All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 04/10] proc: fix PAGE_SIZE limit of /proc/$PID/cmdline
@ 2014-07-16 21:32 Alexey Dobriyan
  2014-07-17 22:53 ` Andrew Morton
  0 siblings, 1 reply; 4+ messages in thread
From: Alexey Dobriyan @ 2014-07-16 21:32 UTC (permalink / raw)
  To: akpm; +Cc: linux-kernel

Convert /proc/$PID/cmdline to seq_file interface.

XXX

This one must be buggy.

seq_file buffer is adjustable, so userspace can execute itself
with huge command line (which can be arbitrarily long now), then read 1 byte.

Voila, whole command line now is in kmalloced/vmalloced memory.

Imposing limit is trivial but equally lame to current PAGE_SIZE limit.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---

 fs/proc/base.c |   16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -200,9 +200,17 @@ static int proc_root_link(struct dentry *dentry, struct path *path)
 	return result;
 }
 
-static int proc_pid_cmdline(struct task_struct *task, char *buffer)
+static int proc_pid_cmdline(struct seq_file *m, struct pid_namespace *ns,
+			    struct pid *pid, struct task_struct *task)
 {
-	return get_cmdline(task, buffer, PAGE_SIZE);
+	/*
+	 * Rely on struct seq_operations::show() being called once
+	 * per internal buffer allocation. See single_open(), traverse().
+	 *
+	 * Rely on internal buffer autoexpansion if it was entirely filled.
+	 */
+	m->count += get_cmdline(task, m->buf, m->size);
+	return 0;
 }
 
 static int proc_pid_auxv(struct seq_file *m, struct pid_namespace *ns,
@@ -2567,7 +2575,7 @@ static const struct pid_entry tgid_base_stuff[] = {
 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
 	ONE("syscall",    S_IRUSR, proc_pid_syscall),
 #endif
-	INF("cmdline",    S_IRUGO, proc_pid_cmdline),
+	ONE("cmdline",    S_IRUGO, proc_pid_cmdline),
 	ONE("stat",       S_IRUGO, proc_tgid_stat),
 	ONE("statm",      S_IRUGO, proc_pid_statm),
 	REG("maps",       S_IRUGO, proc_pid_maps_operations),
@@ -2903,7 +2911,7 @@ static const struct pid_entry tid_base_stuff[] = {
 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
 	ONE("syscall",   S_IRUSR, proc_pid_syscall),
 #endif
-	INF("cmdline",   S_IRUGO, proc_pid_cmdline),
+	ONE("cmdline",   S_IRUGO, proc_pid_cmdline),
 	ONE("stat",      S_IRUGO, proc_tid_stat),
 	ONE("statm",     S_IRUGO, proc_pid_statm),
 	REG("maps",      S_IRUGO, proc_tid_maps_operations),

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH 04/10] proc: fix PAGE_SIZE limit of /proc/$PID/cmdline
  2014-07-16 21:32 [PATCH 04/10] proc: fix PAGE_SIZE limit of /proc/$PID/cmdline Alexey Dobriyan
@ 2014-07-17 22:53 ` Andrew Morton
  2014-07-18 20:10   ` Alexey Dobriyan
  0 siblings, 1 reply; 4+ messages in thread
From: Andrew Morton @ 2014-07-17 22:53 UTC (permalink / raw)
  To: Alexey Dobriyan; +Cc: linux-kernel

On Thu, 17 Jul 2014 00:32:47 +0300 Alexey Dobriyan <adobriyan@gmail.com> wrote:

> Convert /proc/$PID/cmdline to seq_file interface.
> 
> XXX

Unsure what XXX signifies.

> This one must be buggy.
> 
> seq_file buffer is adjustable, so userspace can execute itself
> with huge command line (which can be arbitrarily long now), then read 1 byte.
> 
> Voila, whole command line now is in kmalloced/vmalloced memory.
> 
> Imposing limit is trivial but equally lame to current PAGE_SIZE limit.

Confused. Why send the patch if you don't like it?

Why not go ahead and impose the PAGE_SIZE limit?

