mbox series

[0/5] Fix fill_files_note

Message ID 87bkzroica.fsf_-_@email.froward.int.ebiederm.org (mailing list archive)
Headers show
Series Fix fill_files_note | expand

Message

Eric W. Biederman Jan. 31, 2022, 6:44 p.m. UTC 
Matthew Wilcox has reported that a missing mmap_lock in file_files_note,
which could cause trouble.

Refactor the code and clean it up so that the vma snapshot makes
it to fill_files_note, and then use the vma snapshot in fill_files_note.

Folks please review this as this looks correct to me but I haven't done
anything beyond compile testing this yet.

Eric W. Biederman (5):
      coredump: Move definition of struct coredump_params into coredump.h
      coredump: Snapshot the vmas in do_coredump
      coredump: Remove the WARN_ON in dump_vma_snapshot
      coredump/elf: Pass coredump_params into fill_note_info
      coredump: Use the vma snapshot in fill_files_note

 fs/binfmt_elf.c          | 61 ++++++++++++++++++++++--------------------------
 fs/binfmt_elf_fdpic.c    | 18 +++++---------
 fs/coredump.c            | 55 +++++++++++++++++++++++++++++--------------
 include/linux/binfmts.h  | 13 +----------
 include/linux/coredump.h | 20 ++++++++++++----
 5 files changed, 88 insertions(+), 79 deletions(-)


Eric

Comments

Kees Cook Jan. 31, 2022, 8:57 p.m. UTC | #1 
On Mon, Jan 31, 2022 at 12:44:53PM -0600, Eric W. Biederman wrote:
> 
> Matthew Wilcox has reported that a missing mmap_lock in file_files_note,
> which could cause trouble.
> 
> Refactor the code and clean it up so that the vma snapshot makes
> it to fill_files_note, and then use the vma snapshot in fill_files_note.
> 
> Folks please review this as this looks correct to me but I haven't done
> anything beyond compile testing this yet.
> 
> Eric W. Biederman (5):
>       coredump: Move definition of struct coredump_params into coredump.h
>       coredump: Snapshot the vmas in do_coredump
>       coredump: Remove the WARN_ON in dump_vma_snapshot
>       coredump/elf: Pass coredump_params into fill_note_info
>       coredump: Use the vma snapshot in fill_files_note
> 
>  fs/binfmt_elf.c          | 61 ++++++++++++++++++++++--------------------------
>  fs/binfmt_elf_fdpic.c    | 18 +++++---------
>  fs/coredump.c            | 55 +++++++++++++++++++++++++++++--------------
>  include/linux/binfmts.h  | 13 +----------
>  include/linux/coredump.h | 20 ++++++++++++----
>  5 files changed, 88 insertions(+), 79 deletions(-)
> 
> 
> Eric

This looks like a good clean-up to me. For the series:

Reviewed-by: Kees Cook <keescook@chromium.org>
Eric W. Biederman March 8, 2022, 7:35 p.m. UTC | #2 
Kees,

Please pull the coredump-vma-snapshot-fix branch from the git tree:

  git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git coredump-vma-snapshot-fix

  HEAD: 390031c942116d4733310f0684beb8db19885fe6 coredump: Use the vma snapshot in fill_files_note

Matthew Wilcox has reported that a missing mmap_lock in file_files_note,
which could cause trouble.

Refactor the code and clean it up so that the vma snapshot makes
it to fill_files_note, and then use the vma snapshot in fill_files_note.

