Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp1103528pxb; Thu, 23 Sep 2021 18:35:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyatCgm8Tj0c0vBcX6eby3FNI9hVvyP6FE1BISj6/vWA0iads1524KDXCsNZWgbFk9dGp4D X-Received: by 2002:a05:6638:f12:: with SMTP id h18mr6873465jas.107.1632447333657; Thu, 23 Sep 2021 18:35:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632447333; cv=none; d=google.com; s=arc-20160816; b=T42Zc0FpHqFCIRZfah9eAJ5Dx+MFOZBwE+1A779ZksIq9L8V96xej/PkiAurndCWNa lS/rrssNPTecxD9YYRzTVCx1E3OhnSvRoA3ewUsaLrmWkBlGPIjAngJY5/p0/tISTqSI hYka1cUjAc9Xi22UX0eOSOIPsUcz2T784Gs2DL36ghGP4UdVpmmnL4ySEFLBWHMytawA kr5kZbieIqofuS9JXGOw32nENVRjPGQa5SKBkvaiA+xSlmFRx3RnqfkxrjhVy4Imnigu tTrYsjx9YoX8PcQJIlnJOyPTR9tn0TZvVxvf5Yzt19ol8FkDsOffrecUrhnOeNONu/jE KPCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=/qOMIGogA1Xc3Ag/KoL2LzA/JNtrZrCrXRfeTJqQ6sY=; b=XNf8wzfWPQyGXCvrRsOS2x7XE79GzbYBZW0QgZJ8xbm1n7Ul6YplF7Ooz5H+uvlc70 1QNCJFDF9k62QDPSOEg0/IZvr9jCfEfDETYY879ZK7MlttDhC8nQhuJJlTC30xx13kFy gah/RMETnzAlbhwIxi7p7N4g1si3g3WWwN1T5cU5Zu7xRWdKON6S5pDyNhkHN3ZzoTSF NCTIQrkmqYF8VITxXg8cbxE3cWHw2FQBZEJrIrYAvX2Q9TlyWXc8799zuK40InixPgnn SYb2VoHouiFy5jc8UgHwEJRysJDB9tnD8i9qcH3IpUxsh+4DFwvWcPguIyHUOPG1+/hi c9rw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b8si9748350ios.12.2021.09.23.18.35.22; Thu, 23 Sep 2021 18:35:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243765AbhIXBfm (ORCPT + 99 others); Thu, 23 Sep 2021 21:35:42 -0400 Received: from shells.gnugeneration.com ([66.240.222.126]:38040 "EHLO shells.gnugeneration.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240863AbhIXBfm (ORCPT ); Thu, 23 Sep 2021 21:35:42 -0400 Received: by shells.gnugeneration.com (Postfix, from userid 1000) id C77451A56019; Thu, 23 Sep 2021 18:34:08 -0700 (PDT) Date: Thu, 23 Sep 2021 18:34:08 -0700 From: Vito Caputo To: Kees Cook Cc: Jann Horn , Thomas Gleixner , Josh Poimboeuf , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Jens Axboe , Mark Rutland , Peter Zijlstra , Stefan Metzmacher , Andy Lutomirski , Lai Jiangshan , Christian Brauner , Andrew Morton , "Kenta.Tada@sony.com" , Daniel Bristot de Oliveira , Michael =?utf-8?B?V2Vpw58=?= , Anand K Mistry , Alexey Gladkov , Michal Hocko , Helge Deller , Dave Hansen , Andrea Righi , Ohhoon Kwon , Kalesh Singh , YiFei Zhu , "Eric W. Biederman" , linux-kernel@vger.kernel.org, x86@kernel.org, linux-fsdevel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] proc: Disable /proc/$pid/wchan Message-ID: <20210924013408.mqw42x4lhqeq5ios@shells.gnugeneration.com> References: <20210923233105.4045080-1-keescook@chromium.org> <20210923234917.pqrxwoq7yqnvfpwu@shells.gnugeneration.com> <20210924002230.sijoedia65hf5bj7@shells.gnugeneration.com> <202109231814.FD09DBAD3@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202109231814.FD09DBAD3@keescook> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 23, 2021 at 06:16:16PM -0700, Kees Cook wrote: > On Thu, Sep 23, 2021 at 05:22:30PM -0700, Vito Caputo wrote: > > Instead of unwinding stacks maybe the kernel should be sticking an > > entrypoint address in the current task struct for get_wchan() to > > access, whenever userspace enters the kernel? > > wchan is supposed to show where the kernel is at the instant the > get_wchan() happens. (i.e. recording it at syscall entry would just > always show syscall entry.) > And you have the syscall # onhand when performing the syscall entry, no? The point is, if the alternative is to always get 0 from /proc/PID/wchan when a process is sitting in ioctl(), I'd be perfectly happy to get back sys_ioctl. I'm under the impression there's quite a bit of vendor-specific flexibility here in terms of how precise WCHAN is. If it's possible to preserve the old WCHAN precision I'm all for it. But if we've become so paranoid about leaking anything about the kernel to userspace that this is untenable, even if it just spits out the syscall being performed that has value. Regards, Vito Caputo