* [PATCH v2] procfs: expose umask in /proc/<PID>/status
@ 2016-04-14 11:08 Richard W.M. Jones
2016-04-14 11:08 ` Richard W.M. Jones
0 siblings, 1 reply; 8+ messages in thread
From: Richard W.M. Jones @ 2016-04-14 11:08 UTC (permalink / raw)
To: linux-kernel
Cc: corbet, akpm, vbabka, mhocko, hughd, koct9i, chenhanxiao,
n-horiguchi, ross.zwisler, john.stultz, minchan, jmarchan,
hannes, nathans, andriy.shevchenko, keescook, gorcunov, joe,
linux, mingo, cmetcalf, iago, luto, linux-doc, gorcunov, fw,
walters
v1 -> v2:
- Change printf format to %#04o.
- Retest and update examples accordingly.
----------
It's not possible to read the process umask without also modifying it,
which is what umask(2) does. A library cannot read umask safely,
especially if the main program might be multithreaded.
Add a new status line ("Umask") in /proc/<PID>/status. It contains
the file mode creation mask (umask) in octal. It is only shown for
tasks which have task->fs.
For the library this allows me to read the umask from
/proc/self/status.
This patch is adapted from one originally written by Pierre Carrier:
https://lkml.org/lkml/2012/5/4/451
Example usage:
$ grep Umask /proc/1/status
Umask: 0022
$ grep Umask /proc/2/status
Umask: 0022
$ grep Umask /proc/self/status
Umask: 0022
$ umask 002
$ grep Umask /proc/self/status
Umask: 0002
Rich.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2] procfs: expose umask in /proc/<PID>/status
2016-04-14 11:08 [PATCH v2] procfs: expose umask in /proc/<PID>/status Richard W.M. Jones
@ 2016-04-14 11:08 ` Richard W.M. Jones
2016-04-14 12:34 ` Konstantin Khlebnikov
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Richard W.M. Jones @ 2016-04-14 11:08 UTC (permalink / raw)
To: linux-kernel
Cc: corbet, akpm, vbabka, mhocko, hughd, koct9i, chenhanxiao,
n-horiguchi, ross.zwisler, john.stultz, minchan, jmarchan,
hannes, nathans, andriy.shevchenko, keescook, gorcunov, joe,
linux, mingo, cmetcalf, iago, luto, linux-doc, gorcunov, fw,
walters
It's not possible to read the process umask without also modifying it,
which is what umask(2) does. A library cannot read umask safely,
especially if the main program might be multithreaded.
Add a new status line ("Umask") in /proc/<PID>/status. It contains
the file mode creation mask (umask) in octal. It is only shown for
tasks which have task->fs.
This patch is adapted from one originally written by Pierre Carrier.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
---
Documentation/filesystems/proc.txt | 1 +
fs/proc/array.c | 20 +++++++++++++++++++-
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
index 7f5607a..e8d0075 100644
--- a/Documentation/filesystems/proc.txt
+++ b/Documentation/filesystems/proc.txt
@@ -225,6 +225,7 @@ Table 1-2: Contents of the status files (as of 4.1)
TracerPid PID of process tracing this process (0 if not)
Uid Real, effective, saved set, and file system UIDs
Gid Real, effective, saved set, and file system GIDs
+ Umask file mode creation mask
FDSize number of file descriptor slots currently allocated
Groups supplementary group list
NStgid descendant namespace thread group ID hierarchy
diff --git a/fs/proc/array.c b/fs/proc/array.c
index b6c00ce..88c7de1 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -83,6 +83,7 @@
#include <linux/tracehook.h>
#include <linux/string_helpers.h>
#include <linux/user_namespace.h>
+#include <linux/fs_struct.h>
