lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Y8tbks5q6hL3B3pI@memverge.com>
Date:   Fri, 20 Jan 2023 22:27:14 -0500
From:   Gregory Price <gregory.price@...verge.com>
To:     Andrei Vagin <avagin@...il.com>
Cc:     Gregory Price <gourry.memverge@...il.com>,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-doc@...r.kernel.org, linux-kselftest@...r.kernel.org,
        krisman@...labora.com, tglx@...utronix.de, luto@...nel.org,
        oleg@...hat.com, peterz@...radead.org, ebiederm@...ssion.com,
        akpm@...ux-foundation.org, adobriyan@...il.com, corbet@....net,
        shuah@...nel.org
Subject: Re: [PATCH v3 3/3] ptrace,syscall_user_dispatch: add a getter/setter
 for sud configuration

On Fri, Jan 20, 2023 at 07:18:49PM -0800, Andrei Vagin wrote:
> On Fri, Jan 20, 2023 at 7:05 AM Gregory Price <gourry.memverge@...il.com> wrote:
> >
> > Implement ptrace getter/setter interface for syscall user dispatch.
> >
> > Presently, these settings are write-only via prctl, making it impossible
> > to implement transparent checkpoint (coordination with the software is
> > required).
> >
> > This is modeled after a similar interface for SECCOMP, which can have
> > its configuration dumped by ptrace for software like CRIU.
> >
> > Signed-off-by: Gregory Price <gregory.price@...verge.com>
> > ---
> >  .../admin-guide/syscall-user-dispatch.rst     |  5 +-
> >  include/linux/syscall_user_dispatch.h         | 19 +++++++
> >  include/uapi/linux/ptrace.h                   | 10 ++++
> >  kernel/entry/syscall_user_dispatch.c          | 49 +++++++++++++++++++
> >  kernel/ptrace.c                               |  9 ++++
> >  5 files changed, 91 insertions(+), 1 deletion(-)
> >
> > diff --git a/Documentation/admin-guide/syscall-user-dispatch.rst b/Documentation/admin-guide/syscall-user-dispatch.rst
> > index 60314953c728..a23ae21a1d5b 100644
> > --- a/Documentation/admin-guide/syscall-user-dispatch.rst
> > +++ b/Documentation/admin-guide/syscall-user-dispatch.rst
> 
> <snip>
> 
> > +
> > +int syscall_user_dispatch_get_config(struct task_struct *task, unsigned long size,
> > +               void __user *data)
> > +{
> > +       struct syscall_user_dispatch *sd = &task->syscall_dispatch;
> > +       struct syscall_user_dispatch_config config;
> > +
> > +       if (size != sizeof(struct syscall_user_dispatch_config))
> > +               return -EINVAL;
> > +
> > +       if (sd->selector) {
> > +               config.mode = PR_SYS_DISPATCH_ON;
> > +               config.offset = sd->offset;
> > +               config.len = sd->len;
> > +               config.selector = sd->selector;
> > +               config.on_dispatch = sd->on_dispatch;
> > +       } else {
> 
> This doesn't look right for me. selector is optional and if it is 0,
> it doesn't mean that
> mode is PR_SYS_DISPATCH_OFF, does it?
> 
> > +               config.mode = PR_SYS_DISPATCH_OFF;
> > +               config.offset = 0;
> > +               config.len = 0;
> > +               config.selector = NULL;
> > +               config.on_dispatch = false;
> > +       }
> > +       if (copy_to_user(data, &config, sizeof(config)))
> > +               return -EFAULT;
> > +
> > +       return 0;
> > +}
> > +

Hm.  Right you are.  I suppose I should change this to checking offset
instead.  Will need to validate the fields are correctly cleared on
disable and on task allocate (i presume this is true).

Otherwise it might behoove us to actually add a state field.

Thank you, i'll push an update tomorrow.

I also need change patch 2/3 as well.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