Garbage data while reading via usermode driver?

Garbage data while reading via usermode driver?

[Tetsuo Handa]

Hello.

Below is a loadable kernel module which attempts to read (for example) /proc/interrupts from
kernel using usermode driver interface. What is strange is that the total bytes obtained by
doing "wc -c /proc/interrupts" from userspace's shell and trying to insmod this kernel module
differs; for unknown reason, kernel_read() returns "#!/bin/cat /proc/interrupts\n" (28 bytes)
at the end of input.

---------- Start of sample module ----------
#include <linux/module.h>
#include <linux/fs.h>
#include <linux/usermode_driver.h>

static int __init umd_test_init(void)
{
	static const char program[] = "#!/bin/cat /proc/interrupts\n";
	struct umd_info umd = { .driver_name = "umd_test" };
	static char buffer[512];
	loff_t pos = 0;
	int total = 0;
	int ret;

	if (umd_load_blob(&umd, program, sizeof(program) - 1))
		return -EINVAL;
	ret = fork_usermode_driver(&umd);
	if (ret == 0) {
		memset(buffer, 0, sizeof(buffer));
		while ((ret = kernel_read(umd.pipe_from_umh, buffer, sizeof(buffer) - 1, &pos)) > 0) {
			buffer[ret] = '\0';
			printk("buffer='%s'\n", buffer);
			total += ret;
		}
		printk("ret=%d total=%u\n", ret, total);
	}
	umd_unload_blob(&umd);
	return -EINVAL;
}

module_init(umd_test_init);
MODULE_LICENSE("GPL");
---------- End of sample module ----------

If I don't use "#!" (i.e. replacing

  "#!/bin/cat /proc/kallsyms\n"

with binary data generated by compiling

---------- Start of sample usermode code ----------
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>

int main(int argc, char *argv[])
{
	const int fd = open("/proc/interrupts", O_RDONLY);
	char buffer[4096];
	int len;

	while ((len = read(fd, buffer, sizeof(buffer))) > 0 &&
	       write(1, buffer, len) == len);
	return !!len;
}
---------- End of sample usermode code ----------

and converted by ./scripts/bin2c ), the total bytes obtained by doing
"wc -c /proc/interrupts" from userspace's shell and trying to insmod
this kernel module matches (i.e. there is no garbage).

Why there is garbage data if I use "#!" ?

Re: Garbage data while reading via usermode driver?

[Tetsuo Handa]

On 2020/11/16 20:11, Tetsuo Handa wrote:
> Why there is garbage data if I use "#!" ?

I overlooked that execution of "umd_test" containing "#!/bin/cat some_file" results in
execution of "/bin/cat some_file umd_test". Nothing is strange. Sorry for the noise.

Re: Garbage data while reading via usermode driver?

[Al Viro]

On Mon, Nov 16, 2020 at 08:11:04PM +0900, Tetsuo Handa wrote:
> Hello.
> 
> Below is a loadable kernel module which attempts to read (for example) /proc/interrupts from
> kernel using usermode driver interface. What is strange is that the total bytes obtained by
> doing "wc -c /proc/interrupts" from userspace's shell and trying to insmod this kernel module
> differs; for unknown reason, kernel_read() returns "#!/bin/cat /proc/interrupts\n" (28 bytes)
> at the end of input.

Because /bin/cat writes it out ;-)

$ echo "#!/bin/echo foo" >/tmp/a
$ chmod +x /tmp/a
$ /tmp/a
foo /tmp/a
$

IOW, same way #!/bin/sh -e in the beginning of /tmp/foo.sh results in exec
of /bin/sh with -e and /tmp/foo.sh in the arguments, #!/bin/cat /proc/interrupts
in /tmp/bar.sh will result in exec of /bin/cat with /proc/interrupts and
/tmp/bar.sh in parameters.  With cat(1) doing what it's supposed to do.

Re: Garbage data while reading via usermode driver?

[Tetsuo Handa]

On 2020/11/16 21:35, Al Viro wrote:
> On Mon, Nov 16, 2020 at 08:11:04PM +0900, Tetsuo Handa wrote:
>> Hello.
>>
>> Below is a loadable kernel module which attempts to read (for example) /proc/interrupts from
>> kernel using usermode driver interface. What is strange is that the total bytes obtained by
>> doing "wc -c /proc/interrupts" from userspace's shell and trying to insmod this kernel module
>> differs; for unknown reason, kernel_read() returns "#!/bin/cat /proc/interrupts\n" (28 bytes)
>> at the end of input.
> 
> Because /bin/cat writes it out ;-)

You are right. ;-)

I have an out of tree kernel module (a loadable kernel version of TOMOYO security module)
which needs to read /proc/kallsyms from kernel (in order to find symbols needed by TOMOYO).
Now that kernel_read() can no longer read /proc/kallsyms , I had to abuse usermode driver
only for reading /proc/kallsyms ( https://osdn.net/projects/akari/scm/svn/commits/662 ).