Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp4298580pxb; Mon, 27 Sep 2021 13:53:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyrGOzs4KqI8cMlzmxdN990F5vBkEL1UPOIj3XY6oBXBHvsdQvq7DSenqZYuXvCUuE+G/Bm X-Received: by 2002:a63:d814:: with SMTP id b20mr1396840pgh.268.1632776002298; Mon, 27 Sep 2021 13:53:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632776002; cv=none; d=google.com; s=arc-20160816; b=z9XrLuOn2V2nhtazJdA4HeDAP/hNLV8JfmYdDIaiRMMD2GIUTvLjvEMJRxP7zwYlp4 ODYFK5H7s1WksY4oasEcWUaOytvX7O3qefTHoGrszhc/iDWU9cOkL/xS52Oh5ou/rhNx LMUo5MUldI/RBreDb0+Mw1WHvQ1C9fB4yFku/ODdumf/I6urxsobNk0VVn2PEgv6opIZ c5rrtFbhc8xFjUD9m5B0LAyvQGVylLBAcKRDkqSwNXJKVK8VjA7JdmdU1wTryxf5ei90 rnsb94I2tnCNjwedbVtpnJnUfbQrI3GUuRyDvTCw06Kf3Ur5lg3W5Pz4c0G8z0AD+qOr 47mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=JD0mT4ckkienFPXQ/dMglnBNojQj5rBrrYdubpyF/sM=; b=hkchJ8pOUVssn7RLDruCAaIiPelbtEFOfRxzoQWOPyP3R6DXEf6CGhE2FNU5nCIowA RVCIv+wjYeT1p26eeFH6LQ/iw7yDAYcGGMNbfypZPpwq5ErzOXz3OY29awzQSBjkpDfT QM8pe2l5ukgqT/p7TAW21gLbFdvlSnpIHCZwWm5tPnDiRYvYF8QVXkYzMFu45hZaAdNX KMhkwy/xXViGfBzx4wVPqEfT6jR2nNEQpYPdIreygRoEbTnmWQqbKryFeoFgI/hu6zMn BRlde5iqG8P6CAV6WaWI+gFDzjYpRFZ5DmoF6+NQePm1EmJmGZ4Tl6M4oa2biIgcA6qc TJRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=EszcsdKy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q91si932708pjq.89.2021.09.27.13.53.09; Mon, 27 Sep 2021 13:53:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=EszcsdKy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236212AbhI0Uwo (ORCPT + 99 others); Mon, 27 Sep 2021 16:52:44 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:22308 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236414AbhI0Uwn (ORCPT ); Mon, 27 Sep 2021 16:52:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1632775864; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=JD0mT4ckkienFPXQ/dMglnBNojQj5rBrrYdubpyF/sM=; b=EszcsdKysQidHQio2YCBSpXbHzLy4CgLxETOBQgIw+ks/+0ZaZp2e8Fa0PPFssHFnjIks0 KENruiYBwRmdcf5rTmUyZ3Yt4tbnO3ccqvoucL3Ed34uABFnST8tgV5V3VA8icgVPknSsU uEV/K35NRtGBfONCuNxK6pYPJXOqwBQ= Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-473-7LFQhSIEN2OIpfIuJtsKzA-1; Mon, 27 Sep 2021 16:51:02 -0400 X-MC-Unique: 7LFQhSIEN2OIpfIuJtsKzA-1 Received: by mail-qk1-f199.google.com with SMTP id t2-20020a05620a450200b0045e34e4f9c7so11687460qkp.18 for ; Mon, 27 Sep 2021 13:51:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=JD0mT4ckkienFPXQ/dMglnBNojQj5rBrrYdubpyF/sM=; b=qRmRl7Gfn9HaTU/WJa9iLwQ+CSDMAG3kRrAbu1Y4kaJbMSS3w9v7QJlvyUBemLFOZD 39cfVXOA8jTYM3V5DWdoRk/Ve/sEWrp3HnUTSSm3d7/X3cjRA750cueC32uYzgtd7o79 xgO3tKOMalBVssOWwYSnGg64OWpxB1bOwbO0l8U7nLy7X8tcrq6cjquFULLg/u+/Hwgl W9uK/kYkd7HCSZNn5A8ButaUyak4jzWiKJFjYylhyqTFjdgEOiFiJTC+y9Zwfcs9Pe48 fA/2y1JkTcj9pGhx9VBV53lgbww4AfqwaildFb9RGUmHePZ4LuEdeW0EOmA2h+GJIGKf vsqw== X-Gm-Message-State: AOAM53029ZQw1CVUaQ5mYO0rGOmRQ8h1qmhVyPsET0Mf4x6/eqk8L11b H05AUJu8NiPxgjqeGiUhwBRgSLscL7I6kJ/WlZJOjvvWlESICFDPcu9pYNIaAJaFpuNavakaWq8 GBN0xmUlo9sxIWRBN3XW/c9pT X-Received: by 2002:ac8:5a4a:: with SMTP id o10mr1965121qta.61.1632775862132; Mon, 27 Sep 2021 13:51:02 -0700 (PDT) X-Received: by 2002:ac8:5a4a:: with SMTP id o10mr1965099qta.61.1632775861872; Mon, 27 Sep 2021 13:51:01 -0700 (PDT) Received: from treble ([2600:1700:6e32:6c00::15]) by smtp.gmail.com with ESMTPSA id h17sm1019186qtp.13.2021.09.27.13.50.