From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754417AbcKOX1d (ORCPT ); Tue, 15 Nov 2016 18:27:33 -0500 Received: from mail-wm0-f51.google.com ([74.125.82.51]:36574 "EHLO mail-wm0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752354AbcKOX1b (ORCPT ); Tue, 15 Nov 2016 18:27:31 -0500 MIME-Version: 1.0 In-Reply-To: References: <1478187038-19954-1-git-send-email-wluikil@gmail.com> From: Kees Cook Date: Tue, 15 Nov 2016 15:27:28 -0800 X-Google-Sender-Auth: zJGmku8ukCxRshYMhTjkKe81jDU Message-ID: Subject: Re: [PATCH 1/2] procfs: use an enum for possible hidepid values To: Lafcadio Wluiki , Andrew Morton Cc: LKML Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by mail.home.local id uAFNRcY2031739 On Thu, Nov 3, 2016 at 8:49 AM, Kees Cook wrote: > On Thu, Nov 3, 2016 at 9:30 AM, Lafcadio Wluiki wrote: >> (Third, rebased submission, since first two submissions yielded no replies.) > > Hm, I didn't see this series before, for some reason. > >> Previously, the hidepid parameter was checked by comparing literal >> integers 0, 1, 2. Let's add a proper enum for this, to make the checking >> more expressive: >> >> 0 → HIDEPID_OFF >> 1 → HIDEPID_NO_ACCESS >> 2 → HIDEPID_INVISIBLE >> >> This changes the internal labelling only, the userspace-facing interface >> remains unmodified, and still works with literal integers 0, 1, 2. >> >> No functional changes. >> >> Signed-off-by: Lafcadio Wluiki > > Yup, this is good. Dropping literals is always preferred. :) > > Acked-by: Kees Cook Hi, Friendly ping to Andrew for picking up this clean-up for -mm. (Though not yet the 2/2 patch, as it still has some unanswered questions...) -Kees > > -Kees > >> --- >> fs/proc/base.c | 8 ++++---- >> fs/proc/inode.c | 2 +- >> fs/proc/root.c | 3 ++- >> include/linux/pid_namespace.h | 6 ++++++ >> 4 files changed, 13 insertions(+), 6 deletions(-) >> >> diff --git a/fs/proc/base.c b/fs/proc/base.c >> index ca651ac..ae5e13c 100644 >> --- a/fs/proc/base.c >> +++ b/fs/proc/base.c >> @@ -726,11 +726,11 @@ static int proc_pid_permission(struct inode *inode, int mask) >> task = get_proc_task(inode); >> if (!task) >> return -ESRCH; >> - has_perms = has_pid_permissions(pid, task, 1); >> + has_perms = has_pid_permissions(pid, task, HIDEPID_NO_ACCESS); >> put_task_struct(task); >> >> if (!has_perms) { >> - if (pid->hide_pid == 2) { >> + if (pid->hide_pid == HIDEPID_INVISIBLE) { >> /* >> * Let's make getdents(), stat(), and open() >> * consistent with each other. If a process >> @@ -1720,7 +1720,7 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) >> stat->gid = GLOBAL_ROOT_GID; >> task = pid_task(proc_pid(inode), PIDTYPE_PID); >> if (task) { >> - if (!has_pid_permissions(pid, task, 2)) { >> + if (!has_pid_permissions(pid, task, HIDEPID_INVISIBLE)) { >> rcu_read_unlock(); >> /* >> * This doesn't prevent learning whether PID exists, >> @@ -3181,7 +3181,7 @@ int proc_pid_readdir(struct file *file, struct dir_context *ctx) >> iter.tgid += 1, iter = next_tgid(ns, iter)) { >> char name[PROC_NUMBUF]; >> int len; >> - if (!has_pid_permissions(ns, iter.task, 2)) >> + if (!has_pid_permissions(ns, iter.task, HIDEPID_INVISIBLE)) >> continue; >> >> len = snprintf(name, sizeof(name), "%d", iter.tgid); >> diff --git a/fs/proc/inode.c b/fs/proc/inode.c >> index e69ebe6..872325e 100644 >> --- a/fs/proc/inode.c >> +++ b/fs/proc/inode.c >> @@ -106,7 +106,7 @@ static int proc_show_options(struct seq_file *seq, struct dentry *root) >> >> if (!gid_eq(pid->pid_gid, GLOBAL_ROOT_GID)) >> seq_printf(seq, ",gid=%u", from_kgid_munged(&init_user_ns, pid->pid_gid)); >> - if (pid->hide_pid != 0) >> + if (pid->hide_pid != HIDEPID_OFF) >> seq_printf(seq, ",hidepid=%u", pid->hide_pid); >> >> return 0; >> diff --git a/fs/proc/root.c b/fs/proc/root.c >> index 8d3e484..2989731 100644 >> --- a/fs/proc/root.c >> +++ b/fs/proc/root.c >> @@ -58,7 +58,8 @@ int proc_parse_options(char *options, struct pid_namespace *pid) >> case Opt_hidepid: >> if (match_int(&args[0], &option)) >> return 0; >> - if (option < 0 || option > 2) { >> + if (option < HIDEPID_OFF || >> + option > HIDEPID_INVISIBLE) { >> pr_err("proc: hidepid value must be between 0 and 2.\n"); >> return 0; >> } >> diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h >> index 34cce96..c2a989d 100644 >> --- a/include/linux/pid_namespace.h >> +++ b/include/linux/pid_namespace.h >> @@ -21,6 +21,12 @@ struct pidmap { >> >> struct fs_pin; >> >> +enum { /* definitions for pid_namespace's hide_pid field */ >> + HIDEPID_OFF = 0, >> + HIDEPID_NO_ACCESS = 1, >> + HIDEPID_INVISIBLE = 2, >> +}; >> + >> struct pid_namespace { >> struct kref kref; >> struct pidmap pidmap[PIDMAP_ENTRIES]; >> -- >> 2.7.4 >> > > > > -- > Kees Cook > Nexus Security -- Kees Cook Nexus Security