[PATCH v4.9.y] proc: Remove empty line in /proc/self/status

[PATCH v4.9.y] proc: Remove empty line in /proc/self/status

[Guenter Roeck]

If CONFIG_SECCOMP=n, /proc/self/status includes an empty line. This causes
the iotop application to bail out with an error message.

File "/usr/local/lib64/python2.7/site-packages/iotop/data.py", line 196,
	in parse_proc_pid_status
key, value = line.split(':\t', 1)
ValueError: need more than 1 value to unpack

The problem is seen in v4.9.y but not upstream because commit af884cd4a5ae6
("proc: report no_new_privs state") has not been backported to v4.9.y.
The backport of commit fae1fa0fc6cc ("proc: Provide details on speculation
flaw mitigations") tried to address the resulting differences but was
wrong, introducing the problem.

Fixes: 51ef9af2a35b ("proc: Provide details on speculation flaw mitigations")
Cc: Kees Cook <keescook@chromium.org>
Cc: Gwendal Grignou <gwendal@chromium.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
---
This patch only applies to v4.9.y. v4.4.y also needs to be fixed (see
https://www.spinics.net/lists/stable/msg279131.html), but the fix
is slightly different. v4.14.y and later are not affected.

 fs/proc/array.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/proc/array.c b/fs/proc/array.c
index 94f83e74db24..712b44c63701 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -346,8 +346,9 @@ static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
 {
 #ifdef CONFIG_SECCOMP
 	seq_put_decimal_ull(m, "Seccomp:\t", p->seccomp.mode);
+	seq_putc(m, '\n');
 #endif
-	seq_printf(m, "\nSpeculation_Store_Bypass:\t");
+	seq_printf(m, "Speculation_Store_Bypass:\t");
 	switch (arch_prctl_spec_ctrl_get(p, PR_SPEC_STORE_BYPASS)) {
 	case -EINVAL:
 		seq_printf(m, "unknown");
-- 
2.7.4

Re: [PATCH v4.9.y] proc: Remove empty line in /proc/self/status

[Kees Cook]

On Wed, Jan 16, 2019 at 10:58 AM Guenter Roeck <linux@roeck-us.net> wrote:
>
> If CONFIG_SECCOMP=n, /proc/self/status includes an empty line. This causes
> the iotop application to bail out with an error message.
>
> File "/usr/local/lib64/python2.7/site-packages/iotop/data.py", line 196,
>         in parse_proc_pid_status
> key, value = line.split(':\t', 1)
> ValueError: need more than 1 value to unpack
>
> The problem is seen in v4.9.y but not upstream because commit af884cd4a5ae6
> ("proc: report no_new_privs state") has not been backported to v4.9.y.
> The backport of commit fae1fa0fc6cc ("proc: Provide details on speculation
> flaw mitigations") tried to address the resulting differences but was
> wrong, introducing the problem.
>
> Fixes: 51ef9af2a35b ("proc: Provide details on speculation flaw mitigations")
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Gwendal Grignou <gwendal@chromium.org>
> Signed-off-by: Guenter Roeck <linux@roeck-us.net>

Acked-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
> This patch only applies to v4.9.y. v4.4.y also needs to be fixed (see
> https://www.spinics.net/lists/stable/msg279131.html), but the fix
> is slightly different. v4.14.y and later are not affected.
>
>  fs/proc/array.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/proc/array.c b/fs/proc/array.c
> index 94f83e74db24..712b44c63701 100644
> --- a/fs/proc/array.c
> +++ b/fs/proc/array.c
> @@ -346,8 +346,9 @@ static inline void task_seccomp(struct seq_file *m, struct task_struct *p)
>  {
>  #ifdef CONFIG_SECCOMP
>         seq_put_decimal_ull(m, "Seccomp:\t", p->seccomp.mode);
> +       seq_putc(m, '\n');
>  #endif
> -       seq_printf(m, "\nSpeculation_Store_Bypass:\t");
> +       seq_printf(m, "Speculation_Store_Bypass:\t");
>         switch (arch_prctl_spec_ctrl_get(p, PR_SPEC_STORE_BYPASS)) {
>         case -EINVAL:
>                 seq_printf(m, "unknown");
> --
> 2.7.4
>


-- 
Kees Cook

Re: [PATCH v4.9.y] proc: Remove empty line in /proc/self/status

[Greg Kroah-Hartman]

On Wed, Jan 16, 2019 at 10:58:31AM -0800, Guenter Roeck wrote:
> If CONFIG_SECCOMP=n, /proc/self/status includes an empty line. This causes
> the iotop application to bail out with an error message.
> 
> File "/usr/local/lib64/python2.7/site-packages/iotop/data.py", line 196,
> 	in parse_proc_pid_status
> key, value = line.split(':\t', 1)
> ValueError: need more than 1 value to unpack
> 
> The problem is seen in v4.9.y but not upstream because commit af884cd4a5ae6
> ("proc: report no_new_privs state") has not been backported to v4.9.y.
> The backport of commit fae1fa0fc6cc ("proc: Provide details on speculation
> flaw mitigations") tried to address the resulting differences but was
> wrong, introducing the problem.
> 
> Fixes: 51ef9af2a35b ("proc: Provide details on speculation flaw mitigations")
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Gwendal Grignou <gwendal@chromium.org>
> Signed-off-by: Guenter Roeck <linux@roeck-us.net>
> ---
> This patch only applies to v4.9.y. v4.4.y also needs to be fixed (see
> https://www.spinics.net/lists/stable/msg279131.html), but the fix
> is slightly different. v4.14.y and later are not affected.

Now queued up, thanks.

greg k-h