From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9255C4345F for ; Tue, 30 Apr 2024 17:51:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4C1E76B00C2; Tue, 30 Apr 2024 13:51:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 46ED96B00C4; Tue, 30 Apr 2024 13:51:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 30FC56B00C7; Tue, 30 Apr 2024 13:51:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 0F2B96B00C2 for ; Tue, 30 Apr 2024 13:51:43 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 78431A1270 for ; Tue, 30 Apr 2024 17:51:42 +0000 (UTC) X-FDA: 82066940844.23.1777095 Received: from mail-vk1-f178.google.com (mail-vk1-f178.google.com [209.85.221.178]) by imf22.hostedemail.com (Postfix) with ESMTP id B4601C000D for ; Tue, 30 Apr 2024 17:51:40 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=WxsA7GWX; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf22.hostedemail.com: domain of allen.lkml@gmail.com designates 209.85.221.178 as permitted sender) smtp.mailfrom=allen.lkml@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1714499500; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6Ch0ZP/wIDNOHoIpcQYJ40DF6CUTO+9WaioKV6GLsnc=; b=YCIeeON5TV9kOR1zOT7ZZdj01DWZsSDsCnP6vRIzCoNcf9OdbcUS0i4+qrKhuG/HpaY2h1 DDBhtKsKfOhfqEiPMasVM6Si3xVZBJClIjOydTWJXAQa4J8oxEex6cCZqxlxYzBOosTyH+ 6wlw0BKrRm59j+zTlq6QoUJnLbuM+Zw= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=WxsA7GWX; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf22.hostedemail.com: domain of allen.lkml@gmail.com designates 209.85.221.178 as permitted sender) smtp.mailfrom=allen.lkml@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1714499500; a=rsa-sha256; cv=none; b=79GebQIsgYgwYpn8vLt9tM4uhPmyHV+Xlj7DRS4GRB2DWhlLI2IkjAcQ6b6Fs8uhH5YlAt n3iSZPUSU4v7YNjT2HXyK74cahxYiGbInEz3zCyj/VBEtQtZxKePILzzZ4/z6plsucMmYY LNEDkA16HBcs4RKPXw9lbBZ6n3t0NhE= Received: by mail-vk1-f178.google.com with SMTP id 71dfb90a1353d-4daa5d0afb5so1864205e0c.0 for ; Tue, 30 Apr 2024 10:51:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714499500; x=1715104300; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6Ch0ZP/wIDNOHoIpcQYJ40DF6CUTO+9WaioKV6GLsnc=; b=WxsA7GWXrfTlKAynDj2RReZ5uiP4aBJBPUjkh3u9phFCeXRJoNiZqAIVSFSD1aSrDD 2dKO30aEg9fKIawv31BzfWQiMZ/tq75SWTDXL/DnqKgQ+QlpqgkrX71IZ130dSJuI9iZ AiMZjCxHBiSVJNGorBbbsWJBLhRnyp+VgJ2sZA1P/LJBZosjAUymheriRoSI7Ld91diE FlNRRz9tkM9SyFltw/RvVWITxZaIIPYXISW9jc5wtPyx6hTQNd/geI/VOKdaxqqciKM6 LyoGy/zq0uzM79J8O72Ld7X92FA/vjqa4I3FR8rBhPk3qWUVjN79F/gH/U58n3R2jR4R h/MQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714499500; x=1715104300; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6Ch0ZP/wIDNOHoIpcQYJ40DF6CUTO+9WaioKV6GLsnc=; b=uW0qpP3sVWjnugQAgYoXZj0XN/afokGbSku4JxofZhPYRyQ33RAos+2PJ1dIpOzTC0 vwqd0RNpfvuac5bogNGKhBm7YpZlsWc6cxKxUy4Vigo9q8aeTfwHlnUrrFlj7pa7Zp94 uQKBmzpfR6XQ5tZ9h3Kv41k7A6BVSR3gVuTPjMts8EyJjeDdBH/+dukWXH+uQMtcZMJQ HICZ+naS0LVdjYmHdcI3SKP9HTYkbDXQbfnRJDanc2kdb3h5/h0zZu7i26fEfOIxPSiX 2exzZHHi/O7N5AuBZq38xUJZp1S46rOYpAhFSVgeQ0TzQBNpC2OvQVtSvdoWF0gTGkRa Qwbw== X-Forwarded-Encrypted: i=1; AJvYcCXJSm44aMrzVNG6227m5esgAeRM/bKp2zL4swAi58wAL/uQJrHfqnaEP8VsjuL8lGEOnUWV9iBZ523hoU9t6o/It0g= X-Gm-Message-State: AOJu0YxH/G7zpxJUPkWYbaIZ2QeIh9N9gSJw2gYbbuKaF0fVpZ9QPs0h 2kxuQovLWxsQiSG1LWbhhoPndOs+vP2u1/2ay3bd/XR/sUqKW4TP1b17xierkQ5PnNo/avAQbd4 w50eA/1TpT/n2FtdijH1TBM5W3iQ= X-Google-Smtp-Source: AGHT+IHOesElrBTZQXJmEhUcL0IW1CSd29YNggLaSqT6Vs3B7YbGCEpI7540mPCQPnkz5U0H+GaFYB2b1bFh67nKPnY= X-Received: by 2002:a05:6122:2a09:b0:4d3:3446:6bcb with SMTP id fw9-20020a0561222a0900b004d334466bcbmr446028vkb.16.1714499499889; Tue, 30 Apr 2024 10:51:39 -0700 (PDT) MIME-Version: 1.0 References: <20240429172128.4246-1-apais@linux.microsoft.com> In-Reply-To: From: Allen Date: Tue, 30 Apr 