Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp1159501imj; Thu, 14 Feb 2019 02:09:51 -0800 (PST) X-Google-Smtp-Source: AHgI3IYsdowNwV+7vbpbyI2MM3N+q71z7T3LdHzTUmEHMj1wkJzSfhKwppLD6Hvou1xzenCQhmy7 X-Received: by 2002:a17:902:6941:: with SMTP id k1mr3216103plt.195.1550138991076; Thu, 14 Feb 2019 02:09:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550138991; cv=none; d=google.com; s=arc-20160816; b=my8MNRkAEAIWaUDZ4LK9Tq6h7GgQFT7GNCSrm993iJuymuEuZ7YgFYcJQh8sodIovT pmS5O16KztfuzQBlOZo0/9PVCbc0p9tWWf1oIfIgbIxkEml1/CTE7N9EG0ozXPkhjO4v 0T4Xpp4sqZl+BgRLtrY8Wck+aRQcVNIWLSzhOTFnxnSMiMS6lqG5xWHt4LOjT0J2qfUn BGFIMVvJI8zR0Y+y4u04xpwHw6Q/ASBZG1qaguo7x30wAbu1gFgja7PO45Z1hBL6q4UM g2Exw1aTqMkGia9sOeaNZ+7Jexcpc/mTjgHQWfWCI9zA3z71mN2ONsY9msU1//BWtK7h TH6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=aWDWkCscEGObTet0nMfiwJDncASNslatrfgpuXCXCcI=; b=e32iXM3yIZ4j/RuZcXQXWgwn1SlAWpjmsaDETVdLP5sRRkkmgsEbY4O/qDLrRd+APQ avp4P2dwBZu+1LUL0qhxM1wmmJ2H4PUFxiAN8vMwK0ARVPPRXQd71IGucAfG9mVcQY6o Kx7BP7/zx96GImDYiUIuXSnAeV1GO/TjrrZGT9i0krKaTE5aqFPq4VyMKj+AZea6LciP dLvkdCz4d5MlRvfqID6Q1WpPAyQRIZ/svn4JHhLmA11nRUn885ygmdiVONwge/Dtcrw7 YtU5m3I8v6Mv0y3UPaTOZCWEITdlP2E2QIGuJJ/HsCFyNues3+hO1rqHAUNKLeF+oYsW iHmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=f71ucV6T; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q9si1890717pgh.92.2019.02.14.02.09.33; Thu, 14 Feb 2019 02:09:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=f71ucV6T; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727504AbfBNAlr (ORCPT + 99 others); Wed, 13 Feb 2019 19:41:47 -0500 Received: from mail-vs1-f68.google.com ([209.85.217.68]:33813 "EHLO mail-vs1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726317AbfBNAlr (ORCPT ); Wed, 13 Feb 2019 19:41:47 -0500 Received: by mail-vs1-f68.google.com with SMTP id e10so2637250vsp.1 for ; Wed, 13 Feb 2019 16:41:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aWDWkCscEGObTet0nMfiwJDncASNslatrfgpuXCXCcI=; b=f71ucV6TZFXwAnyQzDk56uajsFCqsGW+dmNsnjbPGl0zAVpVYLKgddkJoT0ertw9pf qJ8qMGpb8FSGFS+ZNgrIluJKotVghG+xUvTxGZX4IR2kBtTeDXpiE8CQxUYOuXq6PVkE Nn3bPNpD4D75lFS6S481emdTVY0ASMm6X+vQM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aWDWkCscEGObTet0nMfiwJDncASNslatrfgpuXCXCcI=; b=CwTmTVmwf66rEYspvwlr7Azy4uqdK+HD4JhVQ5gLvmTdempVCjiLfM3XOoRmuIJD+W tQAcmryNP3S7fwpx2OxmumsG5POVfBxL+9C3C+6bVvqN1vSP+xH9dQ/UEWRh7p06phrp NYmp+0/dV8bHEPLHccOHDSpPq5LIAyoMCMbkMbFFrhV4cCXDsW6A+8b4u5qOeCqSAlgc E0rruoQVrjwrZ6AcEWrhcwncRZV1QnOKh36p+2OrBMlSvrbnf+bxPGIPRYNFYiJJtkqM aV4HPunO1DWmJbl67j3nVdfn/yVDP5DuGeMN0LG/sgY6KirCnMmhqgRC7hTJO/9h6Mby o4bA== X-Gm-Message-State: AHQUAuaSMlndM75uTB8M8ExjKuiIcyuabV5WpGxEkXlQZVDKlthRHRwG EQm8NbMFWUV9n1Av497frwegj63gm+E= X-Received: by 2002:a67:f5ce:: with SMTP id t14mr582090vso.7.1550104905132; Wed, 13 Feb 2019 16:41:45 -0800 (PST) Received: from mail-vk1-f172.google.com (mail-vk1-f172.google.com. [209.85.221.172]) by smtp.gmail.com with ESMTPSA id n206sm1166556vkn.36.2019.02.13.16.41.