From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mm-commits-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0418EC07E95
	for <mm-commits@archiver.kernel.org>; Fri,  2 Jul 2021 19:00:32 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id E253C6141D
	for <mm-commits@archiver.kernel.org>; Fri,  2 Jul 2021 19:00:31 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230193AbhGBTDD (ORCPT <rfc822;mm-commits@archiver.kernel.org>);
        Fri, 2 Jul 2021 15:03:03 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44946 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230127AbhGBTDD (ORCPT
        <rfc822;mm-commits@vger.kernel.org>); Fri, 2 Jul 2021 15:03:03 -0400
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C33CAC061762
        for <mm-commits@vger.kernel.org>; Fri,  2 Jul 2021 12:00:29 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id r20so19144ljd.10
        for <mm-commits@vger.kernel.org>; Fri, 02 Jul 2021 12:00:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=atEbqDv+e/wpi1BSg3HZbvigb6Fs3eD+eWqGWV43rpE=;
        b=Zs1daiUnEBZt/PaOoN7ikcf1ja9Zmm89Dl9RsGqJY5Ho1W6CnXm3tnu4ieJviKXxx/
         oLUGNNI1bKPKhhRnjBLNOIyoM6jr6DEsRIsvlBjd4Kfrj0CLioM8qknZ2uLNLVSo8XaK
         w9pXJy02dvnXH5eZZEv+Z3DDxlCY3+vyYWREU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=atEbqDv+e/wpi1BSg3HZbvigb6Fs3eD+eWqGWV43rpE=;
        b=JOnlniL2fLjLxoCtuasJ/X7M4Ah4l8rDMsElyLnUfyiTZmSEV/iM5DMDrdEQPpfV7q
         3QzmLpiX/9wRAf/97j6JOHebxCNkQoThLcnAWO6jIL8OvuP6fsGXmh2DFg9BOoEkWjWM
         79TrxQZTvfksBNRYgr8yn22JkalQHiJoTQD39GZ5q0lPztGxDUPd+7FUhnNM3PyPnRrq
         7ETPo+b/eRG4UE2bGcdEokz18tyVigVFUX7gQYdyMMfSpxhwC8pbI9UbylmtyrYwOk3P
         MEDnuOKTCC/pEQ+oo0ABXXw7IJLacVQ4ejeoVgSSbwZuJ7io1eSLSwMYTc8vPIQIfDOu
         nkVQ==
X-Gm-Message-State: AOAM530LrMYr9QSeRpN/pGz9t1FBSFpo72tUA7zrgDYoU65SJFf8dzyO
        dg+QVRtlVmpGsVJp/idrr0MkuH1BvWeAtS0K
X-Google-Smtp-Source: ABdhPJzTqwOIDtEx9dilUo5SYiVCuxBEmxGU+1gknwEXi58amTQcTMsOhaLdIepGbymemDgWG5aYUg==
X-Received: by 2002:a2e:9c94:: with SMTP id x20mr662757lji.435.1625252427391;
        Fri, 02 Jul 2021 12:00:27 -0700 (PDT)
Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com. [209.85.167.43])
        by smtp.gmail.com with ESMTPSA id u2sm347843lff.73.2021.07.02.12.00.27
        for <mm-commits@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 02 Jul 2021 12:00:27 -0700 (PDT)
Received: by mail-lf1-f43.google.com with SMTP id bq39so7211641lfb.12
        for <mm-commits@vger.kernel.org>; Fri, 02 Jul 2021 12:00:27 -0700 (PDT)
X-Received: by 2002:a2e:b553:: with SMTP id a19mr650860ljn.507.1625252416176;
 Fri, 02 Jul 2021 12:00:16 -0700 (PDT)
MIME-Version: 1.0
References: <20210630184624.9ca1937310b0dd5ce66b30e7@linux-foundation.org>
 <20210701015444.ZOZaFPX0b%akpm@linux-foundation.org> <202107021047.CC57ED634@keescook>
In-Reply-To: <202107021047.CC57ED634@keescook>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Fri, 2 Jul 2021 12:00:00 -0700
X-Gmail-Original-Message-ID: <CAHk-=wiGcrds=Q7+utqPE7irvcsGfEY_qvp1+T7x67xdHbuSEA@mail.gmail.com>
Message-ID: <CAHk-=wiGcrds=Q7+utqPE7irvcsGfEY_qvp1+T7x67xdHbuSEA@mail.gmail.com>
Subject: Re: [patch 142/192] procfs: allow reading fdinfo with PTRACE_MODE_READ
To:     Kees Cook <keescook@chromium.org>
Cc:     Andrew Morton <akpm@linux-foundation.org>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Andrei Vagin <avagin@gmail.com>,
        Bernd Edlinger <bernd.edlinger@hotmail.de>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Christian Koenig <christian.koenig@amd.com>,
        Jonathan Corbet <corbet@lwn.net>, Helge Deller <deller@gmx.de>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Alexey Gladkov <gladkov.alexey@gmail.com>, hridya@google.com,
        jamorris@linux.microsoft.com, Jann Horn <jannh@google.com>,
        Jeff Vander Stoep <jeffv@google.com>,
        Kalesh Singh <kaleshsingh@google.com>,
        Linux-MM <linux-mm@kvack.org>,
        Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
        Michal Hocko <mhocko@suse.com>,
        Minchan Kim <minchan@kernel.org>, mm-commits@vger.kernel.org,
        Randy Dunlap <rdunlap@infradead.org>,
        Suren Baghdasaryan <surenb@google.com>,
        Szabolcs Nagy <szabolcs.nagy@arm.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Michel Lespinasse <walken@google.com>,
        Matthew Wilcox <willy@infradead.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
Reply-To: linux-kernel@vger.kernel.org
List-ID: <mm-commits.vger.kernel.org>
X-Mailing-List: mm-commits@vger.kernel.org