2024 10:51:29 -0700 Message-ID: Subject: Re: [RFC PATCH] fs/coredump: Enable dynamic configuration of max file note size To: Luis Chamberlain Cc: Allen Pais , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz, ebiederm@xmission.com, keescook@chromium.org, j.granados@samsung.com Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: B4601C000D X-Stat-Signature: muo9dtgzgewt4tsiiw5eqn4fk18samxq X-HE-Tag: 1714499500-731532 X-HE-Meta: U2FsdGVkX1/fkJllstJZsjIJuzMSbiF6ICFomLSAutHZjOcxmXqWDUUXOer8HhLEhkB9ncnwGZnZVE6jeR+RFcUIEdCW6hdGRFdjrxhqkRgFG9urNTwuKut9oGxw6v2s0KX3iEjy3NZM6YDViOzfIm0aATjurnCc4fN+KHJCWheCqKVopw12MJekuqZ+vFOn24zVrd3ah7E2TaldqxPvW8HeR5so4CoLQICzJzTygx5Fqf44SlgrnxtpflF1CRpjSz5jd1vrbP+ZXfsRvOmbusQFUCBuxo3pHw3kp11Mo5FHoJiufMVXLQDC1/2ellSyu6quPd4R8EQomWOADMFCQnB0RtAeIqd5CoptiR1JmGLjHHzLbzRokBz8t9CEBeVbTLkgCnO3lGDIp4QVNiqzlGSUl2z4jGvn5lA2a1WvX0y9E1zaeqYrhK/8womKPtfN50EguT9OmzNGpPqRtpnRh3krM8APybLEgtzptqryJxsWEGpyRbrugCqmSWh3C/e/65MsJ0O0FoQ0sSW37MRTh0sBpVnT7G+1G+OmdMMLNRD2K+uWXMAaUAd1YJTLe4N8hE6WyszTcRamKH679BrjCwM9cizmPD8W+tipHcofARD96CEH736pCSrVSf1jvLb2bWRDmJP8RDxNEXfdwKsnprkO+bY+1bO/w66RXZKNT6WtDQ/PpMqwJEQfe6o4DuizFkNcuRR/UZi8hsRrMLyI/fvlKl5jp447pczh2a4sCVse0E7502/s8mqKt0EBc7UbW5hnF2aTXpV39haWaZJj3fy56Nia0n4MhQlY6uNtidS3qpgbPp9Wdh8mifkxeaBwvcdlNLtsj94N/QmTCB4/Oyhk0922lz3TAGY2JelfXQH4iKJlUqQKvkqtu0sREXwUeFfXuHp4juPjv/nurKdh4CSin1NPk1Xsk3eNlz7KaEzBWeDIGEs+/LP51sDsXCpfQXWhMatQAvthsrHx4vr FXHTm/o8 k9HBCOU7C9JN1dZcKQFKJcz0aE+5PnQNltU2l+lhFv5pnDEN885GGARXRdcvr+OvIdXVpi5xtSIY5IMoCaAFyqhBn9qA55M0u/geUyapljYQf9P/+7EXC6UjpP+zYpcu87kdSiKEICbPG+ZvF3Mj6rw/nlRpVNNQlFCKiU63cxd64W9v8XN5ecWoOduC4NEeCPTwz9rtIjN8pDMCd0yTbq4zm2PcTGn9iNMFSt49WEGsRNf/7ekMF8JENJI1IS6qoHwrstSD2QucrqQubu1JsW3f+pl5npQsXFWYd9Afq87GCmRXBwb2lMVZY8nmZeYLAiFshioe1Kx76nuHsVqo6VTMIoxb7eSebkf36uRTlzZQrzJmxbWki4CopqIlufIF6WptF X-Bogosity: Ham, tests=bogofilter, spamicity=0.001656, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > Will address it in v2. > > > If we're gonna do this, it makes sense to document the ELF note binary > > limiations. Then, consider a defense too, what if a specially crafted > > binary with a huge elf note are core dumped many times, what then? > > Lifting to 4 MiB puts in a situation where abuse can lead to many silly > > insane kvmalloc()s. Is that what we want? Why? > > > You raise a good point. I need to see how we can safely handle this case. > Luis, Here's a rough idea that caps the max allowable size for the note section. I am using 16MB as the max value. --- a/fs/coredump.c +++ b/fs/coredump.c @@ -56,10 +56,14 @@ static bool dump_vma_snapshot(struct coredump_params *cprm); static void free_vma_snapshot(struct coredump_params *cprm); +#define MAX_FILE_NOTE_SIZE (4*1024*1024) +#define MAX_ALLOWED_NOTE_SIZE (16*1024*1024) + static int core_uses_pid; static unsigned int core_pipe_limit; static char core_pattern[CORENAME_MAX_SIZE] = "core"; static int core_name_size = CORENAME_MAX_SIZE; +unsigned int core_file_note_size_max = MAX_FILE_NOTE_SIZE; struct core_name { char *corename; @@ -1060,12 +1064,22 @@ static struct ctl_table coredump_sysctls[] = { .mode = 0644, .proc_handler = proc_dointvec, }, + { + .procname = "core_file_note_size_max", + .data = &core_file_note_size_max, + .maxlen = sizeof(unsigned int), + .mode = 0644, + .proc_handler = proc_core_file_note_size_max, + }, }; +int proc_core_file_note_size_max(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { + int error = proc_douintvec(table, write, buffer, lenp, ppos); + if (write && (core_file_note_size_max < MAX_FILE_NOTE_SIZE + || core_file_note_size_max > MAX_ALLOWED_NOTE_SIZE)) +. /* Revert to default if out of bounds */ + core_file_note_size_max = MAX_FILE_NOTE_SIZE; + return error; +} Let me know what you think. Thanks, - Allen