Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp7705723yba; Thu, 2 May 2019 14:50:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqxj1H15lStOKN07fJ7n8BVJ9Q2/Na3ra9i66pa5SZ2YQ11yM5eUjhTbXaVIDthADJMcvJVc X-Received: by 2002:aa7:800e:: with SMTP id j14mr6553314pfi.157.1556833841792; Thu, 02 May 2019 14:50:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556833841; cv=none; d=google.com; s=arc-20160816; b=TjhmWopaYg+z18j5+xKHDj0pDbb+s6HFE5KStnQtnNVMWs+v69ue/wNoTBK/lNlu1x ic1QyWIj+IV+Ah52eAvgX2vP07B9hRy5RDvKk/nPCZyuwy9n2d6aJhC6hqwvGoSvpBSc sE4evQIWdAnZhjATVP1aLSMGp2EOnCauaqAn3GuQZbltt70StmonaRNRlEAxeMhSImeY BZLf2WShAlQkN9N5xurhlAcO8JgiYYDCUvJA3sFtH7CCJKYmrWSaZTgIMO8L/lSf0ibB 89UjIwXo+hIsv5Q/qnAsTN0WS/CwOSMGdaJ8hroGUK6DhS8C4Dhf3ZWbALdcroPafIHq 6UVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=5HcxFLAOHYDm4q2/95LW5i6fvHO9cvLeIClq07OW1cE=; b=zYcs9NsW3j03gMSR/w18uLIWjtSRgAQuC1T5s4uNzIZaZ/w7VfwFzsQxygjyq2cKhO SVrTWvqAitALKo02WhR/jF3NaSXqAqZth7oNlyGr+SDhaIHHJ6RiSxNVZfC0vzdlw3sp ENZee7yVkuG9hqtcJpBtqd3L8uNAgiFYxXio83+doOUpzN+6WIzcj3nV7qJFefKpIAfx Q0+p9Jyn3W446pym8dAZSOei0AMmJQWJ63IwYECbMJYc986fwekJwTE15MenNRc7kpNm y3K9C/x58ebEHfwUh69SNxVHeUvnPbP4oLTaogQ5F9OWxh0hEFAxKT95Bv/f/siRi6qU +a5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="bs/G3q2N"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j15si175105pfi.8.2019.05.02.14.50.25; Thu, 02 May 2019 14:50:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="bs/G3q2N"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726203AbfEBVt0 (ORCPT + 99 others); Thu, 2 May 2019 17:49:26 -0400 Received: from mail-io1-f68.google.com ([209.85.166.68]:44756 "EHLO mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726030AbfEBVtZ (ORCPT ); Thu, 2 May 2019 17:49:25 -0400 Received: by mail-io1-f68.google.com with SMTP id r71so3562857iod.11 for ; Thu, 02 May 2019 14:49:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=5HcxFLAOHYDm4q2/95LW5i6fvHO9cvLeIClq07OW1cE=; b=bs/G3q2NO3R7R77rcvcPtDWwGM2ladbRMjfmPf00RcM7rE3Njq768jyhnQeD9J1aca 1X3wIi2FiSK+mYsbJQ6jkqvPliE9mym5t9XfDaBQWltnggp7ZNXQeQMEZPudi0PBktCB zmQ24hmSGif6wDITjq3HIlOwqK6GYlYFZJx8BN6u78IeSJ3C5iZkhj6UPjMELQeE46fg 51qRTjxviLt+4zcd1KXCugFlJfbGoY7xz5ETOC5G9/2RZCWY0/RfAzAbU1sl5FkNcDK5 irZ7hV2C0Ghx2GXyaldlx71tDpPU8hh6OIjSSYahcpHgybiEbUl6DMHt2H09Gu90Uo09 1gNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=5HcxFLAOHYDm4q2/95LW5i6fvHO9cvLeIClq07OW1cE=; b=Pa6Cyn85vhUiSvjMencrLgm63tJn4MAsXVXz64Wy4L0Yed1p9cAPJNBZ4M9mg8eQXf H4BBWh5wy7es5aQxg1BwWL/sqRMKLFy1cEMM5j3ho8FFD6AqJrQC11foraHlVOq8W1SC ZR+XF1RGQGNwGNX/xzDXRft+xDLommTzuyaDkg+nyvvWHoqIFo4ct9cuTN8BiUzllXhV Ec7awmMhABKnEFeBGFy53aDKkwEmY45pRBEoMRke93SkoweIbKNEwmyONcYQ/OheE9Wo 835hDG2f/Hy77lew/sEfFRNnVJWrGqYVFHntT3vK3eHI0gii3z9NPlU4sH6khwb7bSVR XLOQ== X-Gm-Message-State: APjAAAWjOYuwxAoSn7sY4bElJ2YbBjbDMYdrcUDThdLEF9azQnmEOdQy