Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp7695144yba; Thu, 2 May 2019 14:36:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqwqFCRvryGwNcGCJGa5fwV5cw9ikvCRdbgPTPkHcKm9bzbZ28PN0V7jXga9/dBfNVBfUAqu X-Received: by 2002:a17:902:2ba9:: with SMTP id l38mr6188254plb.220.1556832982438; Thu, 02 May 2019 14:36:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556832982; cv=none; d=google.com; s=arc-20160816; b=GXpE7fRC7iqBWdbCYsfRhvA/cK/rzX07IYv5CvJeknMQPegEa0/iDk+aTamegfrnVe AXO8h6kYiesSSThr06MYRRKM3P8911pEuFbm2iu030rl6w2RouBG1d6PJwjTRcpjGHi6 OY2SLBCCJH0SRZWsDhJhrzEkQPGPCe/E5aaru1AabiRXV5XKIZfOzlp0oMiSuO6TDr24 hJ4g6PNj26BXuKVajQi1U4LkteDH0gezk46HmAeukdVGOVa13avET0uR83DKHd75BKj4 9kdS0uwckM080MqWvhUb8XGv4gERjLaTkBz4YJfyZf9e8Y8ax5rlMqPEBuqjm7+9fkgZ PyrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=pMCFqBmZdC2vIWtn/6JNsusyEuOW8+QTsv2O54WuzUg=; b=oTfG9NX9EPzaq4ck8CU7RNaKkqvl3o1uNmKyIueNMJGeCd7/YVHQri8RDx9nMHBNZw W5kEc3W2Y086HPrwNObp/ZkqnBHFziVICWDS+NSZD1PPDpOsXC//BdeU9yUiLXPQeqGt rz1OsTblIA8MULEsoh31as8C5dhkAbzUWQbaiRAvybqbP702wEZQeaDPEXg3XNGVnncE 4iW3pGWJYxJBFr2m5kEVtF9V7av8aQn73YIBfUnHcjauO0hxrgcgsYBEuj4E9yODgMM4 zs6R7O1+rofIeCC9d2eqF+YeJxtKXsDBC9glg5/SmhUuL+uAYvuSL9BHYYbNkuCBmgeZ ZH7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=e07d0lQC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f91si344573plb.20.2019.05.02.14.36.03; Thu, 02 May 2019 14:36:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=e07d0lQC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726193AbfEBVfC (ORCPT + 99 others); Thu, 2 May 2019 17:35:02 -0400 Received: from mail-io1-f66.google.com ([209.85.166.66]:46379 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726022AbfEBVfC (ORCPT ); Thu, 2 May 2019 17:35:02 -0400 Received: by mail-io1-f66.google.com with SMTP id m14so3511749ion.13 for ; Thu, 02 May 2019 14:35:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=pMCFqBmZdC2vIWtn/6JNsusyEuOW8+QTsv2O54WuzUg=; b=e07d0lQCKzDv9Pdj3LJf94ZrkmLPrhGTTb9t5r/pMCO0MFre+kVK6z18QHIbdfEFqe QIPvdNmtAqexsvZAQxjRjex0UbMOHX5cjV8s33nyOEvtLOloHXwFV/1oeTPmkkzb0W2x M9AgCuMRjJKsNmF4F8UMagA1FEY5uZJFRKPrfruKh/4diYXqEQeXax/jOnxIyLmvgkil VBOLEim18u7aTcqZEt1Mj7ycE7SPVU0+LfDJ033T8IRPKK6cos4W7op2HYn3sJr1Dmgz iZRKMTWtA+ysQTxVYsQOsOFjkcj4F23sV5uVBWWuRgqYrUZI/n2W2MRnm4UWSJDrrpzb e5Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=pMCFqBmZdC2vIWtn/6JNsusyEuOW8+QTsv2O54WuzUg=; b=sqaAROpaTHg36iEOl8nAW9+qPdRgFMrt5CNN29vxAp9YHfbzzbNgGx0DVHWYaDy1MS YhnfhHTuv0xoMYPv6Obb+FSFwbxujx2Gixy9WsseySsjFT07GW8nPEga76P9Kmuv6gvz uInLHV3iRx1r6fdw6NK0Z9SN4W/luqoSrRjAlmEMk3MnauCaxQLrEaUidFi5osO5j15B JMhWvnHuDNKUCJWLPJyvH4k0HEcg1VWSkgxcQlAo6ctsjbg4Fv+EuoR1axgHTHBwurJb 3Qdr0uv6Xv7j2+ms47hFPrWMZKVe8rQNB9999Fw8JkUd3F5aUVjO/7nlMFy78BixClQf 2fIw== X-Gm-Message-State: APjAAAXlutc/VDejXE+q8o2d+nete0dCykk+7ktGyg+oUP7Wh3RNWnun FVzeU0VOQB2D1iAvWdifBJDLkRxH+XJUA5U3lR4= X-Received: by 2002:a5d:9d48:: with SMTP id k8mr4642213iok.194.1556832901192; Thu, 02 May 2019 14:35:01 -0700 (PDT) MIME-Version: 1.0 References: <1556830342-32307-1-git-send-email-jsavitz@redhat.com> <8bb9fe29-65d3-e977-1932-4a2f17ead333@redhat.com> <20190502211002.GG2488@uranus.lan> In-Reply-To: From: Yury Norov Date: Thu, 2 May 2019 14:34:49 -0700 Message-ID: Subject: Re: [PATCH v2 0/2] sys/prctl: expose TASK_SIZE value to userspace To: Joel Savitz Cc: Cyrill Gorcunov , Waiman Long , linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Masami