lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5564DABC.50400@redhat.com>
Date:	Tue, 26 May 2015 16:42:36 -0400
From:	Jarod Wilson <jarod@...hat.com>
To:	Alexey Dobriyan <adobriyan@...il.com>, akpm@...ux-foundation.org
CC:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH try #4] proc: fix PAGE_SIZE limit of /proc/$PID/cmdline

On 5/8/2015 8:28 AM, Alexey Dobriyan wrote:
> /proc/$PID/cmdline truncates output at PAGE_SIZE. It is easy to see with
>
> 	$ cat /proc/self/cmdline $(seq 1037) 2>/dev/null
>
> However, command line size was never limited to PAGE_SIZE but to 128 KB and
> relatively recently limitation was removed altogether.
>
> People noticed and ask questions:
> http://stackoverflow.com/questions/199130/how-do-i-increase-the-proc-pid-cmdline-4096-byte-limit
>
> seq file interface is not OK, because it kmalloc's for whole output and
> open + read(, 1) + sleep will pin arbitrary amounts of kernel memory.
> To not do that, limit must be imposed which is incompatible with
> arbitrary sized command lines.
>
> I apologize for hairy code, but this it direct consequence of command line
> layout in memory and hacks to support things like "init [3]".
>
> The loops are "unrolled" otherwise it is either macros which hide
> control flow or functions with 7-8 arguments with equal line count.
>
> There should be real setproctitle(2) or something.
>
> Signed-off-by: Alexey Dobriyan <adobriyan@...il.com>
> Tested-by: Jarod Wilson <jarod@...hat.com>
> Acked-by: Jarod Wilson <jarod@...hat.com>

Should have tested on more than just x86, it appears. We've started 
hammering on this internally across all arches, and its exploded 
multiple times on ppc64 now:

[ 2717.074699] ------------[ cut here ]------------
[ 2717.074787] kernel BUG at fs/proc/base.c:244!
[ 2717.074822] Oops: Exception in kernel mode, sig: 5 [#1]
[ 2717.074854] SMP NR_CPUS=2048 NUMA pSeries
[ 2717.074891] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 
nfsv3 nfs_acl nfs lockd sunrpc grace fscache nfnetlink_queue 
nfnetlink_log nfnetlink bluetooth rfkill arc4 md4 nls_utf8 cifs 
dns_resolver ib_isert iscsi_target_mod ib_iser libiscsi 
scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp 
scsi_tgt ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm iw_cm ib_cm 
ib_sa ib_mad ib_core ib_addr nls_koi8_u nls_cp932 ts_kmp 
nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack crct10dif_generic 
crct10dif_common pseries_rng virtio_console virtio_balloon xfs libcrc32c 
virtio_blk virtio_net virtio_pci virtio_ring virtio dm_mirror 
dm_region_hash dm_log dm_mod [last unloaded: 
stap_2c7aea09c8404123be8fa7c7e18bc50_31774]
[ 2717.075687] CPU: 4 PID: 21943 Comm: ps Tainted: G 
OE--------------   3.10.0-255.el7.ppc64.debug #1
[ 2717.075750] task: c000000229c08f10 ti: c000000224af0000 task.ti: 
c000000224af0000
[ 2717.075798] NIP: c0000000003f2e34 LR: c0000000003f2e14 CTR: 
c0000000003f2cb0
[ 2717.075849] REGS: c000000224af3a00 TRAP: 0700   Tainted: G 
OE--------------    (3.10.0-255.el7.ppc64.debug)
[ 2717.075911] MSR: 8000000000029032 <SF,EE,ME,IR,DR,RI>  CR: 22004224 
XER: 00000000
[ 2717.076016] CFAR: c00000000011d758 SOFTE: 1
GPR00: c0000000003f2e14 c000000224af3c80 c0000000019b6bc0 0000000000000001
GPR04: 0000000000000001 c0000000003f2e14 0d40600000000000 00000003ffc0ac02
GPR08: 00000000036b80f2 0000000000000001 0000000000000000 ef7bdef7bdef7bdf
GPR12: 0000000022004224 c000000007b82400 0000000000000000 0000000000000000
GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20: 0000000000000000 0000000000000000 00003fffdc61f61a 0000000000000000
GPR24: 00003fffdc61f60e c0000001b75f0000 00000100315aa850 00003fffdc61f61a
GPR28: c000000224af3df0 0000000000020000 c0000000183241c0 c000000018324100
[ 2717.076615] NIP [c0000000003f2e34] .proc_pid_cmdline_read+0x184/0x5a0
[ 2717.076656] LR [c0000000003f2e14] .proc_pid_cmdline_read+0x164/0x5a0
[ 2717.076697] Call Trace:
[ 2717.076714] [c000000224af3c80] [c0000000003f2e14] 
.proc_pid_cmdline_read+0x164/0x5a0 (unreliable)
[ 2717.076781] [c000000224af3d80] [c00000000033ba2c] .SyS_read+0x12c/0x320
[ 2717.076831] [c000000224af3e30] [c00000000000a188] syscall_exit+0x0/0x7c
[ 2717.076877] Instruction dump:
[ 2717.076901] 7fc3f378 eadf01f0 eabf01f8 4bd2a8f1 60000000 7d38d810 
7d294910 7d2900d0
[ 2717.076982] 0b090000 7d36a810 7d294910 7d2900d0 <0b090000> 38c00001 
7fe3fb78 389bffff
[ 2717.077075] ---[ end trace 65ad2b0a70ae8547 ]---