oiw71EQP1CPwU7Ele7sJV1zWE3WZur/lznp0K/g= X-Received: by 2002:a5d:9d48:: with SMTP id k8mr4684210iok.194.1556833764935; Thu, 02 May 2019 14:49:24 -0700 (PDT) MIME-Version: 1.0 References: <1556830342-32307-1-git-send-email-jsavitz@redhat.com> <1556830342-32307-2-git-send-email-jsavitz@redhat.com> In-Reply-To: <1556830342-32307-2-git-send-email-jsavitz@redhat.com> From: Yury Norov Date: Thu, 2 May 2019 14:49:14 -0700 Message-ID: Subject: Re: [PATCH v2 1/2] kernel/sys: add PR_GET_TASK_SIZE option to prctl(2) To: Joel Savitz Cc: linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Masami Hiramatsu , Waiman Long , Mauro Carvalho Chehab , Kristina Martsenko , Andrew Morton , Cyrill Gorcunov , Kees Cook , "Gustavo A. R. Silva" , YueHaibing , Micah Morton , Yang Shi , Jann Horn , Alexey Dobriyan , Rafael Aquini , Michael Kerrisk , yury.norov@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org =D1=87=D1=82, 2 =D0=BC=D0=B0=D1=8F 2019 =D0=B3. =D0=B2 13:52, Joel Savitz <= jsavitz@redhat.com>: > > When PR_GET_TASK_SIZE is passed to prctl, the kernel will attempt to > copy the value of TASK_SIZE to the userspace address in arg2. > > Suggested-by: Alexey Dobriyan > Signed-off-by: Joel Savitz > --- > include/uapi/linux/prctl.h | 3 +++ > kernel/sys.c | 10 ++++++++++ > 2 files changed, 13 insertions(+) > > diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h > index 094bb03b9cc2..2335fe0a8db8 100644 > --- a/include/uapi/linux/prctl.h > +++ b/include/uapi/linux/prctl.h > @@ -229,4 +229,7 @@ struct prctl_mm_map { > # define PR_PAC_APDBKEY (1UL << 3) > # define PR_PAC_APGAKEY (1UL << 4) > > +/* Get the process virtual memory size */ > +#define PR_GET_TASK_SIZE 55 > + > #endif /* _LINUX_PRCTL_H */ > diff --git a/kernel/sys.c b/kernel/sys.c > index 12df0e5434b8..7ced7dbd035d 100644 > --- a/kernel/sys.c > +++ b/kernel/sys.c > @@ -2252,6 +2252,13 @@ static int propagate_has_child_subreaper(struct ta= sk_struct *p, void *data) > return 1; > } > > +static int prctl_get_tasksize(void __user * uaddr) > +{ > + unsigned long task_size =3D TASK_SIZE; > + return copy_to_user(uaddr, &task_size, sizeof(unsigned long)) > + ? -EFAULT : 0; > +} > + Joel, you missed my point from the comment to v1. This is still broken for compat architectures. On 64 bit machines compat userspace has unsigned long as u32, and therefore you corrupt user data. > int __weak arch_prctl_spec_ctrl_get(struct task_struct *t, unsigned long= which) > { > return -EINVAL; > @@ -2486,6 +2493,9 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, = arg2, unsigned long, arg3, > return -EINVAL; > error =3D PAC_RESET_KEYS(me, arg2); > break; > + case PR_GET_TASK_SIZE: > + error =3D prctl_get_tasksize((void *)arg2) ; > + break; > default: > error =3D -EINVAL; > break; > -- > 2.18.1 >