B4=8B wrote: > > Anyone who can review my patch? > > > > =E7=A8=8B=E6=B4=8B =E4=BA=8E2018=E5=B9=B411=E6= =9C=8830=E6=97=A5=E5=91=A8=E4=BA=94 =E4=B8=8A=E5=8D=8810:34=E5=86=99=E9=81= =93=EF=BC=9A > > > > > > Here is an article illustrates the details. > > > https://medium.com/@topjohnwu/from-anime-game-to-android-system-secur= ity-vulnerability-9b955a182f20 > > > > > > And There is a similar fix on kernel-4.4: > > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/co= mmit/?id=3D99663be772c827b8f5f594fe87eb4807be1994e5 > > > > > > Q: Other filesystems parse the options from fill_super(). Is proc sp= ecial in some fashion? > > > A: According to my research, start_kernel will call proc_mount first,= and initialize sb->s_root before any userspace process runs. If others wan= t to mount it, all options will be ignored. > > > AOSP change here: https://android-review.googlesource.com/c/plat= form/system/core/+/181345/4/init/init.cpp > > > At first I though we should mount it with MS_REMOUNT flag. But k= ernel will crash if we did this. > > This is not true: /proc is mounted by userspace (and it is easy to see > from the fact that proc_mount() is not called from kernel anywhere). > > hidepid=3D in its current form is misdesigned, so might as well not bothe= r > changing anything. IIRC there were(?) patches to make it per-mount.