From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5817EC3064D for ; Fri, 28 Jun 2024 23:04:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DA67D6B0095; Fri, 28 Jun 2024 19:04:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D55BD6B0098; Fri, 28 Jun 2024 19:04:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BF64F6B0099; Fri, 28 Jun 2024 19:04:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 9DC916B0095 for ; Fri, 28 Jun 2024 19:04:02 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 53A5040623 for ; Fri, 28 Jun 2024 23:04:02 +0000 (UTC) X-FDA: 82281827124.28.FC12CEB Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by imf01.hostedemail.com (Postfix) with ESMTP id 7BA8F40026 for ; Fri, 28 Jun 2024 23:04:00 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=foi4yf8d; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf01.hostedemail.com: domain of andrii.nakryiko@gmail.com designates 209.85.216.43 as permitted sender) smtp.mailfrom=andrii.nakryiko@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719615825; a=rsa-sha256; cv=none; b=A79/ZCdVkMqLXuYKwRSXxFavFcuKqYq+J9m8qUc0YFU9sCwKZ54Sz29hzLnQnfFB05pj60 SEZlsKoasR8Os3D3N9BhX1/kCHRdP4LldgMCCo4eTSq9ESjVrQC4ooBGS6mpouLKG1bLhS oxi33u1KhSDKN74lBDU0PANnwxHokF4= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=foi4yf8d; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf01.hostedemail.com: domain of andrii.nakryiko@gmail.com designates 209.85.216.43 as permitted sender) smtp.mailfrom=andrii.nakryiko@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719615825; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wZfauyp79Jdmtph/xEdmahuQwGRjmdF6s7bdzha4HeE=; b=mtsBurClZgvEW3wM61Yxoj6zKyMZ9lPAMNBVhlzKTLYpCjQHAszy5o2vNdYyQN29A9E0sT PrhyIp0Zevhi76QpBCnAei+8PGGzMg44+CbljVy0r1hDY7X6Ooi2iiyqMo337oRcbqU5q4 1SeRCqYAgiv9eVUm8xeYPmpN1mUt5AE= Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-2c8dc2bcb78so825270a91.1 for ; Fri, 28 Jun 2024 16:04:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719615839; x=1720220639; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=wZfauyp79Jdmtph/xEdmahuQwGRjmdF6s7bdzha4HeE=; b=foi4yf8dLStc7BCs0XCvEALFtPCyrsYIoGcsLrfOe/XBzg1DAECU2lCdaJ1PQCyOKi Kke22PoPSLfURy+3pdszkhDUj/TMEf6UwetxuKti4tzUYc2+weXsnZCUVcfenJJKoY8y N45Daozh5tUCyuzjyXLbDOLSu8omIhS14LPof22ck/f5DqvUHukiFAM5DJ/HkCofzSRO Qu0rCgFfSNGLpO710orgx3iKtxqTFvV7qxViYdh/UAQ/S8e3F2EPgm0+wlGbbscP88q8 V9cCsdouqzVCpC+35l6k+bN0F20Fu/7esfxlVKeMI0PTYluu0/P8VFHvwniv/cnCIJt2 K+pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719615839; x=1720220639; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wZfauyp79Jdmtph/xEdmahuQwGRjmdF6s7bdzha4HeE=; b=hyGO/FRjtMEA96jmjFUqnKHufcxfdEF8/h4cM05bM1SdpOzCM7eVjQY04RDY8Hy3Fu iwZUoIEgX6jmiZfh53umj5Im5/XQefIdQksdiFUPHnfG4apmvCSHDuDxPGO2+pGG7onE ZY2QUFHLT1nmrljVjY9PFyWzRuBgDzQ93ncMMVDeeoKbX/uta3eSY7tbqFTJgfcxueMR XU0HKnaFAiZsPOswtUyX81PsWxQ67BnGCbcEEVFzciC+SPM86ajrYd+wpKZouNzFJ3pj Vp0v8XBGbdq3VZyicC7HO7N+kgQxVQqNgbmHeNhdYuAYZ+cFgzNkpnOx1bsljr/UNP0l e4AA== X-Forwarded-Encrypted: i=1; AJvYcCVxxynrRi1Vwm7cfjyzB1U4JKJzlfAf0wY16+CYPFLvaMUbkmBcr6FkzBSpYyzDZECeKLp+p3lOCM20AvZM5Usj5iU= X-Gm-Message-State: AOJu0YzqXNatOCVksHj3bxZoMZPUqdZ/CbM/5yP7TT/I0o80YT1aOgKa lkkIFN7BM+ZymNE1tuaBYyBBab9gq1HEcFZ7ll5gJBc3+0LhaFk7NaC4s1etIusHhu07ICAunB5 AoKpswhCjE6Hb5bsgYVPtqzKJdAk= X-Google-Smtp-Source: AGHT+IGQJATCcwut6IdbTB0yrcfOAh393EyBxn430jIUYzX/w6k1wH1j5dkfojeHwptNnJVG2CWfMoITxzCs1HlsK64= X-Received: by 2002:a17:90a:7447:b0:2c7:aba6:d32f with SMTP id 98e67ed59e1d1-2c861267638mr16266664a91.22.1719615839179; Fri, 28 Jun 2024 16:03:59 -0700 (PDT) MIME-Version: 