linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
To: Cyrill Gorcunov <gorcunov@gmail.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Michal Hocko <mhocko@kernel.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	Andrey Vagin <avagin@openvz.org>,
	Andrew Morton <akpm@linuxfoundation.org>,
	Pavel Emelyanov <xemul@virtuozzo.com>,
	Michael Kerrisk <mtk.manpages@gmail.com>,
	Yang Shi <yang.shi@linux.alibaba.com>
Subject: Re: [v2] prctl: Deprecate non PR_SET_MM_MAP operations
Date: Fri, 20 Apr 2018 16:29:03 +0900	[thread overview]
Message-ID: <20180420072903.GA594@jagdpanzerIV> (raw)
In-Reply-To: <20180420070257.GJ19578@uranus.lan>

On (04/20/18 10:02), Cyrill Gorcunov wrote:
> On Fri, Apr 20, 2018 at 11:38:09AM +0900, Sergey Senozhatsky wrote:
> > On (04/05/18 21:26), Cyrill Gorcunov wrote:
> > [..]
> > > -
> > >  #ifdef CONFIG_CHECKPOINT_RESTORE
> > >  	if (opt == PR_SET_MM_MAP || opt == PR_SET_MM_MAP_SIZE)
> > >  		return prctl_set_mm_map(opt, (const void __user *)addr, arg4);
> > >  #endif
> > >  
> > > -	if (!capable(CAP_SYS_RESOURCE))
> > > -		return -EPERM;
> > > -
> > > -	if (opt == PR_SET_MM_EXE_FILE)
> > > -		return prctl_set_mm_exe_file(mm, (unsigned int)addr);
> > > -
> > > -	if (opt == PR_SET_MM_AUXV)
> > > -		return prctl_set_auxv(mm, addr, arg4);
> > 
> > Then validate_prctl_map() and prctl_set_mm_exe_file() can be moved
> > under CONFIG_CHECKPOINT_RESTORE ifdef.
> 
> I don't mind. Could you please make the patch on top of linux-next?

As far as I can see, it's not in linux-next yet. So the following is
against the mmots tree. I wouldn't mind it if we could just squash the
patches.

=======================================================================

From: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Subject: [PATCH] prctl: Don't compile some of prctl functions when CRUI
 disabled

CHECKPOINT_RESTORE is the only user of validate_prctl_map()
and prctl_set_mm_exe_file(), so we can move those two under
CONFIG_CHECKPOINT_RESTORE.

Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
---
 kernel/sys.c | 126 +++++++++++++++++++++++++--------------------------
 1 file changed, 63 insertions(+), 63 deletions(-)

diff --git a/kernel/sys.c b/kernel/sys.c
index 6bdffe264303..86e5ef1a5612 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1815,68 +1815,7 @@ SYSCALL_DEFINE1(umask, int, mask)
 	return mask;
 }
 
-static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
-{
-	struct fd exe;
-	struct file *old_exe, *exe_file;
-	struct inode *inode;
-	int err;
-
-	exe = fdget(fd);
-	if (!exe.file)
-		return -EBADF;
-
-	inode = file_inode(exe.file);
-
-	/*
-	 * Because the original mm->exe_file points to executable file, make
-	 * sure that this one is executable as well, to avoid breaking an
-	 * overall picture.
-	 */
-	err = -EACCES;
-	if (!S_ISREG(inode->i_mode) || path_noexec(&exe.file->f_path))
-		goto exit;
-
-	err = inode_permission(inode, MAY_EXEC);
-	if (err)
-		goto exit;
-
-	/*
-	 * Forbid mm->exe_file change if old file still mapped.
-	 */
-	exe_file = get_mm_exe_file(mm);
-	err = -EBUSY;
-	if (exe_file) {
-		struct vm_area_struct *vma;
-
-		down_read(&mm->mmap_sem);
-		for (vma = mm->mmap; vma; vma = vma->vm_next) {
-			if (!vma->vm_file)
-				continue;
-			if (path_equal(&vma->vm_file->f_path,
-				       &exe_file->f_path))
-				goto exit_err;
-		}
-
-		up_read(&mm->mmap_sem);
-		fput(exe_file);
-	}
-
-	err = 0;
-	/* set the new file, lockless */
-	get_file(exe.file);
-	old_exe = xchg(&mm->exe_file, exe.file);
-	if (old_exe)
-		fput(old_exe);
-exit:
-	fdput(exe);
-	return err;
-exit_err:
-	up_read(&mm->mmap_sem);
-	fput(exe_file);
-	goto exit;
-}
-
+#ifdef CONFIG_CHECKPOINT_RESTORE
 /*
  * WARNING: we don't require any capability here so be very careful
  * in what is allowed for modification from userspace.
@@ -1968,7 +1907,68 @@ static int validate_prctl_map(struct prctl_mm_map *prctl_map)
 	return error;
 }
 