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Sep 2021 13:51:01 -0700 (PDT) Date: Mon, 27 Sep 2021 13:50:56 -0700 From: Josh Poimboeuf To: Kees Cook Cc: Mark Rutland , Vito Caputo , Jann Horn , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Jens Axboe , Peter Zijlstra , Stefan Metzmacher , Andy Lutomirski , Lai Jiangshan , Christian Brauner , Andrew Morton , "Kenta.Tada@sony.com" , Daniel Bristot de Oliveira , Michael =?utf-8?B?V2Vpw58=?= , Anand K Mistry , Alexey Gladkov , Michal Hocko , Helge Deller , Dave Hansen , Andrea Righi , Ohhoon Kwon , Kalesh Singh , YiFei Zhu , "Eric W. Biederman" , Qi Zheng , linux-kernel@vger.kernel.org, x86@kernel.org, linux-fsdevel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] proc: Disable /proc/$pid/wchan Message-ID: <20210927205056.jjdlkof5w6fs5wzw@treble> References: <20210923233105.4045080-1-keescook@chromium.org> <20210923234917.pqrxwoq7yqnvfpwu@shells.gnugeneration.com> <20210924002230.sijoedia65hf5bj7@shells.gnugeneration.com> <202109231814.FD09DBAD3@keescook> <20210924135424.GA33573@C02TD0UTHF1T.local> <202109240716.A0792BE46@keescook> <20210927090337.GB1131@C02TD0UTHF1T.local> <202109271103.4E15FC0@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <202109271103.4E15FC0@keescook> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Sep 27, 2021 at 11:07:27AM -0700, Kees Cook wrote: > On Mon, Sep 27, 2021 at 10:03:51AM +0100, Mark Rutland wrote: > > On Fri, Sep 24, 2021 at 07:26:22AM -0700, Kees Cook wrote: > > > On Fri, Sep 24, 2021 at 02:54:24PM +0100, Mark Rutland wrote: > > > > On Thu, Sep 23, 2021 at 06:16:16PM -0700, Kees Cook wrote: > > > > > On Thu, Sep 23, 2021 at 05:22:30PM -0700, Vito Caputo wrote: > > > > > > Instead of unwinding stacks maybe the kernel should be sticking an > > > > > > entrypoint address in the current task struct for get_wchan() to > > > > > > access, whenever userspace enters the kernel? > > > > > > > > > > wchan is supposed to show where the kernel is at the instant the > > > > > get_wchan() happens. (i.e. recording it at syscall entry would just > > > > > always show syscall entry.) > > > > > > > > It's supposed to show where a blocked task is blocked; the "wait > > > > channel". > > > > > > > > I'd wanted to remove get_wchan since it requires cross-task stack > > > > walking, which is generally painful. > > > > > > Right -- this is the "fragile" part I'm worried about. > > I'd like to clarify this concern first -- is the proposed fix actually > fragile? Because I think we'd be better off just restoring behavior than > trying to invent new behavior... > > i.e. Josh, Jann, do you see any issues with Qi Zheng's fix here: > https://lore.kernel.org/all/20210924062006.231699-4-keescook@chromium.org/ Even with that patch, it doesn't lock the task's runqueue before reading the stack, so there's still the possibility of the task running on another CPU and the unwinder going off the rails a bit, which might be used by an attacker in creative ways similar to the /proc//stack vulnerability Jann mentioned earlier. -- Josh