#include <asm/pgtable.h>
#include <asm/processor.h>
@@ -139,12 +140,25 @@ static inline const char *get_task_state(struct task_struct *tsk)
return task_state_array[fls(state)];
}
+static inline int get_task_umask(struct task_struct *tsk)
+{
+ struct fs_struct *fs;
+ int umask = -ENOENT;
+
+ task_lock(tsk);
+ fs = tsk->fs;
+ if (fs)
+ umask = fs->umask;
+ task_unlock(tsk);
+ return umask;
+}
+
static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *p)
{
struct user_namespace *user_ns = seq_user_ns(m);
struct group_info *group_info;
- int g;
+ int g, umask;
struct task_struct *tracer;
const struct cred *cred;
pid_t ppid, tpid = 0, tgid, ngid;
@@ -162,6 +176,10 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
ngid = task_numa_group_id(p);
cred = get_task_cred(p);
+ umask = get_task_umask(p);
+ if (umask >= 0)
+ seq_printf(m, "Umask:\t%#04o\n", umask);
+
task_lock(p);
if (p->files)
max_fds = files_fdtable(p->files)->max_fds;
--
2.7.4
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v2] procfs: expose umask in /proc/<PID>/status
2016-04-14 11:08 ` Richard W.M. Jones
@ 2016-04-14 12:34 ` Konstantin Khlebnikov
2016-04-14 12:41 ` Jerome Marchand
` (2 subsequent siblings)
3 siblings, 0 replies; 8+ messages in thread
From: Konstantin Khlebnikov @ 2016-04-14 12:34 UTC (permalink / raw)
To: Richard W.M. Jones
Cc: Linux Kernel Mailing List, Jonathan Corbet, Andrew Morton,
Vlastimil Babka, Michal Hocko, Hugh Dickins, chenhanxiao,
Naoya Horiguchi, ross.zwisler, John Stultz, Minchan Kim,
Jerome Marchand, Johannes Weiner, nathans, andriy.shevchenko,
Kees Cook, Cyrill Gorcunov, Joe Perches, linux, Ingo Molnar,
cmetcalf, iago, luto, linux-doc, Cyrill Gorcunov, fw, walters
On Thu, Apr 14, 2016 at 2:08 PM, Richard W.M. Jones <rjones@redhat.com> wrote:
> It's not possible to read the process umask without also modifying it,
> which is what umask(2) does. A library cannot read umask safely,
> especially if the main program might be multithreaded.
>
> Add a new status line ("Umask") in /proc/<PID>/status. It contains
> the file mode creation mask (umask) in octal. It is only shown for
> tasks which have task->fs.
>
> This patch is adapted from one originally written by Pierre Carrier.
>
> Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Acked-by: Konstantin Khlebnikov <koct9i@gmail.com>
> ---
> Documentation/filesystems/proc.txt | 1 +
> fs/proc/array.c | 20 +++++++++++++++++++-
> 2 files changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
> index 7f5607a..e8d0075 100644
> --- a/Documentation/filesystems/proc.txt
> +++ b/Documentation/filesystems/proc.txt
> @@ -225,6 +225,7 @@ Table 1-2: Contents of the status files (as of 4.1)
> TracerPid PID of process tracing this process (0 if not)
> Uid Real, effective, saved set, and file system UIDs
> Gid Real, effective, saved set, and file system GIDs
> + Umask file mode creation mask
> FDSize number of file descriptor slots currently allocated
> Groups supplementary group list
> NStgid descendant namespace thread group ID hierarchy
> diff --git a/fs/proc/array.c b/fs/proc/array.c
> index b6c00ce..88c7de1 100644
> --- a/fs/proc/array.c
> +++ b/fs/proc/array.c
> @@ -83,6 +83,7 @@
> #include <linux/tracehook.h>
> #include <linux/string_helpers.h>
> #include <linux/user_namespace.h>
> +#include <linux/fs_struct.h>
>
> #include <asm/pgtable.h>
> #include <asm/processor.h>
