From: "Eric W. Biederman" <ebiederm@xmission.com>
To: "Guilherme G. Piccoli" <gpiccoli@igalia.com>
Cc: Kees Cook <keescook@chromium.org>,
David Hildenbrand <david@redhat.com>,
sonicadvance1@gmail.com, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
kernel-dev@igalia.com, kernel@gpiccoli.net, oleg@redhat.com,
yzaikin@google.com, mcgrof@kernel.org, akpm@linux-foundation.org,
brauner@kernel.org, viro@zeniv.linux.org.uk, willy@infradead.org,
dave@stgolabs.net, joshua@froggi.es
Subject: Re: [RFC PATCH 0/2] Introduce a way to expose the interpreted file with binfmt_misc
Date: Mon, 13 Nov 2023 12:29:30 -0600 [thread overview]
Message-ID: <871qctwlpx.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <8dc5069f-5642-cc5b-60e0-0ed3789c780b@igalia.com> (Guilherme G. Piccoli's message of "Mon, 13 Nov 2023 14:33:13 -0300")
"Guilherme G. Piccoli" <gpiccoli@igalia.com> writes:
> On 09/10/2023 14:37, Kees Cook wrote:
>> On Fri, Oct 06, 2023 at 02:07:16PM +0200, David Hildenbrand wrote:
>>> On 07.09.23 22:24, Guilherme G. Piccoli wrote:
>>>> Currently the kernel provides a symlink to the executable binary, in the
>>>> form of procfs file exe_file (/proc/self/exe_file for example). But what
>>>> happens in interpreted scenarios (like binfmt_misc) is that such link
>>>> always points to the *interpreter*. For cases of Linux binary emulators,
>>>> like FEX [0] for example, it's then necessary to somehow mask that and
>>>> emulate the true binary path.
>>>
>>> I'm absolutely no expert on that, but I'm wondering if, instead of modifying
>>> exe_file and adding an interpreter file, you'd want to leave exe_file alone
>>> and instead provide an easier way to obtain the interpreted file.
>>>
>>> Can you maybe describe why modifying exe_file is desired (about which
>>> consumers are we worrying? ) and what exactly FEX does to handle that (how
>>> does it mask that?).
>>>
>>> So a bit more background on the challenges without this change would be
>>> appreciated.
>>
>> Yeah, it sounds like you're dealing with a process that examines
>> /proc/self/exe_file for itself only to find the binfmt_misc interpreter
>> when it was run via binfmt_misc?
>>
>> What actually breaks? Or rather, why does the process to examine
>> exe_file? I'm just trying to see if there are other solutions here that
>> would avoid creating an ambiguous interface...
>>
>
> Thanks Kees and David! Did Ryan's thorough comment addressed your
> questions? Do you have any take on the TODOs?
>
> I can maybe rebase against 6.7-rc1 and resubmit , if that makes sense!
> But would be better having the TODOs addressed, I guess.
Currently there is a mechanism in the kernel for changing
/proc/self/exe. Would that be reasonable to use in this case?
It came from the checkpoint/restart work, but given that it is already
implemented it seems like the path of least resistance to get your
binfmt_misc that wants to look like binfmt_elf to use that mechanism.
Eric
next prev parent reply other threads:[~2023-11-13 18:30 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-07 20:24 [RFC PATCH 0/2] Introduce a way to expose the interpreted file with binfmt_misc Guilherme G. Piccoli
2023-09-07 20:24 ` [RFC PATCH 1/2] binfmt_misc, fork, proc: Introduce flag to expose the interpreted binary in procfs Guilherme G. Piccoli
2023-10-10 4:31 ` kernel test robot
2023-09-07 20:24 ` [RFC PATCH 2/2] fork, procfs: Introduce /proc/self/interpreter symlink Guilherme G. Piccoli
2023-10-10 5:38 ` kernel test robot
2023-10-06 7:51 ` [RFC PATCH 0/2] Introduce a way to expose the interpreted file with binfmt_misc Guilherme G. Piccoli
2023-10-06 12:07 ` David Hildenbrand
2023-10-09 17:37 ` Kees Cook
2023-10-11 23:53 ` Ryan Houdek
2023-11-13 17:33 ` Guilherme G. Piccoli
2023-11-13 18:29 ` Eric W. Biederman [this message]
2023-11-13 19:16 ` David Hildenbrand
2023-11-14 16:11 ` Eric W. Biederman
2023-11-14 16:14 ` David Hildenbrand
2023-11-13 19:17 ` Guilherme G. Piccoli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871qctwlpx.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=dave@stgolabs.net \
--cc=david@redhat.com \
--cc=gpiccoli@igalia.com \
--cc=joshua@froggi.es \
--cc=keescook@chromium.org \
--cc=kernel-dev@igalia.com \
--cc=kernel@gpiccoli.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mcgrof@kernel.org \
--cc=oleg@redhat.com \
--cc=sonicadvance1@gmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
--cc=yzaikin@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.