Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp898472pxb; Tue, 1 Feb 2022 12:43:45 -0800 (PST) X-Google-Smtp-Source: ABdhPJxglYwYHsKGXzI7c3lX/2Of6D/lGKqSJra3sBj9fJ96JzanSklPZe2Vn0oyf8YgOGJIM1kr X-Received: by 2002:a62:b618:: with SMTP id j24mr26666793pff.42.1643748225284; Tue, 01 Feb 2022 12:43:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643748225; cv=none; d=google.com; s=arc-20160816; b=PcYS/IgwEo8P9+iBt3wy+sW9N80rhcqMFOJn7n1VDzy5C35bKfyFAHr/R45hKE/IaI WddklwHoDpLBNnESxmmSI4+r2QXxho98uutGhM8u2GVOOpK+FoYPHlgi5cD2L6TBOb5w zy12VvqLHQWRi1htWZnMRqJpMiB5/bTM8ajR0hdHnCVOXhR9i2t6J2XwzWKcdgzsMlyQ nAPLxWRrN0DhbfvU1WOGCKwacKy/SuNHddMbYGT3vK2TonXmO2AEVT9SsRj8egMWe6JJ eq7c0tEBehpbj1yiQy65SOXPR/eAAW2YY2N7Oz4M1GRsMleFZHE9sxF1n0e2bq1HK2a4 RmsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=SWKHA8z1T+IQg2WL4tmHX2m9L8W9wYIGkhxbRUKM3Rg=; b=kOg5O1F8aEhll5ZUJ2VlFAyHGsplTiL8PZGQoe5psF32GLfLXjQIhr+urAgN4SeC1n mD6svcDyZPOML+jzyY0ogtIRjLyx33+8ZL/mgCeoPR29WguIEB0AwW0faaj1yHgrmMkd 5qobpjknkK/Iji0EhzVT/SoLODEE+aENa9zwt/1cFHvHQ3ACbgQcWSItVsYDKjgTEvtf VrCORlIOa/li95akb6y9UaOIEOeU/EPulJ8JmvTUv4TvU1vgDkA+h2kqoOeWARPSQKJe qLsUTbhRSJCuqElHfMchVqmbp5liFcLmnjLUILxP6mG80r6oTnCLkFmO/sK0WjOF12rO RkCg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ajPQF5B9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q3si2953426pjf.139.2022.02.01.12.43.33; Tue, 01 Feb 2022 12:43:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ajPQF5B9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1380080AbiAaQOi (ORCPT + 99 others); Mon, 31 Jan 2022 11:14:38 -0500 Received: from dfw.source.kernel.org ([139.178.84.217]:32988 "EHLO dfw.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244114AbiAaQOW (ORCPT ); Mon, 31 Jan 2022 11:14:22 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id ED6446149E; Mon, 31 Jan 2022 16:14:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4F2C5C340E8; Mon, 31 Jan 2022 16:14:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1643645661; bh=Yvsx7evK35eNpN0sVeiSMgT9bC+KI8aBrOulVEWuUyg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ajPQF5B9ScrdUEL30QTR543MJCm3m/1Js2EOp4+OP4H3LnRpu8xpOUeC1ILd6qmZf 22k28akAMUkeJLBN5OGT1W/OKZZ8ivBgeFDCP7WlQiY1Lpxv7O1HGl8zUmSrKTg10N bOjgn72QrbhdeVu7+5INs36cVLZS+o+0fCRBbtgZzqDT3VQN0ISAAblKei5E5Osvvh q5Bbwy6ulQR4RLDKF8U+knXigYy0CfF//utgGE7+5f/+6ISUIL2LMKJZvH75NglGRc 23IC1ARREs6ghCZAorFMxPpF5uaRBc+WUBt/J0WXL1jNzY9KypVzCAu7INvYwHKVr1 eDb+ptBXUf+Cg== Date: Mon, 31 Jan 2022 17:14:15 +0100 From: Christian Brauner To: Matthew Wilcox Cc: kernel test robot , Kees Cook , Ariadne Conill , 0day robot , Michael Kerrisk , Rich Felker , Eric Biederman , Alexander Viro , LKML , lkp@lists.01.org, Andrew Morton , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, stable@vger.kernel.org Subject: Re: [fs/exec] 80bd5afdd8: xfstests.generic.633.fail Message-ID: <20220131161415.wlvtsd4ecehyg3x5@wittgenstein> References: <20220127000724.15106-1-ariadne@dereferenced.org> <20220131144352.GE16385@xsang-OptiPlex-9020> <20220131150819.iuqlz3rz6q7cheap@wittgenstein> <20220131153707.oe45h7tuci2cbfuv@wittgenstein> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 31, 2022 at 03:51:21PM +0000, Matthew Wilcox wrote: > On Mon, Jan 31, 2022 at 04:37:07PM +0100, Christian Brauner wrote: > > On Mon, Jan 31, 2022 at 03:19:22PM +0000, Matthew Wilcox wrote: > > > On Mon, Jan 31, 2022 at 04:08:19PM +0100, Christian Brauner wrote: > > > > On Mon, Jan 31, 2022 at 10:43:52PM +0800, kernel test robot wrote: > > > > I can fix this rather simply in our upstream fstests with: > > > > > > > > static char *argv[] = { > > > > "", > > > > }; > > > > > > > > I guess. > > > > > > > > But doesn't > > > > > > > > static char *argv[] = { > > > > NULL, > > > > }; > > > > > > > > seem something that should work especially with execveat()? > > > > > > The problem is that the exec'ed program sees an argc of 0, which is the > > > problem we're trying to work around in the kernel (instead of leaving > > > it to ld.so to fix for suid programs). > > > > Ok, just seems a bit more intuitive for path-based exec than for > > fd-based execveat(). > > > > What's argv[0] supposed to contain in these cases? > > > > 1. execveat(fd, NULL, ..., AT_EMPTY_PATH) > > 2. execveat(fd, "my-file", ..., ) > > > > "" in both 1. and 2.? > > "" in 1. and "my-file" in 2.? > > You didn't specify argv for either of those, so I have no idea. > Programs shouldn't be assuming anything about argv[0]; it's purely > advisory. Unfortunately, some of them do. And some of them are suid. Yes, programs shouldn't assume anything about argv[0]. But a lot of programs are used to setting argv[0] to the name of the executed binary. The exec* manpages examples do this. Just looking at a random selftest, e.g. bpf/prog_tests/test_lsm.c where we find: char *CMD_ARGS[] = {"true", NULL}; execvp(CMD_ARGS[0], CMD_ARGS); I'm just wondering how common this is for execveat() because it is not as clear what the actual name of the binary is in these two examples 1. fd = open("/bin/true", ); char *CMD_ARGS[] = {"", NULL}; execveat(fd, NULL, ..., AT_EMPTY_PATH) 2. fd = open("/bin", ); char *CMD_ARGS[] = {"true", NULL}; execveat(fd, CMD_ARGS[0], CMD_ARGS 0) in other words, the changes that you see CMD_ARGS[0] == NULL for execveat() seem higher than for path-based exec. To counter that we should probably at least update the execveat() manpage with a recommendation what CMD_ARGS[0] should be set to if it isn't allowed to be set to NULL anymore. This is why was asking what argv[0] is supposed to be if the binary doesn't take any arguments.