Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1057304yba; Fri, 3 May 2019 15:17:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqzoH60kkEit4dABBex8MV0N2JSEUezVz/Wt0LQ112luLivcIPbe4K7OHuWSwCG7oKlArILg X-Received: by 2002:a62:e50a:: with SMTP id n10mr14721491pff.55.1556921839513; Fri, 03 May 2019 15:17:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556921839; cv=none; d=google.com; s=arc-20160816; b=T1mQsKEdE94vESFvg54q4br7+PA3rDFqgyt77InvpZ4rRWrMhmMpmO0kKMtD3yDl48 V3wyWNWIUeuIGZ8+yt2EmV4clRePWs18fObhQDvlBdA/Gyvq4pNgtlDskWNv98KGzk58 EgqDfdOnsFH8ti16QBQqZFFviQiOJY6JuUBl2U1ceH3MUAARwbQC9ymmlq8eDIPvSWa1 60yPYXIJ30u0XFqD8TNZYLb4OBs03FQ5ljHV/ir9Y8HRLrcCiQ8nI4FghSnJrriAiCWm OOY5dEsR2Ou9GyWCdqHCLEQa/yV5X+rxvT0f9aSyAqHYEpYW4hRn4uv18tDiRJxRvTN8 rLDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=jcSY06o95SWFzknVhsRMrlAXpxkIwZjE6JfWUUgwju4=; b=BJ3o79sItn2psfnd1scfdyu9cyoOr0HrIyVKpBjmtA1Vtg98cwEjZ4rzzs1hh6XCFL jIs8YmKokbERcONcC+zGLqV669ppw1up2LIGaoIShSqui+LWo8QQrK3oE5h3mVOrD4hC sZp2A0PHvmRMQXEjgTJiZqJXPZEkAtshTF3LLd7ailZwEFPDjRIWhhCrjIzocYSuysJG boOLHXYpg8beUXXzNmo6E94s5vkRaC8SiNjUYNmxVXvLH7cowq8opRpUosuetaziXo6v ZQIIfsl7WEMzO8nNQAuA0m2kPAiH9p3THgT7fJDylT3TRFsbvtJX48Ld7i7UqZhtPZnf jHoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 36si1724308pla.235.2019.05.03.15.17.03; Fri, 03 May 2019 15:17:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726795AbfECVwD (ORCPT + 99 others); Fri, 3 May 2019 17:52:03 -0400 Received: from mx1.redhat.com ([209.132.183.28]:57484 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726765AbfECVwC (ORCPT ); Fri, 3 May 2019 17:52:02 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B46C1C057F3B; Fri, 3 May 2019 21:52:01 +0000 (UTC) Received: from x230.aquini.net (ovpn-120-150.rdu2.redhat.com [10.10.120.150]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C19671798E; Fri, 3 May 2019 21:51:56 +0000 (UTC) Date: Fri, 3 May 2019 17:51:54 -0400 From: Rafael Aquini To: Yury Norov Cc: Joel Savitz , linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Masami Hiramatsu , Waiman Long , Mauro Carvalho Chehab , Kristina Martsenko , Andrew Morton , Cyrill Gorcunov , Kees Cook , "Gustavo A. R. Silva" , YueHaibing , Micah Morton , Yang Shi , Jann Horn , Alexey Dobriyan , Michael Kerrisk , David Laight Subject: Re: [PATCH v3 1/2] kernel/sys: add PR_GET_TASK_SIZE option to prctl(2) Message-ID: <20190503215154.GA10302@x230.aquini.net> References: <1556907021-29730-1-git-send-email-jsavitz@redhat.com> <1556907021-29730-2-git-send-email-jsavitz@redhat.com> <20190503210831.GB5887@yury-thinkpad> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190503210831.GB5887@yury-thinkpad> User-Agent: Mutt/1.11.3 (2019-02-01) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 03 May 2019 21:52:02 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 03, 2019 at 02:08:31PM -0700, Yury Norov wrote: > On Fri, May 03, 2019 at 02:10:20PM -0400, Joel Savitz wrote: > > When PR_GET_TASK_SIZE is passed to prctl, the kernel will attempt to > > copy the value of TASK_SIZE to the userspace address in arg2. > > > > It is important that we account for the case of the userspace task > > running in 32-bit compat mode on a 64-bit kernel. As such, we must be > > careful to copy the correct number of bytes to userspace to avoid stack > > corruption. > > > > Suggested-by: Yuri Norov > > I actually didn't suggest that. If you _really_ need TASK_SIZE to > be exposed, I would suggest to expose it in kernel headers. TASK_SIZE > is a compile-time information, and it may available for userspace at > compile time as well. > TASK_SIZE is a runtime resolved macro, dependent on the thread currently running on the CPU. It's not a compile time constant. Anyways, it's proven that going prctl(2), although interesting, as suggested by Alexey, wasn't worth the hassle as it poses more issues than it can possibly solve. A better way to get this value exposed to userspace is really through /proc//status, where one can utilize TASK_SIZE_OF(mm->owner), or simply mm->task_size, which seems to be properly assigned for each arch > > Suggested-by: Alexey Dobriyan > > Signed-off-by: Joel Savitz > > --- > > include/uapi/linux/prctl.h | 3 +++ > > kernel/sys.c | 23 +++++++++++++++++++++++ > > 2 files changed, 26 insertions(+) > > > > diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h > > index 094bb03b9cc2..2c261c461952 100644 > > --- a/include/uapi/linux/prctl.h > > +++ b/include/uapi/linux/prctl.h > > @@ -229,4 +229,7 @@ struct prctl_mm_map { > > # define PR_PAC_APDBKEY (1UL << 3) > > # define PR_PAC_APGAKEY (1UL << 4) > > > > +/* Get the process virtual memory size (i.e. the highest usable VM address) */ > > +#define PR_GET_TASK_SIZE 55 > > + > > #endif /* _LINUX_PRCTL_H */ > > diff --git a/kernel/sys.c b/kernel/sys.c > > index 12df0e5434b8..709584400070 100644 > > --- a/kernel/sys.c > > +++ b/kernel/sys.c > > @@ -2252,6 +2252,26 @@ static int propagate_has_child_subreaper(struct task_struct *p, void *data) > > return 1; > > } > > > > +static int prctl_get_tasksize(void __user *uaddr) > > +{ > > + unsigned long current_task_size, current_word_size; > > + > > + current_task_size = TASK_SIZE; > > + current_word_size = sizeof(unsigned long); > > + > > +#ifdef CONFIG_64BIT > > + /* On 64-bit architecture, we must check whether the current thread > > + * is running in 32-bit compat mode. If it is, we can simply cut > > + * the size in half. This avoids corruption of the userspace stack. > > + */ > > + if (test_thread_flag(TIF_ADDR32)) > > It breaks build for all architectures except x86 since TIF_ADDR32 is > defined for x86 only. > > In comment to v2 I suggested you to stick to fixed-size data type to > avoid exactly this problem. > > NACK > > Yury > > > + current_word_size >>= 1; > > +#endif > > + > > + return copy_to_user(uaddr, ¤t_task_size, current_word_size) ? -EFAULT : 0; > > +} > > + > > int __weak arch_prctl_spec_ctrl_get(struct task_struct *t, unsigned long which) > > { > > return -EINVAL; > > @@ -2486,6 +2506,9 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, > > return -EINVAL; > > error = PAC_RESET_KEYS(me, arg2); > > break; > > + case PR_GET_TASK_SIZE: > > + error = prctl_get_tasksize((void *)arg2); > > + break; > > default: > > error = -EINVAL; > > break; > > -- > > 2.18.1