[ 2717.077774] BUG: sleeping function called from invalid context at 
kernel/rwsem.c:20
[ 2717.077819] in_atomic(): 0, irqs_disabled(): 1, pid: 21943, name: ps
[ 2717.077856] INFO: lockdep is turned off.
[ 2717.077884] irq event stamp: 25482
[ 2717.077911] hardirqs last  enabled at (25481): [<c00000000027d664>] 
.get_page_from_freelist+0x984/0x2790
[ 2717.077974] hardirqs last disabled at (25482): [<c000000000006310>] 
program_check_common+0x110/0x180
[ 2717.078034] softirqs last  enabled at (24584): [<c0000000000d7370>] 
.__do_softirq+0x220/0x5b0
[ 2717.078092] softirqs last disabled at (24567): [<c00000000002695c>] 
.call_do_softirq+0x14/0x24
[ 2717.078164] CPU: 4 PID: 21943 Comm: ps Tainted: G      D 
OE--------------   3.10.0-255.el7.ppc64.debug #1
[ 2717.078225] Call Trace:
[ 2717.078242] [c000000224af32b0] [c000000000019510] 
.show_stack+0x80/0x380 (unreliable)
[ 2717.078301] [c000000224af3380] [c000000000a05ec4] .dump_stack+0x28/0x3c
[ 2717.078350] [c000000224af33f0] [c00000000012ab54] 
.__might_sleep+0x1b4/0x2c0
[ 2717.078396] [c000000224af3480] [c0000000009e5158] .down_read+0x38/0x110
[ 2717.078446] [c000000224af3510] [c0000000000f1e14] 
.exit_signals+0x24/0x160
[ 2717.078496] [c000000224af35a0] [c0000000000d2c30] .do_exit+0xe0/0xe40
[ 2717.078543] [c000000224af36b0] [c000000000023090] .die+0x300/0x450
[ 2717.078593] [c000000224af3760] [c000000000023404] ._exception+0x1b4/0x1e0
[ 2717.078640] [c000000224af3900] [c0000000009eb6b8] 
.program_check_exception+0x288/0x3e0
[ 2717.078693] [c000000224af3990] [c000000000006318] 
program_check_common+0x118/0x180
[ 2717.078750] --- Exception: 700 at .proc_pid_cmdline_read+0x184/0x5a0
     LR = .proc_pid_cmdline_read+0x164/0x5a0
[ 2717.078819] [c000000224af3d80] [c00000000033ba2c] .SyS_read+0x12c/0x320
[ 2717.078864] [c000000224af3e30] [c00000000000a188] syscall_exit+0x0/0x7c

-- 
Jarod Wilson
jarod@...hat.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