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 16:41:43 -0800 (PST) Received: by mail-vk1-f172.google.com with SMTP id y14so994300vky.9 for ; Wed, 13 Feb 2019 16:41:43 -0800 (PST) X-Received: by 2002:a1f:8e49:: with SMTP id q70mr562750vkd.40.1550104903100; Wed, 13 Feb 2019 16:41:43 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Kees Cook Date: Wed, 13 Feb 2019 16:41:30 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Userspace regression in LTS and stable kernels To: Richard Weinberger Cc: Samuel Dionne-Riel , LKML , Linus Torvalds , graham@grahamc.com, Oleg Nesterov , Michal Hocko , Andrew Morton Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 13, 2019 at 3:36 PM Richard Weinberger wrote: > > [CC'in relevant folks] > > On Thu, Feb 14, 2019 at 12:19 AM Samuel Dionne-Riel > wrote: > > > > Hi, > > > > I am posting as a representative of the NixOS Linux distribution, > > about a userspace regression on 5.0-rc* which recently was backported > > to the 4.14.99, 4.19.21 and 4.20.8 current LTS and stable versions. > > The issue has been reported to the bug tracker, bug 202497, but seems > > to have gone unnoticed by the maintainers. > > > > The issue seems to break userspace for long-standing patterns in the > > NixOS distribution, with regards to use of the shebangs. > > > > Here is an example shebang causing an issue: > > > > #! /nix/store/mbwav8kz8b3y471wjsybgzw84mrh4js9-perl-5.28.1/bin/perl > > -I/nix/store/x6yyav38jgr924nkna62q3pkp0dgmzlx-perl5.28.1-File-Slurp-9999.25/lib/perl5/site_perl > > -I/nix/store/ha8v67sl8dac92r9z07vzr4gv1y9nwqz-perl5.28.1-Net-DBus-1.1.0/lib/perl5/site_perl > > -I/nix/store/dcrkvnjmwh69ljsvpbdjjdnqgwx90a9d-perl5.28.1-XML-Parser-2.44/lib/perl5/site_perl > > -I/nix/store/rmji88k2zz7h4zg97385bygcydrf2q8h-perl5.28.1-XML-Twig-3.52/lib/perl5/site_perl > > This this ever work correctly? It is longer than BINPRM_BUF_SIZE. > > > (The shebang was artificially wrapped spaces replaced by newlines) > > > > Another contributor tracked the regression it to commit > > 8099b047ecc431518b9bb6bdbba3549bbecdc343 in the 5.0-rc* tree. > > > > I bring no particular fix to the issue, but I believe it should at > > least be fast-tracked to a revert for the stable and LTS branches, and > > since 5.0 might drop soon, a solution worked on, or possibly a revert > > until one is figured out. > > Your shebang line exceeds BINPRM_BUF_SIZE. > Before the said commit the kernel silently truncated the shebang line > (and corrupted it), > now it tells the user that the line is too long. Yeah, it looks like it just truncates: $ cat /nix/store/mbwav8kz8b3y471wjsybgzw84mrh4js9-perl-5.28.1/bin/perl #!/usr/bin/perl print "Arg # 0 : $0\n"; $counter = 1; foreach my $a (@ARGV) { print "Arg # $counter : $a\n"; $counter++; } $ cat test.pl #! /nix/store/mbwav8kz8b3y471wjsybgzw84mrh4js9-perl-5.28.1/bin/perl -I/nix/store/x6yyav38jgr924nkna62q3pkp0dgmzlx-perl5.28.1-File-Slurp-9999.25/lib/perl5/site_perl -I/nix/store/ha8v67sl8dac92r9z07vzr4gv1y9nwqz-perl5.28.1-Net-DBus-1.1.0/lib/perl5/site_perl -I/nix/store/dcrkvnjmwh69ljsvpbdjjdnqgwx90a9d-perl5.28.1-XML-Parser-2.44/lib/perl5/site_perl -I/nix/store/rmji88k2zz7h4zg97385bygcydrf2q8h-perl5.28.1-XML-Twig-3.52/lib/perl5/site_perl print "I am the script\n"; 4.20.7: $ ./test.pl Arg # 0 : /nix/store/mbwav8kz8b3y471wjsybgzw84mrh4js9-perl-5.28.1/bin/perl Arg # 1 : -I/nix/store/x6yyav38jgr924nkna62q3pkp0dgmzlx-perl5.28.1-Fi Arg # 2 : ./test.pl 4.20.8: $ ./test.pl Error: no such file "I am the script\n" (My shell seems to fall back to direct shell execution) Since this is breaking existing userspace, we should probably switch back to the truncation, but do a WARN_ONCE or something so there's a visible hint _somewhere_ about the (long standing) issue? What do you think Oleg? -Kees -- Kees Cook