Eric W. Biederman (5):
      coredump: Move definition of struct coredump_params into coredump.h
      coredump: Snapshot the vmas in do_coredump
      coredump: Remove the WARN_ON in dump_vma_snapshot
      coredump/elf: Pass coredump_params into fill_note_info
      coredump: Use the vma snapshot in fill_files_note

 fs/binfmt_elf.c          | 66 ++++++++++++++++++++++--------------------------
 fs/binfmt_elf_fdpic.c    | 18 +++++--------
 fs/binfmt_flat.c         |  1 +
 fs/coredump.c            | 59 ++++++++++++++++++++++++++++---------------
 include/linux/binfmts.h  | 13 +---------
 include/linux/coredump.h | 20 ++++++++++++---
 6 files changed, 93 insertions(+), 84 deletions(-)

---

Kees I realized I needed to rebase this on Jann Horn's commit
84158b7f6a06 ("coredump: Also dump first pages of non-executable ELF
libraries").  Unfortunately before I got that done I got distracted and
these changes have been sitting in limbo for most of the development
cycle.  Since you are running a tree that is including changes like this
including Jann's can you please pull these changes into your tree.

Thank you,
Eric
Kees Cook March 8, 2022, 9:49 p.m. UTC | #3 
On Tue, Mar 08, 2022 at 01:35:03PM -0600, Eric W. Biederman wrote:
> 
> Kees,
> 
> Please pull the coredump-vma-snapshot-fix branch from the git tree:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git coredump-vma-snapshot-fix
> 
>   HEAD: 390031c942116d4733310f0684beb8db19885fe6 coredump: Use the vma snapshot in fill_files_note
> 
> Matthew Wilcox has reported that a missing mmap_lock in file_files_note,
> which could cause trouble.
> 
> Refactor the code and clean it up so that the vma snapshot makes
> it to fill_files_note, and then use the vma snapshot in fill_files_note.
> 
> Eric W. Biederman (5):
>       coredump: Move definition of struct coredump_params into coredump.h
>       coredump: Snapshot the vmas in do_coredump
>       coredump: Remove the WARN_ON in dump_vma_snapshot
>       coredump/elf: Pass coredump_params into fill_note_info
>       coredump: Use the vma snapshot in fill_files_note
> 
>  fs/binfmt_elf.c          | 66 ++++++++++++++++++++++--------------------------
>  fs/binfmt_elf_fdpic.c    | 18 +++++--------
>  fs/binfmt_flat.c         |  1 +
>  fs/coredump.c            | 59 ++++++++++++++++++++++++++++---------------
>  include/linux/binfmts.h  | 13 +---------
>  include/linux/coredump.h | 20 ++++++++++++---
>  6 files changed, 93 insertions(+), 84 deletions(-)
> 
> ---
> 
> Kees I realized I needed to rebase this on Jann Horn's commit
> 84158b7f6a06 ("coredump: Also dump first pages of non-executable ELF
> libraries").  Unfortunately before I got that done I got distracted and
> these changes have been sitting in limbo for most of the development
> cycle.  Since you are running a tree that is including changes like this
> including Jann's can you please pull these changes into your tree.

Sure! Can you make a signed tag for this pull?


If it helps, my workflow look like this, though I assume there might be
better ways. (tl;dr: "git tag -s TAG BRANCH")


PULL_BRANCH=name-of-branch
BASE=sha-of-base
FOR=someone
TOPIC=topic-name

TAG="for-$FOR/$TOPIC"
SIGNED=~/.pull-request-signed-"$TAG"
echo "$TOPIC update" > "$SIGNED"
git request-pull "$BASE" git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git "$PULL_BRANCH" | awk '{print "# " $0}' >> "$SIGNED"
vi "$SIGNED"

git tag -sF "$SIGNED" "$TAG" "$PULL_BRANCH"
git push origin "$PULL_BRANCH"
git push origin +"$TAG"
Eric W. Biederman March 9, 2022, 4:29 p.m. UTC | #4 
Kees Cook <keescook@chromium.org> writes:

> On Tue, Mar 08, 2022 at 01:35:03PM -0600, Eric W. Biederman wrote:
>> 
>> Kees,
>> 
>> Please pull the coredump-vma-snapshot-fix branch from the git tree:
>> 
>>   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git coredump-vma-snapshot-fix
>> 
>>   HEAD: 390031c942116d4733310f0684beb8db19885fe6 coredump: Use the vma snapshot in fill_files_note
>> 
>> Matthew Wilcox has reported that a missing mmap_lock in file_files_note,
>> which could cause trouble.
>> 
>> Refactor the code and clean it up so that the vma snapshot makes
>> it to fill_files_note, and then use the vma snapshot in fill_files_note.
>> 
>> Eric W. Biederman (5):
>>       coredump: Move definition of struct coredump_params into coredump.h
>>       coredump: Snapshot the vmas in do_coredump
>>       coredump: Remove the WARN_ON in dump_vma_snapshot
>>       coredump/elf: Pass coredump_params into fill_note_info
>>       coredump: Use the vma snapshot in fill_files_note
>> 
>>  fs/binfmt_elf.c          | 66 ++++++++++++++++++++++--------------------------
>>  fs/binfmt_elf_fdpic.c    | 18 +++++--------
>>  fs/binfmt_flat.c         |  1 +
>>  fs/coredump.c            | 59 ++++++++++++++++++++++++++++---------------
>>  include/linux/binfmts.h  | 13 +---------
>>  include/linux/coredump.h | 20 ++++++++++++---
>>  6 files changed, 93 insertions(+), 84 deletions(-)
>> 
>> ---
>> 
>> Kees I realized I needed to rebase this on Jann Horn's commit
>> 84158b7f6a06 ("coredump: Also dump first pages of non-executable ELF
>> libraries").  Unfortunately before I got that done I got distracted and
>> these changes have been sitting in limbo for most of the development
>> cycle.  Since you are running a tree that is including changes like this
>> including Jann's can you please pull these changes into your tree.
>
> Sure! Can you make a signed tag for this pull?

Not yet.

Hopefully I will get the time to set that up soon, but I am not at all
setup to do signed tags at this point.

> If it helps, my workflow look like this, though I assume there might be
> better ways. (tl;dr: "git tag -s TAG BRANCH")
>
>
> PULL_BRANCH=name-of-branch
> BASE=sha-of-base
> FOR=someone
> TOPIC=topic-name
>
> TAG="for-$FOR/$TOPIC"
> SIGNED=~/.pull-request-signed-"$TAG"
> echo "$TOPIC update" > "$SIGNED"
> git request-pull "$BASE" git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git "$PULL_BRANCH" | awk '{print "# " $0}' >> "$SIGNED"
> vi "$SIGNED"
>
> git tag -sF "$SIGNED" "$TAG" "$PULL_BRANCH"
> git push origin "$PULL_BRANCH"
> git push origin +"$TAG"

Thanks.  That looks like a good place to start.

Eric
Kees Cook March 9, 2022, 4:32 p.m. UTC | #5 
On Wed, Mar 09, 2022 at 10:29:10AM -0600, Eric W. Biederman wrote:
> Kees Cook <keescook@chromium.org> writes:
> 
> > On Tue, Mar 08, 2022 at 01:35:03PM -0600, Eric W. Biederman wrote:
> >> 
> >> Kees,
> >> 
> >> Please pull the coredump-vma-snapshot-fix branch from the git tree:
> >> 
> >>   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git coredump-vma-snapshot-fix
> >> 
> >>   HEAD: 390031c942116d4733310f0684beb8db19885fe6 coredump: Use the vma snapshot in fill_files_note
> >> 
> >> Matthew Wilcox has reported that a missing mmap_lock in file_files_note,
> >> which could cause trouble.
> >> 
> >> Refactor the code and clean it up so that the vma snapshot makes
> >> it to fill_files_note, and then use the vma snapshot in fill_files_note.
> >> 
> >> Eric W. Biederman (5):
> >>       coredump: Move definition of struct coredump_params into coredump.h
> >>       coredump: Snapshot the vmas in do_coredump
> >>       coredump: Remove the WARN_ON in dump_vma_snapshot
> >>       coredump/elf: Pass coredump_params into fill_note_info
> >>       coredump: Use the vma snapshot in fill_files_note
> >> 
> >>  fs/binfmt_elf.c          | 66 ++++++++++++++++++++++--------------------------
> >>  fs/binfmt_elf_fdpic.c    | 18 +++++--------
> >>  fs/binfmt_flat.c         |  1 +
> >>  fs/coredump.c            | 59 ++++++++++++++++++++++++++++---------------
> >>  include/linux/binfmts.h  | 13 +---------
> >>  include/linux/coredump.h | 20 ++++++++++++---
> >>  6 files changed, 93 insertions(+), 84 deletions(-)
> >> 
> >> ---
> >> 
> >> Kees I realized I needed to rebase this on Jann Horn's commit
> >> 84158b7f6a06 ("coredump: Also dump first pages of non-executable ELF
> >> libraries").  Unfortunately before I got that done I got distracted and
> >> these changes have been sitting in limbo for most of the development
> >> cycle.  Since you are running a tree that is including changes like this
> >> including Jann's can you please pull these changes into your tree.
> >
> > Sure! Can you make a signed tag for this pull?
> 
> Not yet.
> 
> Hopefully I will get the time to set that up soon, but I am not at all
> setup to do signed tags at this point.

