Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp590051pxb; Wed, 27 Jan 2021 16:02:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJzzLsJC5xgX6zo1tXhffJGx8cyA0Bp6kbuVjyT+opT9tin6bLtsTV85mo3uyObq7QBnNZnh X-Received: by 2002:a17:906:c18:: with SMTP id s24mr8987185ejf.419.1611792173739; Wed, 27 Jan 2021 16:02:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611792173; cv=none; d=google.com; s=arc-20160816; b=d1R7bvLfOOknbquNTuaUOW9yFiwNzIQ1Ag9yjV/chxbVViIDFkfU9OjTALDfzO7cjw k/9aQvtrw6Jz3Y5ra2ZGY7JCHFLeLn/UWfVWbQKBmmmB6sWr/Zj6mZWcfZkKp0tkr0Tz zNwTbfQ0hrvVrlnWfgLf/A+FDudNlSUPAoLUQO7jRaL0a2Cr/LUL4aR+hYW+1ytHsPpK pYEgLqNYC5t59xNue6/R+Io1u5BZZ2CWqK79w5vrb10OuKobtixQxvJcnT+uX87/zxjI 1RtJoiUmh+S7CY+DhFhcYCYyeBT16I46JxgbV6+UsPLpMcd9eyMyikz9tXLJ6t0cqAK2 54rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=N7A1x2GC1x0hF+kEQdhgJbtckU1NEuvdrANE8Zk2mBc=; b=QPeA26A2i3omiaYFeI3pSSQC9fLGQJS0hzcioAOgCJMZrgqQQjvNlpxxXhF75Uk31j hzDLcVynFG6kz8h7hozqMnEU+aNQgZ6BumohEjN1LfF0SXlG/5POZhEznXgXL4Z5/t4+ Id4AeA5Mku6R19F8sf1qxs/YRCSj+XyVUw4vahZyruswT/6fZSvsdx2QJ+ZAJkRToP6n JrFzIB9skQkT0j2Z53q8VpOHYfpZSAd8e90xUVuKHMWsL2cjM/vsirQph38W89oJXjdJ pm6TOZ2KIdEtwNHVWfGbTYpz69TU9mdN7eyYsm/9kxg+LbKLJau3L9vOY+OFIOk5PNKk jZQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PwO46OqO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id kd11si1506334ejc.330.2021.01.27.16.02.29; Wed, 27 Jan 2021 16:02:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PwO46OqO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343697AbhA0PJt (ORCPT + 99 others); Wed, 27 Jan 2021 10:09:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52752 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235635AbhA0PH7 (ORCPT ); Wed, 27 Jan 2021 10:07:59 -0500 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 841EBC06174A for ; Wed, 27 Jan 2021 07:07:17 -0800 (PST) Received: by mail-ej1-x62e.google.com with SMTP id rv9so3063097ejb.13 for ; Wed, 27 Jan 2021 07:07:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=N7A1x2GC1x0hF+kEQdhgJbtckU1NEuvdrANE8Zk2mBc=; b=PwO46OqOPXu+s13hTP8dIKnBU7ghxNkqb7PMprEjiCc6JwFpe65E/p95W2LoKqZ0K+ aqE2Q0kATuO5txfH2C7ti1pKIEW/fcipNQh4EEysIke8rK3e7MvDnpB8RI5g8aJ6PzvI ttlHr2PXcKsfWLso+s3LtOzSVFIR1fgy2Nb4VGsVAQaFtsMpfXH8jVewSTfWsKNYIoF/ fUctJgZ2E0i7HqIDsfJ4wonPFkXT7Tec7Z1s+GbnaQRH08YFVNFfxRBbIoXhlZ21RT7D 5U1PduvF3d5Wj2dcWmhS0Tp4RFU5HaIbnRK/AkpX9QoxhaLwNZEF4ldk4gb4K4tpgcVo tIRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=N7A1x2GC1x0hF+kEQdhgJbtckU1NEuvdrANE8Zk2mBc=; b=qzgt7svxySD7Okz3Nc9emP9yXRnY7e2dXxBt/wqpj7U9IpiJrwxzktnMrbDXzyldkF f/uvjgWr6zGmnTzj8q9DEbW852WOHdGUfcjo24Ogh5nmkX99jfVNYA8LikuQVhno0hzI qji2rsq4Z58wOA4mP2/SWJoKKDQ1jLbzXyt7Ha311miON9rZYvRW00/5JCiGqKtxJVxF whRjPLbHfO6GFKtjaf3e6v76gW1Y+VZcxAo79TZRvun6cArqeHyQN9AkY7Qqo2DLFbuy HpqrQjxIGvcS9xI7sjhg+6WSM0KTyzkkIdaFHhjVrmPzSzICVzgM6vf/rypm0aHYRqXA c1vg== X-Gm-Message-State: AOAM530Gnu/JfY9gwIiB/ahGdiMIYkHCdltVFbC3XDCQHgS5OXydg/I2 kb01r3/u+ta7jN/b5hBm11ISBQ== X-Received: by 2002:a17:906:5846:: with SMTP id h6mr7083231ejs.521.1611760036032; Wed, 27 Jan 2021 07:07:16 -0800 (PST) Received: from google.com ([2a00:79e0:2:11:1ea0:b8ff:fe79:fe73]) by smtp.gmail.com with ESMTPSA id s15sm962666ejy.68.2021.01.27.07.07.