> @@ -139,12 +140,25 @@ static inline const char *get_task_state(struct task_struct *tsk)
> return task_state_array[fls(state)];
> }
>
> +static inline int get_task_umask(struct task_struct *tsk)
> +{
> + struct fs_struct *fs;
> + int umask = -ENOENT;
> +
> + task_lock(tsk);
> + fs = tsk->fs;
> + if (fs)
> + umask = fs->umask;
> + task_unlock(tsk);
> + return umask;
> +}
> +
> static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
> struct pid *pid, struct task_struct *p)
> {
> struct user_namespace *user_ns = seq_user_ns(m);
> struct group_info *group_info;
> - int g;
> + int g, umask;
> struct task_struct *tracer;
> const struct cred *cred;
> pid_t ppid, tpid = 0, tgid, ngid;
> @@ -162,6 +176,10 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
> ngid = task_numa_group_id(p);
> cred = get_task_cred(p);
>
> + umask = get_task_umask(p);
> + if (umask >= 0)
> + seq_printf(m, "Umask:\t%#04o\n", umask);
> +
> task_lock(p);
> if (p->files)
> max_fds = files_fdtable(p->files)->max_fds;
> --
> 2.7.4
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] procfs: expose umask in /proc/<PID>/status
2016-04-14 11:08 ` Richard W.M. Jones
2016-04-14 12:34 ` Konstantin Khlebnikov
@ 2016-04-14 12:41 ` Jerome Marchand
2016-04-15 13:13 ` Michal Hocko
2016-04-15 16:43 ` Kees Cook
3 siblings, 0 replies; 8+ messages in thread
From: Jerome Marchand @ 2016-04-14 12:41 UTC (permalink / raw)
To: Richard W.M. Jones, linux-kernel
Cc: corbet, akpm, vbabka, mhocko, hughd, koct9i, chenhanxiao,
n-horiguchi, ross.zwisler, john.stultz, minchan, hannes, nathans,
andriy.shevchenko, keescook, gorcunov, joe, linux, mingo,
cmetcalf, iago, luto, linux-doc, gorcunov, fw, walters
[-- Attachment #1.1: Type: text/plain, Size: 3093 bytes --]
On 04/14/2016 01:08 PM, Richard W.M. Jones wrote:
> It's not possible to read the process umask without also modifying it,
> which is what umask(2) does. A library cannot read umask safely,
> especially if the main program might be multithreaded.
>
> Add a new status line ("Umask") in /proc/<PID>/status. It contains
> the file mode creation mask (umask) in octal. It is only shown for
> tasks which have task->fs.
>
> This patch is adapted from one originally written by Pierre Carrier.
>
> Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Acked-by: Jerome Marchand <jmarchan@redhat.com>
> ---
> Documentation/filesystems/proc.txt | 1 +
> fs/proc/array.c | 20 +++++++++++++++++++-
> 2 files changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
> index 7f5607a..e8d0075 100644
> --- a/Documentation/filesystems/proc.txt
> +++ b/Documentation/filesystems/proc.txt
> @@ -225,6 +225,7 @@ Table 1-2: Contents of the status files (as of 4.1)
> TracerPid PID of process tracing this process (0 if not)
> Uid Real, effective, saved set, and file system UIDs
> Gid Real, effective, saved set, and file system GIDs
> + Umask file mode creation mask
> FDSize number of file descriptor slots currently allocated
> Groups supplementary group list
> NStgid descendant namespace thread group ID hierarchy
> diff --git a/fs/proc/array.c b/fs/proc/array.c
> index b6c00ce..88c7de1 100644
> --- a/fs/proc/array.c
> +++ b/fs/proc/array.c
> @@ -83,6 +83,7 @@
> #include <linux/tracehook.h>
> #include <linux/string_helpers.h>
> #include <linux/user_namespace.h>
> +#include <linux/fs_struct.h>
>
> #include <asm/pgtable.h>
> #include <asm/processor.h>