On Fri, Jul 2, 2021 at 11:43 AM Kees Cook <keescook@chromium.org> wrote:
>
> Uhm, this is only checked in open(), and never again? Is this safe in
> the face of exec or pid re-use?

Interesting question, but not really all that valid for this particular patch.

Why? Because we already only check for owner permissions on open, and
never again. So if we have fdinfo issues across a suid exec or pid
re-use, they are pre-existing..

But yes, it would probably be a good idea to think about readdir() on
that directory. If somebody reminds me after the merge window is over,
I'll come back to this, but if somebody else wants to think about it
before then, that would be great.

              Linus

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=ixrD=L2=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B6F42C07E95
	for <linux-mm@archiver.kernel.org>; Fri,  2 Jul 2021 19:00:21 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 5F74761410
	for <linux-mm@archiver.kernel.org>; Fri,  2 Jul 2021 19:00:21 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5F74761410
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id D67926B0011; Fri,  2 Jul 2021 15:00:20 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id CF01B6B0036; Fri,  2 Jul 2021 15:00:20 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B43546B005D; Fri,  2 Jul 2021 15:00:20 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0138.hostedemail.com [216.40.44.138])
	by kanga.kvack.org (Postfix) with ESMTP id 881496B0011
	for <linux-mm@kvack.org>; Fri,  2 Jul 2021 15:00:20 -0400 (EDT)
Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 2234B180397A1
	for <linux-mm@kvack.org>; Fri,  2 Jul 2021 19:00:20 +0000 (UTC)
X-FDA: 78318563400.25.731B2DE
Received: from mail-lf1-f42.google.com (mail-lf1-f42.google.com [209.85.167.42])
	by imf22.hostedemail.com (Postfix) with ESMTP id B91D8199C
	for <linux-mm@kvack.org>; Fri,  2 Jul 2021 19:00:19 +0000 (UTC)
Received: by mail-lf1-f42.google.com with SMTP id r26so2347474lfp.2
        for <linux-mm@kvack.org>; Fri, 02 Jul 2021 12:00:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=atEbqDv+e/wpi1BSg3HZbvigb6Fs3eD+eWqGWV43rpE=;
        b=Zs1daiUnEBZt/PaOoN7ikcf1ja9Zmm89Dl9RsGqJY5Ho1W6CnXm3tnu4ieJviKXxx/
         oLUGNNI1bKPKhhRnjBLNOIyoM6jr6DEsRIsvlBjd4Kfrj0CLioM8qknZ2uLNLVSo8XaK
         w9pXJy02dvnXH5eZZEv+Z3DDxlCY3+vyYWREU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=atEbqDv+e/wpi1BSg3HZbvigb6Fs3eD+eWqGWV43rpE=;
        b=qLoLeq7HJ1GR6axO7yTxRkjs62NtT5xPu8cfpqaDsXxHQzfw+Pg54JfLy6q3/iGchu
         JJhFhuGdGKi0EXhB1dFLT+eacZKTeiPDr9FJkyPUXwXFl8iBYVElh1KVViGg+LSLpJOS
         +JsrkwP+GLE6xyrUwZyuVQM2m+hgimInpV/bv5oeJnwc2Ik7Ha2swyM918qJwWDxubI9
         2Zzg5xbaQHbQAUVewkPM81jt3Bp+oOwhnKEps4lyD7XDvRUYWTb2wt9mpTe4vynwEfug
         h9Rkh6RKtEgwD6qKPFWRUmWYs+xp5ijpAsFDCzwa/pen0hPyih8k0Jfe+yK5BvBuW4g3
         CBsQ==
X-Gm-Message-State: AOAM532uirPjHJqZ2sJm0ijsvI9jsxGWMFBrCQJyIrnCzajdsngQgwqd
	czUoBNOIOS5S35a8GYB2NStKEz0tQZwkO/Iu
X-Google-Smtp-Source: ABdhPJzW+Uz2W7gQEZCEWcJ2GmgYENR2N2SlDeCtpjUP6uXEecNaTRdtIPjikZq55ZGkM4pB/MhjNQ==
X-Received: by 2002:a19:fc0b:: with SMTP id a11mr776697lfi.596.1625252417847;
        Fri, 02 Jul 2021 12:00:17 -0700 (PDT)
