From patchwork Tue Sep 24 14:10:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tycho Andersen X-Patchwork-Id: 13810999 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF7F0CF9C6B for ; Tue, 24 Sep 2024 14:10:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3A6CC6B00A6; Tue, 24 Sep 2024 10:10:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 356A56B00A7; Tue, 24 Sep 2024 10:10:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1F7686B00A8; Tue, 24 Sep 2024 10:10:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id EFE146B00A6 for ; Tue, 24 Sep 2024 10:10:55 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 7A95F1C75B9 for ; Tue, 24 Sep 2024 14:10:55 +0000 (UTC) X-FDA: 82599818070.22.223537B Received: from fout-a5-smtp.messagingengine.com (fout-a5-smtp.messagingengine.com [103.168.172.148]) by imf13.hostedemail.com (Postfix) with ESMTP id 6257920006 for ; Tue, 24 Sep 2024 14:10:52 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=tycho.pizza header.s=fm1 header.b="kgb/UtcD"; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=g2HqVTqL; dmarc=none; spf=pass (imf13.hostedemail.com: domain of tycho@tycho.pizza designates 103.168.172.148 as permitted sender) smtp.mailfrom=tycho@tycho.pizza ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727187037; a=rsa-sha256; cv=none; b=jj3/rkzaHtbv2L2MRMiUyHAW4ByEzCtxBu9XZQDqrs+SjxKZ+WKrBN3vI2v4g1MfYTN9wx i32pkfhedVizmXgqFiAHCqG5oLesVAudxtsoHRXZPznFPjh6ZmugxyGO8U67AH3PiRqyTS A2kwBwZQmKssTXByXX8BTVGjh21RfOw= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=tycho.pizza header.s=fm1 header.b="kgb/UtcD"; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=g2HqVTqL; dmarc=none; spf=pass (imf13.hostedemail.com: domain of tycho@tycho.pizza designates 103.168.172.148 as permitted sender) smtp.mailfrom=tycho@tycho.pizza ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727187037; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=BmNudCcPUMExrTG7jtodHLWWbD8+3DLdgabiD4b+0DM=; b=UCC0t12ByLLFLGYZnMuhLPS7lmDkDHswZm1RgzER++7lTU7IvOdgimktwqKBDKhtoaMJKW /KP0GngH62L2YHbQahDp1BZJT+uN8UKZsF+4msZdtg8/YviEsCSM4PqC0qgDg1IOk9ic0M svA4MLHYk3IObpyc1gP62HI/zp3V3ME= Received: from phl-compute-09.internal (phl-compute-09.phl.internal [10.202.2.49]) by mailfout.phl.internal (Postfix) with ESMTP id 9BF1813800C5; Tue, 24 Sep 2024 10:10:51 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-09.internal (MEProxy); Tue, 24 Sep 2024 10:10:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.pizza; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1727187051; x=1727273451; bh=Bm NudCcPUMExrTG7jtodHLWWbD8+3DLdgabiD4b+0DM=; b=kgb/UtcDTPZ0Yf4zoX C6KyHCptn0rYO7ROZlMts9/dqx/dl7/h730DzFPfmaX57JfKNcRZ9TnD8IPWwrmQ evTa4HaSmztkte6f5N0wdbx4rqjQny8cTtAdy4Io4g6E6CXUYKkBj9cbJbmJ2j7p Ze+48DHIqdD/W0Ub970jwqSbmyp0JTPMx3ZGYpK0PsdPcMFPLixUfJyI54gaNK7w pFL5Z8adDQ+d2sWaYJDIAoBGhBcpXP39GYBoylPjees5ObStnzKxG+QUd6+gBrfL jf72zxtbhEHdJ4AFz81mzs/dtJf+1ICjNuTTvDhvAx+kcgrAxtXRnPBBJLEhvRFZ sgYg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1727187051; x=1727273451; bh=BmNudCcPUMExr