Hiramatsu , Mauro Carvalho Chehab , Kristina Martsenko , Andrew Morton , Kees Cook , "Gustavo A. R. Silva" , YueHaibing , Micah Morton , Yang Shi , Jann Horn , Alexey Dobriyan , Rafael Aquini , Michael Kerrisk Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org =D1=87=D1=82, 2 =D0=BC=D0=B0=D1=8F 2019 =D0=B3. =D0=B2 14:23, Joel Savitz <= jsavitz@redhat.com>: > > Yes, this the change, thanks to the suggestion of Yury Norov. Joel, could you please stop top-posting? > I also now explicitly mention the expected userspace destination type > in the manpage patch. > > Best, > Joel Savitz > > > On Thu, May 2, 2019 at 5:10 PM Cyrill Gorcunov wrote= : > > > > On Thu, May 02, 2019 at 05:01:38PM -0400, Waiman Long wrote: > > > > > > What did you change in v2 versus v1? > > > > Seems unsigned long long has been changed to unsigned long. Sorry guys, I replied to Joel, but accidentally dropped the folks. Find discussion below. =D1=87=D1=82, 2 =D0=BC=D0=B0=D1=8F 2019 =D0=B3. =D0=B2 13:50, Joel Savitz <= jsavitz@redhat.com>: > > While I disagree that kernel memory is exposed, as the 8-byte > (unsigned long long) value of task_size is initialized by the > assignment of TASK_SIZE, I agree with your suggestion, as the current > code may corrupt the userspace stack of the caller unless provided > with the address of an unsigned long long, an unusual type to store a > value of word size. > > As such, I have adopted your suggestion and added type information to > my manpage patch. Expect the v2 to be posted shortly. > > Thank you for your review. > > Best, > Joel Savitz > > On Thu, May 2, 2019 at 3:41 PM Yury Norov wrot= e: > > > > =D1=87=D1=82, 2 =D0=BC=D0=B0=D1=8F 2019 =D0=B3. =D0=B2 12:15, Joel Savi= tz : > > > > > > When PR_GET_TASK_SIZE is passed to prctl, the kernel will attempt to > > > copy the value of TASK_SIZE to the userspace address in arg2. > > > > but you copy the value of task_size. > > > > > Suggested-by: Alexey Dobriyan > > > Signed-off-by: Joel Savitz > > > --- > > > include/uapi/linux/prctl.h | 3 +++ > > > kernel/sys.c | 10 ++++++++++ > > > 2 files changed, 13 insertions(+) > > > > > > diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h > > > index 094bb03b9cc2..2335fe0a8db8 100644 > > > --- a/include/uapi/linux/prctl.h > > > +++ b/include/uapi/linux/prctl.h > > > @@ -229,4 +229,7 @@ struct prctl_mm_map { > > > # define PR_PAC_APDBKEY (1UL << 3) > > > # define PR_PAC_APGAKEY (1UL << 4) > > > > > > +/* Get the process virtual memory size */ > > > +#define PR_GET_TASK_SIZE 55 > > > + > > > #endif /* _LINUX_PRCTL_H */ > > > diff --git a/kernel/sys.c b/kernel/sys.c > > > index 12df0e5434b8..7ced7dbd035d 100644 > > > --- a/kernel/sys.c > > > +++ b/kernel/sys.c > > > @@ -2252,6 +2252,13 @@ static int propagate_has_child_subreaper(struc= t task_struct *p, void *data) > > > return 1; > > > } > > > > > > +static int prctl_get_tasksize(void __user * uaddr) > > > +{ > > > + unsigned long long task_size =3D TASK_SIZE; > > > + return copy_to_user(uaddr, &task_size, sizeof(unsigned long l= ong)) > > > + ? -EFAULT : 0; > > > +} > > > + > > > > task_size is unsigned long. On 32-bit systems you will end up exposing = 4 bytes > > of kernel memory. You should switch to sizeof(unsigned long). > > > > Your code is broken for compat arches. Take a look at the definition > > of TASK_SIZE > > for arm64, for example. > > > > Thanks, > > Yury