Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp900685pxb; Tue, 1 Feb 2022 12:46:30 -0800 (PST) X-Google-Smtp-Source: ABdhPJym611aZVlGvmRv+hf/ELj+EFYus5t0XWPYKVCvOBHsufy13JFSLghhbpuAwGOVNzyoLbdz X-Received: by 2002:a05:6a00:158c:: with SMTP id u12mr26471482pfk.18.1643748390618; Tue, 01 Feb 2022 12:46:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643748390; cv=none; d=google.com; s=arc-20160816; b=GoZ7juN3+0kC6r1q2ehfPByWOzX7YaGFoB9LWcDDyBijwLfOVdiTb9OX356XFZNBBX RxCDrOlUUzsO4Uk6fDuUBYHftO1CvDAzZcIEonWqpIIK5EzAhyNzyjFI4XlD4eP/cFbV fRunfSfoa+h1GCIL2unuT6ux4kjgRB4qH9mxyPbwK99qZh3rBbPh2RoLKw+QeCbE3u8W IM2RPOJCG0oxcRtX41GMJpc9TTiBsrsWCP8nizJV+VvM+VTDFNG1VGXGjsSBYiCuMaNe hVvBmo42LBh0N1cFvflyaLWyY/nH31Nfh+hYxP1v8vgwSIfrEh9rGP2Of14pBKDRqwcJ qRMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=CXu8u+S+H4pFfiMC6rUzcJnnvE8utuBt5d1uoMd9W7I=; b=m5C7I+UX1HxNrP945KjKeVGyA6fnu26d9B+7kwU6ww47PdoeU8ftDVpN6ptdqzmFLz 0HKnvoxTQqIT2VnNSoOSBIG59ZhGkCcFVn5BPaUQL1+lmLU3eE8gR2g1PbilFClWD+LM sbBNDdQTTpTqULVLB6JYebAGQZ4gJ+orEx1Zeip1HpdnMx2syrUOUFzEuUyDepfcPWrw YPTIBAjxiasbEeUFa5QMl/AWCVMKE1Z/jAf6EQ2VJ9L3I++XRg/WgqlIWvvkRG/m0It2 0aIiYR/DWalpxdaY/Lfq7XCzCMffcKhC0Mdytxyg9IlxJgMgQNxnZrAN7yy9sjAL13/L jPrg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GuIJTFxO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x5si11535884plb.543.2022.02.01.12.46.18; Tue, 01 Feb 2022 12:46:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=GuIJTFxO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1380801AbiAaRNy (ORCPT + 99 others); Mon, 31 Jan 2022 12:13:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46814 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1380790AbiAaRNx (ORCPT ); Mon, 31 Jan 2022 12:13:53 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1F0BC061714; Mon, 31 Jan 2022 09:13:52 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 603CDB82B94; Mon, 31 Jan 2022 17:13:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2BB62C340E8; Mon, 31 Jan 2022 17:13:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1643649230; bh=QKbhQb3UR1s6+IgkObzqyN3XT/7OqGbzgTX3Keth7eU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=GuIJTFxO4zIqV3Ue8ez89NoOPQonTyZdASpGL7OeQhz0tgABjROgoYmD+xU4qYCGg wLupSkWO7cLALEoh7n5XvVAPb5YWadFTYuYuV48XYJtV5Kf7tsTKXHwgYKaeiJaD2B /z+mTlSvVU/154uBGS8Y3UrfLAtMc60HvnrTsDGZGN/h0bFvPN15VdsZmCWaztUG6U p64MjOHVX1wWhJicWMsjPH4NA1pXt0/5pn2d1vAHZs9KXntwZqGqa8uzNyrhOTchVo RhlXwSaux/U0LJoS/dAs2UlR/gtDGR8nTfpsb7Jwspip6WYCbkssxEmv0aVksj/l2E T/gD2LdV1kXlA== Date: Mon, 31 Jan 2022 18:13:44 +0100 From: Christian Brauner To: Matthew Wilcox Cc: kernel test robot , Kees Cook , Ariadne Conill , 0day robot , Michael Kerrisk , Rich Felker , Eric Biederman , Alexander Viro , LKML , lkp@lists.01.org, Andrew Morton , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, stable@vger.kernel.org Subject: Re: [fs/exec] 80bd5afdd8: xfstests.generic.633.fail Message-ID: <20220131171344.77iifun5wdilbqdz@wittgenstein> References: <20220127000724.15106-1-ariadne@dereferenced.org> <20220131144352.GE16385@xsang-OptiPlex-9020> <20220131150819.iuqlz3rz6q7cheap@wittgenstein> <20220131153707.oe45h7tuci2cbfuv@wittgenstein> <20220131161415.wlvtsd4ecehyg3x5@wittgenstein> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20220131161415.wlvtsd4ecehyg3x5@wittgenstein> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 31, 2022 at 05:14:15PM +0100, Christian Brauner wrote: > On Mon, Jan 31, 2022 at 03:51:21PM +0000, Matthew Wilcox wrote: > > On Mon, Jan 31, 2022 at 04:37:07PM +0100, Christian Brauner wrote: > > > On Mon, Jan 31, 2022 at 03:19:22PM +0000, Matthew Wilcox wrote: > > > > On Mon, Jan 31, 2022 at 04:08:19PM +0100, Christian Brauner wrote: > > > > > On Mon, Jan 31, 2022 at 10:43:52PM +0800, kernel test robot wrote: > > > > > I can fix this rather simply in our upstream fstests with: > > > > > > > > > > static char *argv[] = { > > > > > "", > > > > > }; > > > > > > > > > > I guess. > > > > > > > > > > But doesn't > > > > > > > > > > static char *argv[] = { > > > > > NULL, > > > > > }; > > > > > > > > > > seem something that should work especially with execveat()? > > > > > > > > The problem is that the exec'ed program sees an argc of 0, which is the > > > > problem we're trying to work around in the kernel (instead of leaving > > > > it to ld.so to fix for suid programs). > > > > > > Ok, just seems a bit more intuitive for path-based exec than for > > > fd-based execveat(). > > > > > > What's argv[0] supposed to contain in these cases? > > > > > > 1. execveat(fd, NULL, ..., AT_EMPTY_PATH) > > > 2. execveat(fd, "my-file", ..., ) > > > > > > "" in both 1. and 2.? > > > "" in 1. and "my-file" in 2.? > > > > You didn't specify argv for either of those, so I have no idea. > > Programs shouldn't be assuming anything about argv[0]; it's purely > > advisory. Unfortunately, some of them do. And some of them are suid. > > Yes, programs shouldn't assume anything about argv[0]. But a lot of > programs are used to setting argv[0] to the name of the executed binary. > The exec* manpages examples do this. Just looking at a random selftest, e.g. > > bpf/prog_tests/test_lsm.c > > where we find: > > char *CMD_ARGS[] = {"true", NULL}; > execvp(CMD_ARGS[0], CMD_ARGS); > > I'm just wondering how common this is for execveat() because it is not > as clear what the actual name of the binary is in these two examples > > 1. > fd = open("/bin/true", ); > char *CMD_ARGS[] = {"", NULL}; > execveat(fd, NULL, ..., AT_EMPTY_PATH) > > 2. > fd = open("/bin", ); > char *CMD_ARGS[] = {"true", NULL}; > execveat(fd, CMD_ARGS[0], CMD_ARGS 0) > > in other words, the changes that you see CMD_ARGS[0] == NULL for > execveat() seem higher than for path-based exec. > > To counter that we should probably at least update the execveat() > manpage with a recommendation what CMD_ARGS[0] should be set to if it > isn't allowed to be set to NULL anymore. This is why was asking what > argv[0] is supposed to be if the binary doesn't take any arguments. Sent a fix to our fstests now replacing the argv[0] as NULL with "".