> @@ -139,12 +140,25 @@ static inline const char *get_task_state(struct task_struct *tsk)
> return task_state_array[fls(state)];
> }
>
> +static inline int get_task_umask(struct task_struct *tsk)
> +{
> + struct fs_struct *fs;
> + int umask = -ENOENT;
> +
> + task_lock(tsk);
> + fs = tsk->fs;
> + if (fs)
> + umask = fs->umask;
> + task_unlock(tsk);
> + return umask;
> +}
> +
> static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
> struct pid *pid, struct task_struct *p)
> {
> struct user_namespace *user_ns = seq_user_ns(m);
> struct group_info *group_info;
> - int g;
> + int g, umask;
> struct task_struct *tracer;
> const struct cred *cred;
> pid_t ppid, tpid = 0, tgid, ngid;
> @@ -162,6 +176,10 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
> ngid = task_numa_group_id(p);
> cred = get_task_cred(p);
>
> + umask = get_task_umask(p);
> + if (umask >= 0)
> + seq_printf(m, "Umask:\t%#04o\n", umask);
> +
> task_lock(p);
> if (p->files)
> max_fds = files_fdtable(p->files)->max_fds;
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] procfs: expose umask in /proc/<PID>/status
2016-04-14 11:08 ` Richard W.M. Jones
2016-04-14 12:34 ` Konstantin Khlebnikov
2016-04-14 12:41 ` Jerome Marchand
@ 2016-04-15 13:13 ` Michal Hocko
2016-04-15 13:29 ` Richard W.M. Jones
2016-04-15 16:43 ` Kees Cook
3 siblings, 1 reply; 8+ messages in thread
From: Michal Hocko @ 2016-04-15 13:13 UTC (permalink / raw)
To: Richard W.M. Jones
Cc: linux-kernel, corbet, akpm, vbabka, hughd, koct9i, chenhanxiao,
n-horiguchi, ross.zwisler, john.stultz, minchan, jmarchan,
hannes, nathans, andriy.shevchenko, keescook, gorcunov, joe,
linux, mingo, cmetcalf, iago, luto, linux-doc, gorcunov, fw,
walters
On Thu 14-04-16 12:08:15, Richard W.M. Jones wrote:
> It's not possible to read the process umask without also modifying it,
> which is what umask(2) does. A library cannot read umask safely,
> especially if the main program might be multithreaded.
It would be helpful to describe the usecase a bit better. Who needs to
read the umask and what for (e.g. what if the umask changes right after
it has been read by the 3rd party?).
I am not opposing the patch as is but this exports a new information to
the userspace and we will have to maintain it for ever, so we should
better describe the usecase.
> Add a new status line ("Umask") in /proc/<PID>/status. It contains
> the file mode creation mask (umask) in octal. It is only shown for
> tasks which have task->fs.
>
> This patch is adapted from one originally written by Pierre Carrier.
>
> Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
> ---
> Documentation/filesystems/proc.txt | 1 +
> fs/proc/array.c | 20 +++++++++++++++++++-
> 2 files changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
> index 7f5607a..e8d0075 100644
> --- a/Documentation/filesystems/proc.txt
> +++ b/Documentation/filesystems/proc.txt
> @@ -225,6 +225,7 @@ Table 1-2: Contents of the status files (as of 4.1)
> TracerPid PID of process tracing this process (0 if not)
> Uid Real, effective, saved set, and file system UIDs
> Gid Real, effective, saved set, and file system GIDs
> + Umask file mode creation mask
> FDSize number of file descriptor slots currently allocated
> Groups supplementary group list
> NStgid descendant namespace thread group ID hierarchy
> diff --git a/fs/proc/array.c b/fs/proc/array.c
> index b6c00ce..88c7de1 100644
> --- a/fs/proc/array.c