Received: from mail-lj1-f171.google.com (mail-lj1-f171.google.com. [209.85.208.171])
        by smtp.gmail.com with ESMTPSA id p19sm440186ljm.129.2021.07.02.12.00.16
        for <linux-mm@kvack.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 02 Jul 2021 12:00:17 -0700 (PDT)
Received: by mail-lj1-f171.google.com with SMTP id q4so14591730ljp.13
        for <linux-mm@kvack.org>; Fri, 02 Jul 2021 12:00:16 -0700 (PDT)
X-Received: by 2002:a2e:b553:: with SMTP id a19mr650860ljn.507.1625252416176;
 Fri, 02 Jul 2021 12:00:16 -0700 (PDT)
MIME-Version: 1.0
References: <20210630184624.9ca1937310b0dd5ce66b30e7@linux-foundation.org>
 <20210701015444.ZOZaFPX0b%akpm@linux-foundation.org> <202107021047.CC57ED634@keescook>
In-Reply-To: <202107021047.CC57ED634@keescook>
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Fri, 2 Jul 2021 12:00:00 -0700
X-Gmail-Original-Message-ID: <CAHk-=wiGcrds=Q7+utqPE7irvcsGfEY_qvp1+T7x67xdHbuSEA@mail.gmail.com>
Message-ID: <CAHk-=wiGcrds=Q7+utqPE7irvcsGfEY_qvp1+T7x67xdHbuSEA@mail.gmail.com>
Subject: Re: [patch 142/192] procfs: allow reading fdinfo with PTRACE_MODE_READ
To: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>, Alexey Dobriyan <adobriyan@gmail.com>, 
	Andrei Vagin <avagin@gmail.com>, Bernd Edlinger <bernd.edlinger@hotmail.de>, 
	Christian Brauner <christian.brauner@ubuntu.com>, Christian Koenig <christian.koenig@amd.com>, 
	Jonathan Corbet <corbet@lwn.net>, Helge Deller <deller@gmx.de>, 
	"Eric W. Biederman" <ebiederm@xmission.com>, Alexey Gladkov <gladkov.alexey@gmail.com>, hridya@google.com, 
	jamorris@linux.microsoft.com, Jann Horn <jannh@google.com>, 
	Jeff Vander Stoep <jeffv@google.com>, Kalesh Singh <kaleshsingh@google.com>, Linux-MM <linux-mm@kvack.org>, 
	Mauro Carvalho Chehab <mchehab+huawei@kernel.org>, Michal Hocko <mhocko@suse.com>, 
	Minchan Kim <minchan@kernel.org>, mm-commits@vger.kernel.org, 
	Randy Dunlap <rdunlap@infradead.org>, Suren Baghdasaryan <surenb@google.com>, 
	Szabolcs Nagy <szabolcs.nagy@arm.com>, Al Viro <viro@zeniv.linux.org.uk>, 
	Michel Lespinasse <walken@google.com>, Matthew Wilcox <willy@infradead.org>
Content-Type: text/plain; charset="UTF-8"
Authentication-Results: imf22.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=google header.b=Zs1daiUn;
	dmarc=none;
	spf=pass (imf22.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.42 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org
X-Rspamd-Server: rspam02
X-Stat-Signature: sufmioymbwrkdggoxycyrnf48io9z1wi
X-Rspamd-Queue-Id: B91D8199C
X-HE-Tag: 1625252419-366541
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Jul 2, 2021 at 11:43 AM Kees Cook <keescook@chromium.org> wrote:
>
> Uhm, this is only checked in open(), and never again? Is this safe in
> the face of exec or pid re-use?

Interesting question, but not really all that valid for this particular patch.

Why? Because we already only check for owner permissions on open, and
never again. So if we have fdinfo issues across a suid exec or pid
re-use, they are pre-existing..

But yes, it would probably be a good idea to think about readdir() on
that directory. If somebody reminds me after the merge window is over,
I'll come back to this, but if somebody else wants to think about it
before then, that would be great.

              Linus