TG7jtodHLWWbD8+3DLdgabiD4b+0DM=; b=g2HqVTqLftczY2ubxtNaKxmuTOmyY da90KGFdzxsNeJnzFAOaLOQ+WqAQi2DdPRyK6muvnQXRJPVoT70AHv3kL/KGRSMB CFlzL88/0wfWGnlHrLUfoYlvyQLuLaRz8Gg5E5GgMvmIkrOQv9VGPYIOculDDzs8 pFhxZB0B3u4VAiW5QMZy89lrc6ZgWwqrFvoW1VGS1jEX5bjneCzk+QV6Pwc6yPWh 21Mo9mzBgv4wr6JDHF4QGNU4JC1n21lSwD4v3yDB5M6uGMTOyFmwJkjoRTQPjV0E CtOg/ApUZ0A7EpaA8sNPqpexGo76CayCG8V8Ji126k3dZEEHJm58IvNUg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvddtfedguddtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhephffvvefufffkofggtgfgsehtkeertdertdejnecu hfhrohhmpefvhigthhhoucetnhguvghrshgvnhcuoehthigthhhosehthigthhhordhpih iiiigrqeenucggtffrrghtthgvrhhnpeeujeevvdelueeuuedvvdekvdetieehkefgfeet lefhvdeikeevveejvdfgteehieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpehthigthhhosehthigthhhordhpihiiiigrpdhnsggprhgtphht thhopeduhedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepvhhirhhoseiivghnih hvrdhlihhnuhigrdhorhhgrdhukhdprhgtphhtthhopegsrhgruhhnvghrsehkvghrnhgv lhdrohhrghdprhgtphhtthhopehjrggtkhesshhushgvrdgtiidprhgtphhtthhopegvsg hivgguvghrmhesgihmihhsshhiohhnrdgtohhmpdhrtghpthhtohepkhgvvghssehkvghr nhgvlhdrohhrghdprhgtphhtthhopehjlhgrhihtohhnsehkvghrnhgvlhdrohhrghdprh gtphhtthhopegthhhutghkrdhlvghvvghrsehorhgrtghlvgdrtghomhdprhgtphhtthho pegrlhgvgidrrghrihhnghesghhmrghilhdrtghomhdprhgtphhtthhopehlihhnuhigqd hfshguvghvvghlsehvghgvrhdrkhgvrhhnvghlrdhorhhg X-ME-Proxy: Feedback-ID: i21f147d5:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 24 Sep 2024 10:10:48 -0400 (EDT) From: Tycho Andersen To: Alexander Viro , Christian Brauner , Jan Kara , Eric Biederman , Kees Cook , Jeff Layton , Chuck Lever , Alexander Aring Cc: linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Tycho Andersen , Tycho Andersen , =?utf-8?q?Zbigniew_J=C4=99drzejewsk?= =?utf-8?q?i-Szmek?= , Aleksa Sarai Subject: [RFC] exec: add a flag for "reasonable" execveat() comm Date: Tue, 24 Sep 2024 08:10:01 -0600 Message-Id: <20240924141001.116584-1-tycho@tycho.pizza> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Rspam-User: X-Stat-Signature: yrreqm4sixq9xkh13s5meoiwr3r9jeq8 X-Rspamd-Queue-Id: 6257920006 X-Rspamd-Server: rspam02 X-HE-Tag: 1727187052-446323 X-HE-Meta: U2FsdGVkX19su78hwKDSV3NRZl9lHYzGJpKWPyM4SeWFrL1iL13TyOSiMRtUVAK/iXa0rtY1mNMz+pTfKKW+bypO4D7gDi++ZA8Ka9Xza7uQiqXDboD0iLX0IWKX612Jkodtw6yDhiXiWd7A3PJbNlQDPahidyis0AohkM1ZxoeP/KSvxVm/7bnFXrNiMHrR9lVj6VU2STTce+VjUI7E6Fk05VRmNmWfOSuYMMxMHhry1eccQBrVKfhv72pGHpT28imRDq4sIw+KMpqXiG6w3ROQ9tcvctmjx7YhHghabO5uz4E2TabnPkYptwHekS0668SeFWa+xlbh7zSFCEOORn295PQPJRXQQHEbamCyZuDP/ks4MChSD8HlPzEjj9MlOToxr1nTA5H7L3tbEhrNfyzNr17n30qLcKjg5/bMuvUriuCkrfT30rzucjiJaKGMeUW45EfqPKkz8ydhxov36yIcLpnT4fq/2HiMiCPOOPAL9ECftXJ0EocdW3Wak1p5qqS/BKRpeS5zBim2pw7cZ/njEx4I1OjJP0uwrtQbJjugbppCN0W9KXPbxk+2PdoW9Dwp3t3aqKGZKB82puZiddhOaOpw+SdVp4p+jJbpw6SeOm6RSccTs5zeNLwxI4wJuprfyR3TPc8gHhwvoi6xtXGJ6AYxrgMSv4ANq1fAcTmbv3fCWpSTWncoVx/0FjPtfRvUxgGV95sY6b7cQuCZum7f2dlLasxq+/QE+1PrbKczYOn7dguqyS1c55DUOEKlBEHPTaHuKvGBgzRHRG/yFLv7G541XoiNzKTb8AdvXy43d+m33lnN00k7zsMUT+njkHyIXx9LWavp4ViJ1PPCzlu9k776NCyf29KD4BPO9NHY5KM9tYOo++KciQYf9DMMSXs+AG95Dus996Gg8G1B71xTeBRZ7vgOYFkc/vLWvL7LNnFs1h6v8k+yTEiOA3fIw28d3qQjgAhhvQp+bub