Okay, cool. Since I'd already review these before, I've pulled and it
should be in -next now.

> [...]
> Thanks.  That looks like a good place to start.

I will try to clean up that work-flow and stuff it into my kernel-tools
repo.
Eric W. Biederman March 9, 2022, 8:27 p.m. UTC | #6 
Kees Cook <keescook@chromium.org> writes:

> On Wed, Mar 09, 2022 at 10:29:10AM -0600, Eric W. Biederman wrote:
>> Kees Cook <keescook@chromium.org> writes:
>> 
>> > On Tue, Mar 08, 2022 at 01:35:03PM -0600, Eric W. Biederman wrote:
>> >> 
>> >> Kees,
>> >> 
>> >> Please pull the coredump-vma-snapshot-fix branch from the git tree:
>> >> 
>> >>   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git coredump-vma-snapshot-fix
>> >> 
>> >>   HEAD: 390031c942116d4733310f0684beb8db19885fe6 coredump: Use the vma snapshot in fill_files_note
>> >> 
>> >> Matthew Wilcox has reported that a missing mmap_lock in file_files_note,
>> >> which could cause trouble.
>> >> 
>> >> Refactor the code and clean it up so that the vma snapshot makes
>> >> it to fill_files_note, and then use the vma snapshot in fill_files_note.
>> >> 
>> >> Eric W. Biederman (5):
>> >>       coredump: Move definition of struct coredump_params into coredump.h
>> >>       coredump: Snapshot the vmas in do_coredump
>> >>       coredump: Remove the WARN_ON in dump_vma_snapshot
>> >>       coredump/elf: Pass coredump_params into fill_note_info
>> >>       coredump: Use the vma snapshot in fill_files_note
>> >> 
>> >>  fs/binfmt_elf.c          | 66 ++++++++++++++++++++++--------------------------
>> >>  fs/binfmt_elf_fdpic.c    | 18 +++++--------
>> >>  fs/binfmt_flat.c         |  1 +
>> >>  fs/coredump.c            | 59 ++++++++++++++++++++++++++++---------------
>> >>  include/linux/binfmts.h  | 13 +---------
>> >>  include/linux/coredump.h | 20 ++++++++++++---
>> >>  6 files changed, 93 insertions(+), 84 deletions(-)
>> >> 
>> >> ---
>> >> 
>> >> Kees I realized I needed to rebase this on Jann Horn's commit
>> >> 84158b7f6a06 ("coredump: Also dump first pages of non-executable ELF
>> >> libraries").  Unfortunately before I got that done I got distracted and
>> >> these changes have been sitting in limbo for most of the development
>> >> cycle.  Since you are running a tree that is including changes like this
>> >> including Jann's can you please pull these changes into your tree.
>> >
>> > Sure! Can you make a signed tag for this pull?
>> 
>> Not yet.
>> 
>> Hopefully I will get the time to set that up soon, but I am not at all
>> setup to do signed tags at this point.
>
> Okay, cool. Since I'd already review these before, I've pulled and it
> should be in -next now.


