From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B631AD73602 for ; Sat, 30 Nov 2024 12:30:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ABDA46B0082; Sat, 30 Nov 2024 07:30:01 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A6D356B0085; Sat, 30 Nov 2024 07:30:01 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 95B936B0088; Sat, 30 Nov 2024 07:30:01 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 7790A6B0082 for ; Sat, 30 Nov 2024 07:30:01 -0500 (EST) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 2687180837 for ; Sat, 30 Nov 2024 12:30:01 +0000 (UTC) X-FDA: 82842692688.17.07729D7 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf05.hostedemail.com (Postfix) with ESMTP id 8FFB410001C for ; Sat, 30 Nov 2024 12:29:41 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uoBByyPm; spf=pass (imf05.hostedemail.com: domain of brauner@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=brauner@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732969789; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VDm6UiDw63RZtgZ+VJUA5BMAKKjXfMrAJ8MvYULMdM0=; b=XyVWiCz5xwi6+NtcnTbM3I+DlB7a39Ird7MtWFvnVZAOv5oysAS9WI7OlX/B9RXlsfy5pJ yRCmcM2IQl0WSU4uZYj60t7faXU2T04rOdX6RuQ0v+kO2t+6Z57nfFZnaRTtYApVH+QanH FT2Wl7Bp1k2pfyIcRgqnJM11xoIj4eY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732969789; a=rsa-sha256; cv=none; b=BDwtT/BVMDHK6PUzOkaiU/onwBuOlietob1Q8aiyZli0HT9LfGchl/nVJvyYajjsVhYG3H MeZjaQ1WV/LCHG7NIku+0G/qDXl0JDMasRzY7cmi2NglfW8xrECQaPzJA0lfrBBjrsdgWC wCdWLfElTHAVWr+GbEZN8TMbmdxU0DI= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uoBByyPm; spf=pass (imf05.hostedemail.com: domain of brauner@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=brauner@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 18C1EA403A8; Sat, 30 Nov 2024 12:28:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6EBAEC4CECC; Sat, 30 Nov 2024 12:29:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1732969798; bh=0B7+NJKg6PDFktmYDGKBJZxB5QZ8x8bluiluB7gfHbw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=uoBByyPmW9thOAgNMA++sY/TzO60gZgiNi8cCqo6Y5MAS9aKZwVs7+iOD5Ojmo+1N zKpmYi5jn5hDP1U52B+D8AQWxi7wF27LyIHkRE2Q6Y9o+tBq5NJgEYxiok4AY3Jak4 JRu1DjANRWU8+4bC1v/cqplcZbmS2FqXxotV3mAPU7rJPaaBiqLkHEQNoB6jrL+czB nUVAT/PzU+UkvGhC1yyCcycdrUk/C96IYKN3nHAxGD3b2Um8J6jbmgd6ylBKX5K/QS 4+9cYYIZP/bpSaoddmNZL6n1ES6fq80OIB0zONDx2dmDE7LrAcFHytYMxoz/DahKxv sOFYd13zcUSWw== Date: Sat, 30 Nov 2024 13:29:52 +0100 From: Christian Brauner To: Kees Cook Cc: Al Viro , Zbigniew =?utf-8?Q?J=C4=99drzejewski-Szmek?= , Tycho Andersen , Linus Torvalds , Aleksa Sarai , Eric Biederman , Jan Kara , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Message-ID: <20241130-ohnegleichen-unweigerlich-ce3b8af0fa45@brauner> References: <20241130045437.work.390-kees@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20241130045437.work.390-kees@kernel.org> X-Rspamd-Queue-Id: 8FFB410001C X-Rspam-User: X-Rspamd-Server: rspam07 X-Stat-Signature: wmi4yczyahg1aj51gt7hcoee1x979b58 X-HE-Tag: 1732969781-349804 X-HE-Meta: U2FsdGVkX1/qKOohUZwwLUlEFlr0V8GRdze7BxpXdg70SYSbZP1zkQg0XfGBZr+pD7RNkAzDMlQbhUUGuDzXpXHs0Y624V5pGzjU1sM7Z/l8m75lVW923Hur84fi8DInnTJAhPRvZmBxnsr+oMK4LGsy/cXC0CdD8JynwWP54dEDmaxYZd4cvONnSP1h1P4WDXNzp0hjxMRm1MVRsL6iWrhYUZHwRO25zdWxfzPiiywzHLQ60D5qfQM67e3+TRkV8bMNhIvU9lZDwjraTBFboc0BzRFKMJRB1/HhPceb7y04qBu7R2uTN4yMw4S2nUac7yfDnLFYzQI6tO2zALDJ4RDGDFhtnYT4bxwlnZqPJy704WGBLLi1m93hvpU4aqTm7HCITfphXHRi7uyWfE9E+9bu4jWaYxFzuTVIvRnk2L6CXFYyH23l5J1WPBf1eB0Qu6V2z6I0wDio+Bt7xoSame0u6J4NxCRVVPXU6zlJDaYHhJH1A7F+HIiWxM3d27KWXdq0Mlb3j0z4lKrp2sA85aZoKNboI1KBgyNx6RHYCvw612YWsYshi22ESZTRdY0k3wQelfMNMHbjq6fXxQcN3OqnT4GssWJn8W5ZeT+sVd9Da+v+pYunTKH9eSPOEOGjemRHEmkS9PlSg7Vzs1AghC/lfSHwhJu6WimbFLieIc6ADi3YIRgAi0tkVMvad65/m+A3UAIUMEaFBRJLGe9GhYnU9peQbmAcsxSWV0EghEZxaMplfusUZJAFTl5KT4Vf6WbSLlbQU6CJIS5xe/O0IeRacSN+SeE98Hbtf/4yD2ReyJOOow7FWRcfKmi9nCUYejPo3sEZaME0KQ/5+UtrND78FPVNwLDQrYN6suFyr+FzxdJZli9BtNbcd+5j7f365c5T1AbwHfA5wYdTAe6DaMlS1g4lM53U0Dn1BZzBp559H9xmI1DM+LQuPNUGTmtfhGAIzvBeL4fclhsr1oO