-#ifdef CONFIG_CHECKPOINT_RESTORE
+static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
+{
+	struct fd exe;
+	struct file *old_exe, *exe_file;
+	struct inode *inode;
+	int err;
+
+	exe = fdget(fd);
+	if (!exe.file)
+		return -EBADF;
+
+	inode = file_inode(exe.file);
+
+	/*
+	 * Because the original mm->exe_file points to executable file, make
+	 * sure that this one is executable as well, to avoid breaking an
+	 * overall picture.
+	 */
+	err = -EACCES;
+	if (!S_ISREG(inode->i_mode) || path_noexec(&exe.file->f_path))
+		goto exit;
+
+	err = inode_permission(inode, MAY_EXEC);
+	if (err)
+		goto exit;
+
+	/*
+	 * Forbid mm->exe_file change if old file still mapped.
+	 */
+	exe_file = get_mm_exe_file(mm);
+	err = -EBUSY;
+	if (exe_file) {
+		struct vm_area_struct *vma;
+
+		down_read(&mm->mmap_sem);
+		for (vma = mm->mmap; vma; vma = vma->vm_next) {
+			if (!vma->vm_file)
+				continue;
+			if (path_equal(&vma->vm_file->f_path,
+				       &exe_file->f_path))
+				goto exit_err;
+		}
+
+		up_read(&mm->mmap_sem);
+		fput(exe_file);
+	}
+
+	err = 0;
+	/* set the new file, lockless */
+	get_file(exe.file);
+	old_exe = xchg(&mm->exe_file, exe.file);
+	if (old_exe)
+		fput(old_exe);
+exit:
+	fdput(exe);
+	return err;
+exit_err:
+	up_read(&mm->mmap_sem);
+	fput(exe_file);
+	goto exit;
+}
+
 static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data_size)
 {
 	struct prctl_mm_map prctl_map = { .exe_fd = (u32)-1, };
-- 
2.17.0

  reply	other threads:[~2018-04-20  7:29 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-05 18:26 [PATCH v2] prctl: Deprecate non PR_SET_MM_MAP operations Cyrill Gorcunov
2018-04-05 18:56 ` Michal Hocko
2018-04-05 19:51   ` Cyrill Gorcunov
2018-04-05 18:59 ` Yang Shi
2018-04-18 22:28 ` Andrew Morton
2018-04-18 22:42   ` Cyrill Gorcunov
2018-04-20  2:38 ` [v2] " Sergey Senozhatsky
2018-04-20  7:02   ` Cyrill Gorcunov
2018-04-20  7:29     ` Sergey Senozhatsky [this message]
2018-04-20  8:18       ` Cyrill Gorcunov
2018-04-20 20:37       ` [PATCH] prctl: Don't compile some of prctl functions when CRUI kbuild test robot
2018-04-20 21:00         ` Andrew Morton
2019-04-17 12:23           ` Michal Koutný
2019-04-17 12:38             ` Cyrill Gorcunov
2019-04-17 14:44               ` Michal Koutný
2019-04-17 14:56                 ` Cyrill Gorcunov
2019-04-17 16:56                 ` Cyrill Gorcunov
2018-04-20 21:43       ` kbuild test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180420072903.GA594@jagdpanzerIV \
    --to=sergey.senozhatsky.work@gmail.com \
    --cc=akpm@linuxfoundation.org \
    --cc=avagin@openvz.org \
    --cc=gorcunov@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mhocko@kernel.org \
    --cc=mtk.manpages@gmail.com \
    --cc=rdunlap@infradead.org \
    --cc=xemul@virtuozzo.com \
    --cc=yang.shi@linux.alibaba.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).