>
>> [...]
>> Thanks.  That looks like a good place to start.
>
> I will try to clean up that work-flow and stuff it into my kernel-tools
> repo.

It turns out I missed a crazy corner case of binfmt_flat, when coredumps
are disabled.  This fixes a compile error that was reported.

   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git coredump-vma-snapshot-fix-for-v5.18
   HEAD: f833116ad2c3eabf9c739946170e07825cca67ed coredump: Don't compile flat_core_dump when coredumps are disabled

Can you include this as well.

Thank you,
Eric

This is the entire patch.

From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Wed, 9 Mar 2022 10:37:07 -0600
Subject: [PATCH] coredump: Don't compile flat_core_dump when coredumps are disabled

Recently the kernel test robot reported:
> In file included from include/linux/kernel.h:29,
>                     from fs/binfmt_flat.c:21:
>    fs/binfmt_flat.c: In function 'flat_core_dump':
> >> fs/binfmt_flat.c:121:50: error: invalid use of undefined type 'struct coredump_params'
>      121 |                 current->comm, current->pid, cprm->siginfo->si_signo);
>          |                                                  ^~
>    include/linux/printk.h:418:33: note: in definition of macro 'printk_index_wrap'
>      418 |                 _p_func(_fmt, ##__VA_ARGS__);                           \
>          |                                 ^~~~~~~~~~~
>    include/linux/printk.h:499:9: note: in expansion of macro 'printk'
>      499 |         printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
>          |         ^~~~~~
>    fs/binfmt_flat.c:120:9: note: in expansion of macro 'pr_warn'
>      120 |         pr_warn("Process %s:%d received signr %d and should have core dumped\n",
>          |         ^~~~~~~
>    At top level:
>    fs/binfmt_flat.c:118:12: warning: 'flat_core_dump' defined but not used [-Wunused-function]
>      118 | static int flat_core_dump(struct coredump_params *cprm)
>          |            ^~~~~~~~~~~~~~

The little dinky do nothing function flat_core_dump has always been
compiled unconditionally.  With my change to move coredump_params into
coredump.h coredump_params reasonably becomes unavailable when
coredump support is not compiled in.  Fix this old issue by simply not
compiling flat_core_dump when coredump support is not supported.

Fixes: a99a3e2efaf1 ("coredump: Move definition of struct coredump_params into coredump.h")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 fs/binfmt_flat.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
index 208cdce16de1..626898150011 100644
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -98,7 +98,9 @@ static int load_flat_shared_library(int id, struct lib_info *p);
 #endif
 
 static int load_flat_binary(struct linux_binprm *);
+#ifdef CONFIG_COREDUMP
 static int flat_core_dump(struct coredump_params *cprm);
+#endif
 
 static struct linux_binfmt flat_format = {
 	.module		= THIS_MODULE,
@@ -115,12 +117,14 @@ static struct linux_binfmt flat_format = {
  * Currently only a stub-function.
  */
 
+#ifdef CONFIG_COREDUMP
 static int flat_core_dump(struct coredump_params *cprm)
 {
 	pr_warn("Process %s:%d received signr %d and should have core dumped\n",
 		current->comm, current->pid, cprm->siginfo->si_signo);
 	return 1;
 }
+#endif
 
 /****************************************************************************/
 /*
Kees Cook March 9, 2022, 9:45 p.m. UTC | #7 
On Wed, Mar 09, 2022 at 02:27:07PM -0600, Eric W. Biederman wrote:
> It turns out I missed a crazy corner case of binfmt_flat, when coredumps
> are disabled.  This fixes a compile error that was reported.
> 
>    git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git coredump-vma-snapshot-fix-for-v5.18
>    HEAD: f833116ad2c3eabf9c739946170e07825cca67ed coredump: Don't compile flat_core_dump when coredumps are disabled
> 
> Can you include this as well.

Thanks! Pulled and pushed out.