aHK5y6/m MeIGtqHwyLMp1s23tz/GaEVv7oX1Iqhj2pBMUgq/mut8Bm6Ol0PzEnGKWDjKK5esCgAiJ2gSUqanwN70xoWa22ucT+USWa9H3Zkx0O5JRZez/K2V0Z7CcNBb03gdMvZUTenMD3Z0CDeaUfR+7llc9aT9fPfkhEIUfFSzKdDTk9q0TmSGeCProoe6R5+cTXTLeZ/g+T64NCqdy913Joic/3YzfdjyaVbqWbjmcvgC4qIm+MR2WrRPECemHOOHYslvfv+2Cp5p+m4AnlR33mZfSxMV+IcpFdilgQ3I403crrgw1AXK9OicyjHEbSKbx1LTO6niKjww8zbrqYx8LBM5FAqxF1Odd1GFIwu39kKBvIN9pQ/BesOK9zQ3dtK0IBbYQ9mDMzLYpXRXAeIhUFnJAhQC7yFpuhgxxfZMFfl3Gybrx7DV6qX3G9GYwpc83QtFQtFsX X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Tycho Andersen Zbigniew mentioned at Linux Plumber's that systemd is interested in switching to execveat() for service execution, but can't, because the contents of /proc/pid/comm are the file descriptor which was used, instead of the path to the binary. This makes the output of tools like top and ps useless, especially in a world where most fds are opened CLOEXEC so the number is truly meaningless. This patch adds an AT_ flag to fix up /proc/pid/comm to instead be the contents of argv[0], instead of the fdno. Signed-off-by: Tycho Andersen Suggested-by: Zbigniew Jędrzejewski-Szmek CC: Aleksa Sarai --- There is some question about what to name the flag; it seems to me that "everyone wants this" instead of the fdno, but probably "REASONABLE" is not a good choice. Also, requiring the arg to alloc_bprm() is a bit ugly: kernel-based execs will never use this, so they just have to pass an empty thing. We could introduce a bprm_fixup_comm() to do the munging there, but then the code paths start to diverge, which is maybe not nice. I left it this way because this is the smallest patch in terms of size, but I'm happy to change it. Finally, here is a small set of test programs, I'm happy to turn them into kselftests if we agree on an API #include #include #include #include #include #include int main(void) { int fd; char buf[128]; fd = open("/proc/self/comm", O_RDONLY); if (fd < 0) { perror("open comm"); exit(1); } if (read(fd, buf, 128) < 0) { perror("read"); exit(1); } printf("comm: %s", buf); exit(0); } #define _GNU_SOURCE #include #include #include #include #include #include #include #include #ifndef AT_EMPTY_PATH #define AT_EMPTY_PATH 0x1000 /* Allow empty relative */ #endif #ifndef AT_EXEC_REASONABLE_COMM #define AT_EXEC_REASONABLE_COMM 0x200 #endif int main(int argc, char *argv[]) { pid_t pid; int status; bool wants_reasonable_comm = argc > 1; pid = fork(); if (pid < 0) { perror("fork"); exit(1); } if (pid == 0) { int fd; long ret, flags; fd = open("./catprocselfcomm", O_PATH); if (fd < 0) { perror("open catprocselfname"); exit(1); } flags = AT_EMPTY_PATH; if (wants_reasonable_comm) flags |= AT_EXEC_REASONABLE_COMM; syscall(__NR_execveat, fd, "", (char *[]){"./catprocselfcomm", NULL}, NULL, flags); fprintf(stderr, "execveat failed %d\n", errno); exit(1); } if (waitpid(pid, &status, 0) != pid) { fprintf(stderr, "wrong child\n"); exit(1); } if (!WIFEXITED(status)) { fprintf(stderr, "exit status %x\n", status); exit(1); } if (WEXITSTATUS(status) != 0) { fprintf(stderr, "child failed\n"); exit(1); } return 0; } --- fs/exec.c | 22 ++++++++++++++++++---- include/uapi/linux/fcntl.h | 3 ++- 2 files changed, 20 insertions(+), 5 deletions(-) base-commit: baeb9a7d8b60b021d907127509c44507539c15e5 diff --git a/fs/exec.c b/fs/exec.c index dad402d55681..36434feddb7b 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1569,11 +1569,15 @@ static void free_bprm(struct linux_binprm *bprm) kfree(bprm); } -static struct linux_binprm *alloc_bprm(int fd, struct filename *filename, int flags) +static struct linux_binprm *alloc_bprm(int fd, struct filename *filename, + struct user_arg_ptr argv, int flags) { struct linux_binprm *bprm; struct file *file; int retval = -ENOMEM; + bool needs_comm_fixup = flags & AT_EXEC_REASONABLE_COMM; + + flags &= ~AT_EXEC_REASONABLE_COMM; file = do_open_execat(fd, filename, flags); if (IS_ERR(file)) @@ -1590,11 +1594,20 @@ static struct linux_binprm *alloc_bprm(int fd, struct filename *filename, int fl if (fd == AT_FDCWD || filename->name[0] == '/') { bprm->filename = filename->name; } else { - if (filename->name[0] == '\0') + if (needs_comm_fixup) { + const char __user *p = get_user_arg_ptr(argv, 0); + + retval = -EFAULT; + if (!p) + goto out_free; + + bprm->fdpath = strndup_user(p, MAX_ARG_STRLEN); + } else if (filename->name[0] == '\0') bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d", fd); else bprm->fdpath = kasprintf(GFP_KERNEL, "/dev/fd/%d/%s", fd, filename->name); + retval = -ENOMEM; if (!bprm->fdpath) goto out_free; @@ -1969,7 +1982,7 @@ static int do_execveat_common(int fd, struct filename *filename, * further execve() calls fail. */ current->flags &= ~PF_NPROC_EXCEEDED; - bprm = alloc_bprm(fd, filename, flags); + bprm = alloc_bprm(fd, filename, argv, flags); if (IS_ERR(bprm)) { retval = PTR_ERR(bprm); goto out_ret; @@ -2034,6 +2047,7 @@ int kernel_execve(const char *kernel_filename, struct linux_binprm *bprm; int fd = AT_FDCWD; int retval; + struct user_arg_ptr user_argv = {}; /* It is non-sense for kernel threads to call execve */ if (WARN_ON_ONCE(current->flags & PF_KTHREAD)) @@ -2043,7 +2057,7 @@ int kernel_execve(const char *kernel_filename, if (IS_ERR(filename)) return PTR_ERR(filename); - bprm = alloc_bprm(fd, filename, 0); + bprm = alloc_bprm(fd, filename, user_argv, 0); if (IS_ERR(bprm)) { retval = PTR_ERR(bprm); goto out_ret; diff --git a/include/uapi/linux/fcntl.h b/include/uapi/linux/fcntl.h index 87e2dec79fea..7178d1e4a3de 100644 --- a/include/uapi/linux/fcntl.h +++ b/include/uapi/linux/fcntl.h @@ -100,7 +100,8 @@ /* Reserved for per-syscall flags 0xff. */ #define AT_SYMLINK_NOFOLLOW 0x100 /* Do not follow symbolic links. */ -/* Reserved for per-syscall flags 0x200 */ +#define AT_EXEC_REASONABLE_COMM 0x200 /* Use argv[0] for comm in + execveat */ #define AT_SYMLINK_FOLLOW 0x400 /* Follow symbolic links. */ #define AT_NO_AUTOMOUNT 0x800 /* Suppress terminal automount traversal. */