> +++ b/fs/proc/array.c
> @@ -83,6 +83,7 @@
> #include <linux/tracehook.h>
> #include <linux/string_helpers.h>
> #include <linux/user_namespace.h>
> +#include <linux/fs_struct.h>
>
> #include <asm/pgtable.h>
> #include <asm/processor.h>
> @@ -139,12 +140,25 @@ static inline const char *get_task_state(struct task_struct *tsk)
> return task_state_array[fls(state)];
> }
>
> +static inline int get_task_umask(struct task_struct *tsk)
> +{
> + struct fs_struct *fs;
> + int umask = -ENOENT;
> +
> + task_lock(tsk);
> + fs = tsk->fs;
> + if (fs)
> + umask = fs->umask;
> + task_unlock(tsk);
> + return umask;
> +}
> +
> static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
> struct pid *pid, struct task_struct *p)
> {
> struct user_namespace *user_ns = seq_user_ns(m);
> struct group_info *group_info;
> - int g;
> + int g, umask;
> struct task_struct *tracer;
> const struct cred *cred;
> pid_t ppid, tpid = 0, tgid, ngid;
> @@ -162,6 +176,10 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
> ngid = task_numa_group_id(p);
> cred = get_task_cred(p);
>
> + umask = get_task_umask(p);
> + if (umask >= 0)
> + seq_printf(m, "Umask:\t%#04o\n", umask);
> +
> task_lock(p);
> if (p->files)
> max_fds = files_fdtable(p->files)->max_fds;
> --
> 2.7.4
--
Michal Hocko
SUSE Labs
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] procfs: expose umask in /proc/<PID>/status
2016-04-15 13:13 ` Michal Hocko
@ 2016-04-15 13:29 ` Richard W.M. Jones
2016-04-15 15:52 ` Theodore Ts'o
0 siblings, 1 reply; 8+ messages in thread
From: Richard W.M. Jones @ 2016-04-15 13:29 UTC (permalink / raw)
To: Michal Hocko
Cc: linux-kernel, corbet, akpm, vbabka, hughd, koct9i, chenhanxiao,
n-horiguchi, ross.zwisler, john.stultz, minchan, jmarchan,
hannes, nathans, andriy.shevchenko, keescook, gorcunov, joe,
linux, mingo, cmetcalf, iago, luto, linux-doc, gorcunov, fw,
walters
On Fri, Apr 15, 2016 at 03:13:10PM +0200, Michal Hocko wrote:
> On Thu 14-04-16 12:08:15, Richard W.M. Jones wrote:
> > It's not possible to read the process umask without also modifying it,
> > which is what umask(2) does. A library cannot read umask safely,
> > especially if the main program might be multithreaded.
>
> It would be helpful to describe the usecase a bit better. Who needs to
> read the umask and what for (e.g. what if the umask changes right after
> it has been read by the 3rd party?).
>
> I am not opposing the patch as is but this exports a new information to
> the userspace and we will have to maintain it for ever, so we should
> better describe the usecase.
The use case is that we have endless trouble with people setting weird
umask() values (usually on the grounds of "security"), and then
everything breaking. I'm on the hook to fix these. We'd like to add
debugging to our program so we can dump out the umask in debug
reports.
Previous versions of the patch used a syscall so you could only read
your own umask. That's all I need. However there was quite a lot of
push-back from those, so this new version exports it in /proc.
See:
https://lkml.org/lkml/2016/4/13/704 [umask2]
https://lkml.org/lkml/2016/4/13/487 [getumask]
Rich.
> > Add a new status line ("Umask") in /proc/<PID>/status. It contains
> > the file mode creation mask (umask) in octal. It is only shown for
> > tasks which have task->fs.
> >
> > This patch is adapted from one originally written by Pierre Carrier.
