From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B5FDC3DA4A for ; Mon, 5 Aug 2024 17:25:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 73DEB6B00AC; Mon, 5 Aug 2024 13:25:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6ED466B00AE; Mon, 5 Aug 2024 13:25:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5B4BB6B00AF; Mon, 5 Aug 2024 13:25:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 3AC476B00AC for ; Mon, 5 Aug 2024 13:25:25 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 588D3A5111 for ; Mon, 5 Aug 2024 17:25:24 +0000 (UTC) X-FDA: 82418868168.04.5597371 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf26.hostedemail.com (Postfix) with ESMTP id D54F214001E for ; Mon, 5 Aug 2024 17:25:20 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=VSk2kxaU; spf=pass (imf26.hostedemail.com: domain of kees@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722878673; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DrOn9bWew8qpH4b5jD0Vt/yhCMSIFWfTvEAYLrGB+7E=; b=C0zKQxlXk0hfWFpK/dErU3u3cCWUUpj453+Grzavi5p5Cgz09i4YFaWG0gClG/AdkJNN7G ytHa4bcUHxPKc45BU9pygzuLDWgChPtX7UpcxrcQfQhzniNHwxqtmrgAbbE58sBGLyZHUW LlO8BPeEdzyj/HX5VoL6/nhxYP5odsw= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=VSk2kxaU; spf=pass (imf26.hostedemail.com: domain of kees@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722878673; a=rsa-sha256; cv=none; b=uub8NMFqmJqXz8HR4DAz+0Ufo99AowjnhIEsJGqmqxjwkpDsfad8wJXarNeKqMbAPfUT0O Ou72NdKr+ggG3xJJVeRipDThEiptCg7VT9r/iYpOHVKGNCVEhJOfhKIyD06whT5grIRo3+ TX0kSEEWpTWyBNK9N1wEhWJY+CA8MZk= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 22C88CE0B37; Mon, 5 Aug 2024 17:25:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4D40AC32782; Mon, 5 Aug 2024 17:25:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1722878715; bh=6jiMp/tganddUy2GEXyAWzO93sNAySBn8h/eSzyTAFk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=VSk2kxaUdjpWZLwzL8CHxlLo8WAqHccxGNixNX4AclDxjXMM577Dmai0PDa+XhXu1 HNvyvMpwZ83/ueUzR0Bj799BisF3MjXcDwREBb/kakHGMdGfGj5e7dujt2Dp8bRoKT 0jvy0niCerAtzu9NPApz/cXFGyQYR0Ot91Y7+VopNjoeF5mLWxTuddhSCMtRGTfAmK Elu1hNDdq1pXoSzfl+wfuDrIJPLuikDGRRXf3cmtCTYg0Gs+1NhKpK9CobLu7nfX1E WD2JOXf4CGwfHXz7/XdUnQKFdvo9HCQajMfFzrT12fb8c+gp2NLd72Iw2eDnXODDDS 9CVHS1bS3TMVg== Date: Mon, 5 Aug 2024 10:25:14 -0700 From: Kees Cook To: Brian Mak Cc: "Eric W. Biederman" , Alexander Viro , Christian Brauner , Jan Kara , "linux-fsdevel@vger.kernel.org" , "linux-mm@kvack.org" , "linux-kernel@vger.kernel.org" Subject: Re: [RFC PATCH] binfmt_elf: Dump smaller VMAs first in ELF cores Message-ID: <202408051018.F7BA4C0A6@keescook> References: <877cd1ymy0.fsf@email.froward.int.ebiederm.org> <4B7D9FBE-2657-45DB-9702-F3E056CE6CFD@juniper.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4B7D9FBE-2657-45DB-9702-F3E056CE6CFD@juniper.net> X-Stat-Signature: zm77jtk7mstndqb9m1sngdcrctjfnw71 X-Rspam-User: X-Rspamd-Queue-Id: D54F214001E X-Rspamd-Server: rspam02 X-HE-Tag: 1722878720-803545 X-HE-Meta: U2FsdGVkX19yWWVHy9G/8n/ZT6GrsIfeAeGXbw8MgUwAH+f+FhZfnqz2TWh3+v/F0eGJxXHbRI+4RxqiYwleTxRBfQhHicy9QefroS6bzbaXOb6Auc1C3HkN0ryec+SLGQWwRiYeg8nQSuOkiJPpUgeJDV6utVCcoEZRfbV+BAYnfzDiiSj1zKEN+X8F3DDO1MpzRVtq8yhUJnMpi/C59AHayCt3UwSc3LJ9r95Pj+kWGv0E0RpfCDEF4IGLPKnJxih8AlDWsHLZms9+Cvdcd3A5VQpDym+Tqp0WMj+KxyNJqWqBS2CJOoQPKIVN0ehK3yLVbJsen14KYIq0BvNTqmCO859qJy8qeD1EC1t8fiqI6MlTZQwBNMPkuJAWYAysi1N2QdUyLU27g2zU2YOx87+dKREXI6E8oI9GXXxqvo1ohnoI+elz1RjZAp8q01+sDOsyOqeL5zcJsGxiKSatmYiicmsJsE8UOb1fpLAoxjuO9RvOnn+CnET943V3GjVs7THsQRdwWRbgF1mdBXsOe+iP2hqzPWtiJ6WWFXh5HFzY8aM2g1JMCll0teKfLZ/ZWfinq1c7qfLxpc9dsjlcgvZOs4yIA+8I6SAfF0FYmvbu88PclMOISE3Bs4MHL7cm39bGjFARKyHJ9YEAX+KN2CPCvqQwZV3/1cVP6C46CjbR1CWHy/9DO0gHSr11y5xQDgs9fP7l3AVfSwtVEv6ZNYUCVLfin4ETIAZH3yvQi0B/iuVVPZN1lgzjh1FKbXVCxF8Vaph6nNqvpftE5rUm0/7Ao9TvmmnurYkfzmSxske0NePbH14e7DgnJ21GzFMlFr/rvro7Fpvr6uWebkmLzxgZPuLi6TTyQAg9+l+DQpnzib909An1T3raKi4Po2Oi6xNQGenU0h0EvL6jnU6+8QVVTh+7DGQ2uDgChR8nr2LxiYMtakeSLyPU7c0jSlNA2klRtYpVSkGZvrtdBck aFdT7Xd1 0ouSzMmpJByVBtrWODItCud4bENHk4jvQsoib0jvnzeQ2WVOmdYmRl0QMEAvt/wrM9pF13dKMOeBzAwyYv70RuGSImxtaFqvYjg0nVnUa9odFpFbgFMRqKxUL57djXucZ9SPOGftp+HSt7i1NglQHG4vSf9zfsJBLOV1ulJUHHylbbWa3O2pHIjeRWnDXYuexhbbjQDNJ0SGdAljcDxjZF3yT3EJcwDYpjgjcUZxiQU4hCh7Tm3jwJeoa3zoFTsAJg3hqZwUHAG6d0UeZiGOReYc7Gnfxak8C4yxt5e0/XiFewOS4TUWP8CkxzFceoUzIReXifCqrHSbIUiA7p1+mlkPW1CL5y0fkB1/ncx0lQKt03QU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Aug 01, 2024 at 05:58:06PM +0000, Brian Mak wrote: > On Jul 31, 2024, at 7:52 PM, Eric W. Biederman wrote: > > One practical concern with this approach is that I think the ELF > > specification says that program headers should be written in memory > > order. So a comment on your testing to see if gdb or rr or any of > > the other debuggers that read core dumps cares would be appreciated. > > I've already tested readelf and gdb on core dumps (truncated and whole) > with this patch and it is able to read/use these core dumps in these > scenarios with a proper backtrace. Can you compare the "rr" selftest before/after the patch? They have been the most sensitive to changes to ELF, ptrace, seccomp, etc, so I've tried to double-check "user visible" changes with their tree. :) > > Since your concern is about stacks, and the kernel has information about > > stacks it might be worth using that information explicitly when sorting > > vmas, instead of just assuming stacks will be small. > > This was originally the approach that we explored, but ultimately moved > away from. We need more than just stacks to form a proper backtrace. I > didn't narrow down exactly what it was that we needed because the sorting > solution seemed to be cleaner than trying to narrow down each of these > pieces that we'd need. At the very least, we need information about shared > libraries (.dynamic, etc.) and stacks, but my testing showed that we need a > third piece sitting in an anonymous R/W VMA, which is the point that I > stopped exploring this path. I was having a difficult time narrowing down > what this last piece was. And those VMAs weren't thread stacks? > Please let me know your thoughts! I echo all of Eric's comments, especially the "let's make this the default if we can". My only bit of discomfort is with making this change is that it falls into the "it happens to work" case, and we don't really understand _why_ it works for you. :) It does also feel like part of the overall problem is that systemd doesn't have a way to know the process is crashing, and then creates the truncation problem. (i.e. we're trying to use the kernel to work around a visibility issue in userspace.) All this said, if it doesn't create problems for gdb and rr, I would be fine to give a shot. -Kees -- Kees Cook