From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A42FC30658 for ; Tue, 2 Jul 2024 23:08:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B9E1C6B007B; Tue, 2 Jul 2024 19:08:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B4DE76B0082; Tue, 2 Jul 2024 19:08:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A3CBD6B0083; Tue, 2 Jul 2024 19:08:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 881886B007B for ; Tue, 2 Jul 2024 19:08:36 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 312F4160644 for ; Tue, 2 Jul 2024 23:08:36 +0000 (UTC) X-FDA: 82296353832.23.CBEC8BD Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by imf30.hostedemail.com (Postfix) with ESMTP id 4C9C280013 for ; Tue, 2 Jul 2024 23:08:34 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=dW4FaINv; spf=pass (imf30.hostedemail.com: domain of andrii.nakryiko@gmail.com designates 209.85.210.177 as permitted sender) smtp.mailfrom=andrii.nakryiko@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719961703; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EQsZHPSLuHnOui19pQmJ+cHXC6DD1ZYxjH0AnaaR3Ik=; b=TqrP727ALNPAxroE5FEHWcfEKNiLaICiUFST1rC5HaNeiXgp+AOHCuzCHPZgqhcSi/G1US 2gPtjaSYVVUKD6F8MF3CFCxmd7hDmepQomXgtYxMqu/zDW6pLz1gF1gGfiViRXu5cA5EH7 aWK9UahMoDNQv6h24ZOcltJnJk37MY0= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=dW4FaINv; spf=pass (imf30.hostedemail.com: domain of andrii.nakryiko@gmail.com designates 209.85.210.177 as permitted sender) smtp.mailfrom=andrii.nakryiko@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719961703; a=rsa-sha256; cv=none; b=g7hOY0Li+KcSnBmr1AyJq5yN3ONaPsccBkAEIAxF5c9gTdwGWXknsmA6YvFnsmRTI2l81p H/bCBoIiWPnbKW7ZmYs/aOH4PF6Ur92x79/tEx2BUpwA+yBeHRTLlOX/5rclPcwhjDS3Mm XNRsNaYEvKMOJPvEO0pmK+TUMnq1fJA= Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-706a1711ee5so2904699b3a.0 for ; Tue, 02 Jul 2024 16:08:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719961713; x=1720566513; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=EQsZHPSLuHnOui19pQmJ+cHXC6DD1ZYxjH0AnaaR3Ik=; b=dW4FaINvm0OoP9s1/e5kfbYa0jpIUwFKLjr5ybh9CbZmUVFAHmGnAd4J3MRkBdNN2O Pux4v2S1DTNNQkF+Dy7mLFo3nifalazas2uiJ7BMgTu5ZQZXDy7XB6EoA3EoMyAlWgqT 2Ax0tC22Fg4Tf+uj4hioUscISuqbhc/J9+aEBXi8yvNW3wMswZtEo9mf27k3NK2uP0Te 8hGIUcsp2VDtCN6IVRf7Fl1fHJaJLMUtNoEgu9diL0uYtoS7y+c/DglimE8x7PpPaf4i FIbarwv2vf8hcp+2HYiiG7wYpG+7jBsakOWzy4paDHPR6X+PPDYO+GJoH2fyYIuplMVU Um9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719961713; x=1720566513; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EQsZHPSLuHnOui19pQmJ+cHXC6DD1ZYxjH0AnaaR3Ik=; b=kBwbDf2LB/t754ubdMvQFEyarUIhgr6F86zhytai3LbNhg3tG7/MEydxMHdIcW7skU byX0ilLwLoYlYw3+BKnowTCKEitEWIQBIPjmKyI+FGYX5JsZNi6fSfEe60p2Xs4qIYcS oVo1DiRXPnObw30huw8qOIXQo7ZH2KHuJctBY8Gru3bQWxY0HpWmEhPD7dMlZZEPomLZ Oqz/QE1j/qrX277brFVkLQJJWPYSdK4Ek99YGDFPbmXHJCVNybtmRXd0zzetoZshLdIm DfcTfbc6xJYiPRv/Q7M5beCsAr0H4CR1PQUjp6dGsicEZXdMcFnKfuz5DPZ0/LaC7Fvs XChw== X-Forwarded-Encrypted: i=1; AJvYcCWGWKYB5NKJv6Af6AMkWQX0Y3ttcVReRkNTC3y0DBo+EB3OXrLx9iEGUhlnfIthL9Tm2BpbaJmel1sj1RxcpFK68KY= X-Gm-Message-State: AOJu0Yw7jjjMeH8nXjfu+SmEKmoGB0D8GywMc+MmfK1Vp8B+yL4WIAKH CMP0UJO/QNbwwYkNNTQf7aFeATrfeLrvj8UWs4IapUF/7RHGioX/SjRdj9xjJ1/1ne2pYcc1znK gx1/xk6cVmcEM1qpCH229oGq9yrI= X-Google-Smtp-Source: AGHT+IF62KepZG9zhiSnwIcBUc8jO8tEH7cP6XYJ/8YYop6rGd5cjdUizZ76OvaAyZWOZUNGhUxiQ8LI8At1xFO9kOQ= X-Received: by 2002:a05:6a00:22cf:b0:706:6331:f56c with SMTP id d2e1a72fcca58-70aaaf32f31mr9978215b3a.32.1719961713057; Tue, 02 Jul 2024 16:08:33 -0700 (PDT) MIME-Version: 1.0 References: <20240627170900.1672542-1-andrii@kernel.org> <20240627170900.1672542-4-andrii@kernel.org> <878qyqyorq.fsf@linux.intel.com> In-Reply-To: From: Andrii Nakryiko Date: Tue, 2 Jul 2024 16:08:21 -0700 Message-ID: Subject: Re: [PATCH v6 3/6] fs/procfs: add build ID fetching to PROCMAP_QUERY API To: Andi Kleen Cc: Andrii Nakryiko , linux-fsdevel@vger.kernel.org, brauner@kernel.org, viro@zeniv.linux.org.uk, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, gregkh@linuxfoundation.org, linux-mm@kvack.org, liam.howlett@oracle.com, surenb@google.com, rppt@kernel.org, adobriyan@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 4C9C280013 X-Stat-Signature: 39rr3zngwndmghheb7sxffjm1ot4ozew X-HE-Tag: 1719961714-306098 X-HE-Meta: U2FsdGVkX1/xiTXaE65c6PotYiA8dvi5tn7j9b/4ylp77NgCNeBR6DB+/efJ1J9583xQHSva8tCe0OHrZE1uIR18sJp/Iy9kUTqHHLRVJmJp/+icGBL9gZ/9g9jl83M2sGmUCIlXVLOoLT1t0kIKCqxWBbM3767PEd5qB/wXZ8O+W0kSBNSri8c2g9TZGlMsQm7K1fUZsJaHVshi0DP3SOntF+yBN4M+MJtngC1gDE3qupTfwG4xpfOtdGYFOAYqcRncKjE6AAsG2/P5Ml6YfnaTrfiu2frfjYUFIb/atagdYJV8dIwVgLhyO4A2IrXpmFKwUsUx4na06YDuN971c6Vl2fardlfNfDMe54EfFyGiNSYEmoeWcjs0mmNvhLhMtFwRM6Zs3VRxG2gzCUWWEdSGpGNUvp8jKOshIiv42brkkr9JkiC68vUesENzUs3cF/Fe8qsqQ+xSw8eR8h1qwt8Ax3ag+i2rJrY3DjesHQr+TtZzNlTSE+F15EU0egU2Xjs+Zrd7oSJVjy5EmK1pLN+jKya6pK8wgmyvlxdOkK2GBuIMfwqFvkCiXffRFLuQ2B1q1XQ4+SsVo8sHVBCzo53ZtgPkw8eCibjFN7vYp6dwqIJXRlppaTgh2bWOgsoaFMtpIN8WVX3/Ce+55ZfqrkT5eTUdnC2yIayv7jJXi/qeAiGPvmB5+uvN5Gomy0V7ybfJdQ5PA2rBHL+kp+dU/5XLPmq/k8cKTH2P8OyQkXo1w9wuGmMhm1AX0lSdspyU4Z7ZBUwsqZA4I48+7Jn3W/3itBtTt9GG2nyDmZEisBkoDIkArPfKZWUW8urvW+rWl+cX8+qMNLCBp3geiW2maSuoMRUmWE9VJNv2EeQPY7golDKkA5Wmw/D+BtLh2q36cdftPrVShDNSF/22bdHal4lELurqDPxQUOVxhCjpbSCX8/bmZzZLxO2232H/K2mmaKJox86MKwjpCA+UbVU D/JNN6hv eZnTl48t/Vv++HvNKQ5XoIh3EnCYvqF0aNNK2ei4k8r4dH6PqdjEazTTuPdTWzAsNWSDTpvaQZZZQgcLcWGI3AXXYLgkxYDwxFjbKw6Qsf4FEHOqy5L4wfNwNeQmPXiIVkvEj2JisG++lPTB0D9UQZ97z2KTQMtWVtpM2MccQ4mnV3Zm1YPBzmyFse5jlQ09oWv7kReorl+EgOsG3wjDuVZcP5tdzbzR7kAQxgwbrseMFrS+kbqoibUtDwC7Ytr39xMqYS+stdqrBBl9vtU8gkLGyoNq1jUqlYhG6joew5N3cTmzLV019iif0eUfD3C1Au3CL96HcHaLotqlvlALvx8PUK5Uyl3pPxJOidX1j97f0ZMoWgVhqCCCvrSUCx4C7oX3jfX5Bq2Mxq+1Wo9YhxZBrZA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jul 2, 2024 at 7:50=E2=80=AFAM Andi Kleen wrot= e: > > > 1) non-executable file-backed VMA still has build ID associated with > > it. Note, build ID is extracted from the backing file's content, not > > from VMA itself. The part of ELF file that contains build ID isn't > > necessarily mmap()'ed at all > > That's true, but there should be at least one executable mapping > for any useful ELF file. > > Basically such a check guarantee that you cannot tell anything > about a non x mapping not related to ELF. > Ok, I can add this check. If you know off the top of your head how to do that for struct address_space, I'd appreciate the pointer. Quick glance didn't show anything useful in linux/fs.h, but I'll dig deeper a bit later. > > > > 2) What sort of exploitation are we talking about here? it's not > > enough for backing file to have correct 4 starting bytes (0x7f"ELF"), > > we still have to find correct PT_NOTE segment, and .note.gnu.build-id > > section within it, that has correct type (3) and key name "GNU". > > There's a timing side channel, you can tell where the checks > stop. I don't think it's a big problem, but it's still better to avoid > such leaks in the first place as much as possible. > > > > > I'm trying to understand what we are protecting against here. > > Especially that opening /proc//maps already requires > > PTRACE_MODE_READ permissions anyways (or pid should be self). > > While that's true for the standard security permission model there might > be non standard ones where the relationship is more complicated. > Presumably non-standard ones will have more and custom security checks (LSM, seccomp, etc) involved. Basically, I acknowledge your point, but I'm not sure it changes anything about adding this API. > -Andi