> >
> > Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
> > ---
> > Documentation/filesystems/proc.txt | 1 +
> > fs/proc/array.c | 20 +++++++++++++++++++-
> > 2 files changed, 20 insertions(+), 1 deletion(-)
> >
> > diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
> > index 7f5607a..e8d0075 100644
> > --- a/Documentation/filesystems/proc.txt
> > +++ b/Documentation/filesystems/proc.txt
> > @@ -225,6 +225,7 @@ Table 1-2: Contents of the status files (as of 4.1)
> > TracerPid PID of process tracing this process (0 if not)
> > Uid Real, effective, saved set, and file system UIDs
> > Gid Real, effective, saved set, and file system GIDs
> > + Umask file mode creation mask
> > FDSize number of file descriptor slots currently allocated
> > Groups supplementary group list
> > NStgid descendant namespace thread group ID hierarchy
> > diff --git a/fs/proc/array.c b/fs/proc/array.c
> > index b6c00ce..88c7de1 100644
> > --- a/fs/proc/array.c
> > +++ b/fs/proc/array.c
> > @@ -83,6 +83,7 @@
> > #include <linux/tracehook.h>
> > #include <linux/string_helpers.h>
> > #include <linux/user_namespace.h>
> > +#include <linux/fs_struct.h>
> >
> > #include <asm/pgtable.h>
> > #include <asm/processor.h>
> > @@ -139,12 +140,25 @@ static inline const char *get_task_state(struct task_struct *tsk)
> > return task_state_array[fls(state)];
> > }
> >
> > +static inline int get_task_umask(struct task_struct *tsk)
> > +{
> > + struct fs_struct *fs;
> > + int umask = -ENOENT;
> > +
> > + task_lock(tsk);
> > + fs = tsk->fs;
> > + if (fs)
> > + umask = fs->umask;
> > + task_unlock(tsk);
> > + return umask;
> > +}
> > +
> > static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
> > struct pid *pid, struct task_struct *p)
> > {
> > struct user_namespace *user_ns = seq_user_ns(m);
> > struct group_info *group_info;
> > - int g;
> > + int g, umask;
> > struct task_struct *tracer;
> > const struct cred *cred;
> > pid_t ppid, tpid = 0, tgid, ngid;
> > @@ -162,6 +176,10 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
> > ngid = task_numa_group_id(p);
> > cred = get_task_cred(p);
> >
> > + umask = get_task_umask(p);
> > + if (umask >= 0)
> > + seq_printf(m, "Umask:\t%#04o\n", umask);
> > +
> > task_lock(p);
> > if (p->files)
> > max_fds = files_fdtable(p->files)->max_fds;
> > --
> > 2.7.4
>
> --
> Michal Hocko
> SUSE Labs
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] procfs: expose umask in /proc/<PID>/status
2016-04-15 13:29 ` Richard W.M. Jones
@ 2016-04-15 15:52 ` Theodore Ts'o
0 siblings, 0 replies; 8+ messages in thread
From: Theodore Ts'o @ 2016-04-15 15:52 UTC (permalink / raw)
To: Richard W.M. Jones
Cc: Michal Hocko, linux-kernel, corbet, akpm, vbabka, hughd, koct9i,
chenhanxiao, n-horiguchi, ross.zwisler, john.stultz, minchan,
jmarchan, hannes, nathans, andriy.shevchenko, keescook, gorcunov,
joe, linux, mingo, cmetcalf, iago, luto, linux-doc, gorcunov, fw,
walters
On Fri, Apr 15, 2016 at 02:29:52PM +0100, Richard W.M. Jones wrote:
>
> The use case is that we have endless trouble with people setting weird
> umask() values (usually on the grounds of "security"), and then
> everything breaking. I'm on the hook to fix these. We'd like to add
> debugging to our program so we can dump out the umask in debug
> reports.
>
> Previous versions of the patch used a syscall so you could only read
> your own umask. That's all I need. However there was quite a lot of
> push-back from those, so this new version exports it in /proc.
>
> See:
>
> https://lkml.org/lkml/2016/4/13/704 [umask2]
> https://lkml.org/lkml/2016/4/13/487 [getumask]
I think /proc is better because it's already pretty well understood
that programs like "ps" returns information which is subject to
change, even before the ps command has had a chance to print the
values. Where as I could easily see programmers who read umask via a
system call could more easily get confused about the expectations of
stability of the returned value. (This is not a strong argument,
admittedly, because the same stupid application programmer could get
confused about the stability of getuid() as well.)
The stronger argument IMHO is that you're not at the mercy of glibc
developers to add it to glibc.
- Ted
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] procfs: expose umask in /proc/<PID>/status
2016-04-14 11:08 ` Richard W.M. Jones
` (2 preceding siblings ...)