1.0 References: <20240627170900.1672542-1-andrii@kernel.org> <20240627170900.1672542-4-andrii@kernel.org> <878qyqyorq.fsf@linux.intel.com> In-Reply-To: From: Andrii Nakryiko Date: Fri, 28 Jun 2024 16:03:47 -0700 Message-ID: Subject: Re: [PATCH v6 3/6] fs/procfs: add build ID fetching to PROCMAP_QUERY API To: Andi Kleen Cc: Andrii Nakryiko , linux-fsdevel@vger.kernel.org, brauner@kernel.org, viro@zeniv.linux.org.uk, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, gregkh@linuxfoundation.org, linux-mm@kvack.org, liam.howlett@oracle.com, surenb@google.com, rppt@kernel.org, adobriyan@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 7BA8F40026 X-Stat-Signature: duii9ta9nteebyn4ndwowkjy61e9jijp X-Rspam-User: X-HE-Tag: 1719615840-311181 X-HE-Meta: U2FsdGVkX18uKaK403ak3P4ZnTSUsxuBpZKY42jzsHLhVcpLMLgoTY2uRk7D+vq7HfFf/5nDaB6VP/GTswbkB+CKSrS5Xh2em74OKZZuyAzaQ1EVZgV3Wv0ZS/sk8HOBPHkOg19YvdPjMBqAutE4dPyHJelrYtY0xNplOjCL9hwhVx+8MHwaxW4ma3X2EjG6rjkXjXQTkhp9hbwXyByBfh2mgnRwgpU7pST48zlws9YgdUt5rONQFWFjqZKh7rG/cFBQYlNzAcqqR4nOA139gFJaZ0KwephUxf4UbJAl004anmTVjfmqz2fmNE6pJN/hxwpv3mqt9elEAaiSvTgYYKWZGl1KVMuJ+wdXkp0kJ+DBuyYByKcZgq9+p0/iVkArg1DCJz/3sZdoLqH/VqQ7FddDTtK1unh4ZwOPNfFoaPBH15bWVUgdIcpJ8xtM1RY5yztCtfRyIDHR7+pcILglu6lk0NYcRkQ249zgDV6u/SfH23HqQPo/xgXmYeLnpGQkLukt/6VW4tqTeyUROQu1WtvmwTqlbwTZ43UMa5Rv3rTdsjo1FpE7n4ZQMJX+ZleJTNok73eM2hCuIARw3G5udVdZwXWDq40sAwxFzjYhCMGnm6PReA59yhawe7gWJ7fa6fQ6InMuOqmvcn8e/Cyr5JN3S+Wi2/IbWgZuXr4IYqo6e7o4D0xhKnfe26x5+maJtYBqDN7vGg2yyT2UaqE5k6cyjqF34hz4pa4QvrTCSBN61ZnQW2pnKa2V8EhIjdA52gJKCW/mWV48bZLg49luh9yi3QUrQ8cVe91rK73JsohEgIb1p1fkeA9EDPFCvw7x80pjDKpMx1o+HrUSOLZI4dkiMjPHAY3vXbHGRjaIMhprKWg9HIZB39UfSxUMpwM8sfj/4w1aI9eRMhl7f29j50gBiSCCa9bOuvjTeWqFGLFxZfkoHM/lJmYs5JeSnUIthXRv8yQ/X/AgaZqZ6AJ 5NCMqHB6 2NSPtKSHK8iKAvn6WaDJxuXxg9Bid3+7SCD8Ugl2jMdL91sr4jvdvJRIFMwsncr+rM4RC6LGKYrIRRQtXwOL7ZCPZuqZh2wtQCCet2ZKPd1jjW/9uZhslTWTLLe81A3K+hmaS74KFtXDJIjJVmKmYJlHFwKCi2cU7Ezj9xx+MT27G7CZ99GxQw+uVVD/DDU9S8rO/2LVhqbJK45EpldTT2hSRzGXxuok9AEoIsww/YduFIAjZvNNzsB3BcaeUN0mQvf5u0CYRHf99rVwgKmksSos5SIWHhc9m8MUqsjLcjFV4+G1+4yxnXnGMyQ4NVMy6CzS/HVb9pnL/AGOSedtMTBgHJf7uuyWFyeslkvEztAXxCr50Ib4XmU66HEQX1Ea/QiUKBA/3VG3hdZg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Jun 28, 2024 at 3:33=E2=80=AFPM Andi Kleen wro= te: > > > Yep, makes sense. I'm currently reworking this whole lib/buildid.c > > implementation to remove all the restrictions on data being in the > > first page only, and making it work in a faultable context more > > reliably. I can audit the code for TOCTOU issues and incorporate your > > feedback. I'll probably post the patch set next week, will cc you as > > well. > > Please also add checks that the mapping is executable, to > close the obscure "can check the first 4 bytes of every mapped > file is ELF\0" hole. > > But it will still need the hardening because mappings from > ld.so are not EBUSY for writes. I'm a bit confused. Two things: 1) non-executable file-backed VMA still has build ID associated with it. Note, build ID is extracted from the backing file's content, not from VMA itself. The part of ELF file that contains build ID isn't necessarily mmap()'ed at all 2) What sort of exploitation are we talking about here? it's not enough for backing file to have correct 4 starting bytes (0x7f"ELF"), we still have to find correct PT_NOTE segment, and .note.gnu.build-id section within it, that has correct type (3) and key name "GNU". I'm trying to understand what we are protecting against here. Especially that opening /proc//maps already requires PTRACE_MODE_READ permissions anyways (or pid should be self). > > -Andi