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Jan 2021 07:07:15 -0800 (PST) Date: Wed, 27 Jan 2021 16:07:09 +0100 From: Piotr Figiel To: Andrew Morton Cc: Alexey Dobriyan , "Eric W. Biederman" , Kees Cook , Alexey Gladkov , Michel Lespinasse , Bernd Edlinger , Andrei Vagin , mathieu.desnoyers@efficios.com, viro@zeniv.linux.org.uk, peterz@infradead.org, paulmck@kernel.org, boqun.feng@gmail.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, posk@google.com, kyurtsever@google.com, ckennelly@google.com, pjt@google.com Subject: Re: [PATCH v3] fs/proc: Expose RSEQ configuration Message-ID: References: <20210126185412.175204-1-figiel@google.com> <20210126112547.d3f18b6a2abe864e8bfa7fcd@linux-foundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210126112547.d3f18b6a2abe864e8bfa7fcd@linux-foundation.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 26, 2021 at 11:25:47AM -0800, Andrew Morton wrote: > On Tue, 26 Jan 2021 19:54:12 +0100 Piotr Figiel wrote: > > To achieve above goals expose the RSEQ structure address and the > > signature value with the new per-thread procfs file "rseq". > Using "/proc//rseq" would be more informative. > > > fs/exec.c | 2 ++ > > fs/proc/base.c | 22 ++++++++++++++++++++++ > > kernel/rseq.c | 4 ++++ > > A Documentation/ update would be appropriate. > > > + task_lock(current); > > rseq_execve(current); > > + task_unlock(current); > > There's a comment over the task_lock() implementation which explains > what things it locks. An update to that would be helpful. Agreed I'll include fixes for above comments in v4. > > --- a/fs/proc/base.c > > +++ b/fs/proc/base.c > > @@ -662,6 +662,22 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns, > > > > return 0; > > } > > + > > +#ifdef CONFIG_RSEQ > > +static int proc_pid_rseq(struct seq_file *m, struct pid_namespace *ns, > > + struct pid *pid, struct task_struct *task) > > +{ > > + int res = lock_trace(task); > > + > > + if (res) > > + return res; > > + task_lock(task); > > + seq_printf(m, "%px %08x\n", task->rseq, task->rseq_sig); > > + task_unlock(task); > > + unlock_trace(task); > > + return 0; > > +} > > Do we actually need task_lock() for this purpose? Would > exec_update_lock() alone be adequate and appropriate? Now rseq syscall which modifies those fields isn't synchronised with exec_update_lock. So either a new lock or task_lock() could be used or exec_update_lock could be reused in the syscall. I decided against exec_update_lock reuse in the syscall because it's normally used to guard access checks against concurrent setuid exec. This could be potentially confusing as it's not relevant for the the rseq syscall code. I think task_lock usage here is also consistent with how it's used across the kernel. Whether we need consistent rseq and rseq_sig pairs in the proc output, I think there's some argument for it (discussed also in parallel thread with Mathieu Desnoyers). Best regards, Piotr.