2016-04-15 13:13 ` Michal Hocko
@ 2016-04-15 16:43 ` Kees Cook
3 siblings, 0 replies; 8+ messages in thread
From: Kees Cook @ 2016-04-15 16:43 UTC (permalink / raw)
To: Richard W.M. Jones
Cc: LKML, Jonathan Corbet, Andrew Morton, Vlastimil Babka,
Michal Hocko, Hugh Dickins, Konstantin Khlebnikov, chenhanxiao,
n-horiguchi, ross.zwisler, John Stultz, Minchan Kim,
Jerome Marchand, Johannes Weiner, nathans, Andy Shevchenko,
Cyrill Gorcunov, Joe Perches, Rasmus Villemoes, Ingo Molnar,
Chris Metcalf, iago, Andy Lutomirski, linux-doc, Cyrill Gorcunov,
fw, Colin Walters
On Thu, Apr 14, 2016 at 4:08 AM, Richard W.M. Jones <rjones@redhat.com> wrote:
> It's not possible to read the process umask without also modifying it,
> which is what umask(2) does. A library cannot read umask safely,
> especially if the main program might be multithreaded.
>
> Add a new status line ("Umask") in /proc/<PID>/status. It contains
> the file mode creation mask (umask) in octal. It is only shown for
> tasks which have task->fs.
>
> This patch is adapted from one originally written by Pierre Carrier.
>
> Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
-Kees
> ---
> Documentation/filesystems/proc.txt | 1 +
> fs/proc/array.c | 20 +++++++++++++++++++-
> 2 files changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/filesystems/proc.txt b/Documentation/filesystems/proc.txt
> index 7f5607a..e8d0075 100644
> --- a/Documentation/filesystems/proc.txt
> +++ b/Documentation/filesystems/proc.txt
> @@ -225,6 +225,7 @@ Table 1-2: Contents of the status files (as of 4.1)
> TracerPid PID of process tracing this process (0 if not)
> Uid Real, effective, saved set, and file system UIDs
> Gid Real, effective, saved set, and file system GIDs
> + Umask file mode creation mask
> FDSize number of file descriptor slots currently allocated
> Groups supplementary group list
> NStgid descendant namespace thread group ID hierarchy
> diff --git a/fs/proc/array.c b/fs/proc/array.c
> index b6c00ce..88c7de1 100644
> --- a/fs/proc/array.c
> +++ b/fs/proc/array.c
> @@ -83,6 +83,7 @@
> #include <linux/tracehook.h>
> #include <linux/string_helpers.h>
> #include <linux/user_namespace.h>
> +#include <linux/fs_struct.h>
>
> #include <asm/pgtable.h>
> #include <asm/processor.h>
> @@ -139,12 +140,25 @@ static inline const char *get_task_state(struct task_struct *tsk)
> return task_state_array[fls(state)];
> }
>
> +static inline int get_task_umask(struct task_struct *tsk)
> +{
> + struct fs_struct *fs;
> + int umask = -ENOENT;
> +
> + task_lock(tsk);
> + fs = tsk->fs;
> + if (fs)
> + umask = fs->umask;
> + task_unlock(tsk);
> + return umask;
> +}
> +
> static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
> struct pid *pid, struct task_struct *p)
> {
> struct user_namespace *user_ns = seq_user_ns(m);
> struct group_info *group_info;
> - int g;
> + int g, umask;
> struct task_struct *tracer;
> const struct cred *cred;
> pid_t ppid, tpid = 0, tgid, ngid;
> @@ -162,6 +176,10 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
> ngid = task_numa_group_id(p);
> cred = get_task_cred(p);
>
> + umask = get_task_umask(p);
> + if (umask >= 0)
> + seq_printf(m, "Umask:\t%#04o\n", umask);
> +
> task_lock(p);
> if (p->files)
> max_fds = files_fdtable(p->files)->max_fds;
> --
> 2.7.4
>
--
Kees Cook
Chrome OS & Brillo Security
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-04-15 16:43 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-14 11:08 [PATCH v2] procfs: expose umask in /proc/<PID>/status Richard W.M. Jones
2016-04-14 11:08 ` Richard W.M. Jones
2016-04-14 12:34 ` Konstantin Khlebnikov
2016-04-14 12:41 ` Jerome Marchand
2016-04-15 13:13 ` Michal Hocko
2016-04-15 13:29 ` Richard W.M. Jones
2016-04-15 15:52 ` Theodore Ts'o
2016-04-15 16:43 ` Kees Cook
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.