bFM+RELZ rpW8X2Ud7NYY1sq443S7FAtBwtcnNDcztakmodiWOU++SZST1w0LdmM7gUzc7eu/izq+y4lrhyLQ9DkE9pYbUwrWFeQpmyo+P141KFDe57OP7ZL8LqenF3eW4tqb1FP994d2zpazM7DqjRF0dp5b0QWhTtuKDOz3KBF4+G9i4CRBkfimjuKgwI9QzWSWJogyXsufDKpDc6+Qr9PYx5jzqTLsshJB1cfW76ti3ca66kHX687Pf9qWQAQ/v9r9H/18Q7Ew5FGhqpVVLeY69zQjGyvdmmDdTgwTd2V4ZD3PF61s+zJl2vMAdszq6qvsB3AmN9pIl0G8HUMC28B3x8n0Ik9960CPj7DSbQ2eKEicZGAbFOqW5KmDhXopUgbbgrmfLWBC3APRjXae/CnlSH2X9wkhc5BgdOMLqyU97Dea+Y8whBhw/i7jq14GpkRNCsKjyT6eftxNPybcLChqu3oA3Kwyjsj+d9GDZ3zeBh2BI9R29H7+OPVtTXfUqP0GiET3anxoU7cqTMLCqj2DWkuCODYqb46UHNY8EGVd12NX0tCw5B6Kz5/+CFrAn5O02eHi1Og4+sYUzoApwX8vz2qKAssuEEe1pk0GBB4ieAHqk/3Xo8a+FY7boePt3v6Cm5JQWMJWj1pA99fdXrYvtKwNDfS686/0XpEeQxN5dbpuPnBKwjwTSlwUOjBTSOqjpUvyhh8wyJx/dDcuP/HwvrZbcZyhmz3MjM/OHfV04hV4lGJaNM1I= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Nov 29, 2024 at 08:54:38PM -0800, Kees Cook wrote: > Zbigniew mentioned at Linux Plumber's that systemd is interested in > switching to execveat() for service execution, but can't, because the > contents of /proc/pid/comm are the file descriptor which was used, > instead of the path to the binary. This makes the output of tools like > top and ps useless, especially in a world where most fds are opened > CLOEXEC so the number is truly meaningless. > > When the filename passed in is empty (e.g. with AT_EMPTY_PATH), use the > dentry's filename for "comm" instead of using the useless numeral from > the synthetic fdpath construction. This way the actual exec machinery > is unchanged, but cosmetically the comm looks reasonable to admins > investigating things. > > Instead of adding TASK_COMM_LEN more bytes to bprm, use one of the unused > flag bits to indicate that we need to set "comm" from the dentry. > > Suggested-by: Zbigniew Jędrzejewski-Szmek > Suggested-by: Tycho Andersen > Suggested-by: Al Viro > Suggested-by: Linus Torvalds > CC: Aleksa Sarai > Link: https://github.com/uapi-group/kernel-features#set-comm-field-before-exec > Signed-off-by: Kees Cook > --- > Cc: Al Viro > Cc: Linus Torvalds > Cc: Eric Biederman > Cc: Alexander Viro > Cc: Christian Brauner > Cc: Jan Kara > Cc: linux-mm@kvack.org > Cc: linux-fsdevel@vger.kernel.org > > Here's what I've put together from the various suggestions. I didn't > want to needlessly grow bprm, so I just added a flag instead. Otherwise, > this is very similar to what Linus and Al suggested. > --- > fs/exec.c | 22 +++++++++++++++++++--- > include/linux/binfmts.h | 4 +++- > 2 files changed, 22 insertions(+), 4 deletions(-) > > diff --git a/fs/exec.c b/fs/exec.c > index 5f16500ac325..d897d60ca5c2 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -1347,7 +1347,21 @@ int begin_new_exec(struct linux_binprm * bprm) > set_dumpable(current->mm, SUID_DUMP_USER); > > perf_event_exec(); > - __set_task_comm(me, kbasename(bprm->filename), true); > + > + /* > + * If the original filename was empty, alloc_bprm() made up a path > + * that will probably not be useful to admins running ps or similar. > + * Let's fix it up to be something reasonable. > + */ > + if (bprm->comm_from_dentry) { > + rcu_read_lock(); > + /* The dentry name won't change while we hold the rcu read lock. */ > + __set_task_comm(me, smp_load_acquire(&bprm->file->f_path.dentry->d_name.name), What does the smp_load_acquire() pair with?