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH 04/10] proc: fix PAGE_SIZE limit of /proc/$PID/cmdline
  2014-07-17 22:53 ` Andrew Morton
@ 2014-07-18 20:10   ` Alexey Dobriyan
  2014-07-18 20:12     ` [PATCH v2 04/10] proc: convert /proc/$PID/cmdline to seq_file interface Alexey Dobriyan
  0 siblings, 1 reply; 4+ messages in thread
From: Alexey Dobriyan @ 2014-07-18 20:10 UTC (permalink / raw)
  To: Andrew Morton; +Cc: linux-kernel

On Thu, Jul 17, 2014 at 03:53:46PM -0700, Andrew Morton wrote:
> On Thu, 17 Jul 2014 00:32:47 +0300 Alexey Dobriyan <adobriyan@gmail.com> wrote:
> 
> > Convert /proc/$PID/cmdline to seq_file interface.
> > 
> > XXX
> 
> Unsure what XXX signifies.
> 
> > This one must be buggy.
> > 
> > seq_file buffer is adjustable, so userspace can execute itself
> > with huge command line (which can be arbitrarily long now), then read 1 byte.
> > 
> > Voila, whole command line now is in kmalloced/vmalloced memory.
> > 
> > Imposing limit is trivial but equally lame to current PAGE_SIZE limit.
> 
> Confused. Why send the patch if you don't like it?
> 
> Why not go ahead and impose the PAGE_SIZE limit?

I thought someone smarter than me would suggest what to do.

Please replace with v2.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH v2 04/10] proc: convert /proc/$PID/cmdline to seq_file interface
  2014-07-18 20:10   ` Alexey Dobriyan
@ 2014-07-18 20:12     ` Alexey Dobriyan
  0 siblings, 0 replies; 4+ messages in thread
From: Alexey Dobriyan @ 2014-07-18 20:12 UTC (permalink / raw)
  To: Andrew Morton; +Cc: linux-kernel

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---

 fs/proc/base.c |   15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -200,9 +200,16 @@ static int proc_root_link(struct dentry *dentry, struct path *path)
 	return result;
 }
 
-static int proc_pid_cmdline(struct task_struct *task, char *buffer)
+static int proc_pid_cmdline(struct seq_file *m, struct pid_namespace *ns,
+			    struct pid *pid, struct task_struct *task)
 {
-	return get_cmdline(task, buffer, PAGE_SIZE);
+	/*
+	 * Rely on struct seq_operations::show() being called once
+	 * per internal buffer allocation. See single_open(), traverse().
+	 */
+	BUG_ON(m->size < PAGE_SIZE);
+	m->count += get_cmdline(task, m->buf, PAGE_SIZE);
+	return 0;
 }
 
 static int proc_pid_auxv(struct seq_file *m, struct pid_namespace *ns,
@@ -2567,7 +2574,7 @@ static const struct pid_entry tgid_base_stuff[] = {
 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
 	ONE("syscall",    S_IRUSR, proc_pid_syscall),
 #endif
-	INF("cmdline",    S_IRUGO, proc_pid_cmdline),
+	ONE("cmdline",    S_IRUGO, proc_pid_cmdline),
 	ONE("stat",       S_IRUGO, proc_tgid_stat),
 	ONE("statm",      S_IRUGO, proc_pid_statm),
 	REG("maps",       S_IRUGO, proc_pid_maps_operations),
@@ -2903,7 +2910,7 @@ static const struct pid_entry tid_base_stuff[] = {
 #ifdef CONFIG_HAVE_ARCH_TRACEHOOK
 	ONE("syscall",   S_IRUSR, proc_pid_syscall),
 #endif
-	INF("cmdline",   S_IRUGO, proc_pid_cmdline),
+	ONE("cmdline",   S_IRUGO, proc_pid_cmdline),
 	ONE("stat",      S_IRUGO, proc_tid_stat),
 	ONE("statm",     S_IRUGO, proc_pid_statm),
 	REG("maps",      S_IRUGO, proc_tid_maps_operations),

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-07-18 20:12 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-07-16 21:32 [PATCH 04/10] proc: fix PAGE_SIZE limit of /proc/$PID/cmdline Alexey Dobriyan
2014-07-17 22:53 ` Andrew Morton
2014-07-18 20:10   ` Alexey Dobriyan
2014-07-18 20:12     ` [PATCH v2 04/10] proc: convert /proc/$PID/cmdline to seq_file interface Alexey Dobriyan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.