From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 968B9C4345F for ; Mon, 29 Apr 2024 22:35:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EEB8E6B008A; Mon, 29 Apr 2024 18:35:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E9BC76B008C; Mon, 29 Apr 2024 18:35:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D14FC6B0092; Mon, 29 Apr 2024 18:35:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id B39056B008A for ; Mon, 29 Apr 2024 18:35:14 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 3AA0214047E for ; Mon, 29 Apr 2024 22:35:14 +0000 (UTC) X-FDA: 82064026548.19.96DBDCE Received: from mail-ua1-f53.google.com (mail-ua1-f53.google.com [209.85.222.53]) by imf28.hostedemail.com (Postfix) with ESMTP id 9E13CC0024 for ; Mon, 29 Apr 2024 22:35:12 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=ScUldZNw; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf28.hostedemail.com: domain of allen.lkml@gmail.com designates 209.85.222.53 as permitted sender) smtp.mailfrom=allen.lkml@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1714430112; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=giNP6mUJZHfDuRo+cIvLi3ag8NuQrcBWgEzhMToaOic=; b=BHVHZB5W+Nj3pqOhwsMPk/F6fS/8dP9jm+mPBVKSRfrOXofHAeUewv4GBI58aNyyqgOOQm HEHaVLgP8Htry1mXPuYNyS0wtxAyQbYT1Ctt4hpgs3fBYqRsIai4lPZNlpQH65IZVmqALl 0wJvLM5YfXjV0I25zofn/l9Sk3k8A+Q= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=ScUldZNw; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf28.hostedemail.com: domain of allen.lkml@gmail.com designates 209.85.222.53 as permitted sender) smtp.mailfrom=allen.lkml@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1714430112; a=rsa-sha256; cv=none; b=fEOW80PWDq78syH/fl2bqdLWL3/sVJtvDRHxcewBEFlQLgO2ksD4becAVGijC4ohxWWQqI c3KIXZ7GybogT0ri+vXgUwjuKc9B/QsybVZ5mTQscphc0rV3UkJ2+vA2Q9VgoebHdULsnV M9MtW1iYBUY7nSpN/bzP+GM9XFbosw8= Received: by mail-ua1-f53.google.com with SMTP id a1e0cc1a2514c-7f1207b64b6so317294241.1 for ; Mon, 29 Apr 2024 15:35:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714430112; x=1715034912; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=giNP6mUJZHfDuRo+cIvLi3ag8NuQrcBWgEzhMToaOic=; b=ScUldZNwJba6E2XHPqfRPNRvVnNm6xB1VSl8hWgHFkilaiLYfTH6IAxzWNYnXN8f9/ GUB7OdWtWmvXfUaMD6bm9448som9C+9Z10HEWBTNGagIWtur3E58a56h+gH0W09HtAxc uTA7OXbKJUCHkneIvF1IzPn9lrKgcqot2Pz4AKPCdPgOvPKVdNuexvpUoj3iKVl5Seof 6Sue3cp9RUKSew3a8NXqmzaILT+VKiNDQXzZvrC8B/sQpIr8zqzwz6nk1O5+OcA8WVwB SKL7KvpfI/dDg5h16Km6DOiXtwfVRvTgnE3Jhm6n2VGrTf3fdtySAre7anlsJ2sy1Bws KA2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714430112; x=1715034912; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=giNP6mUJZHfDuRo+cIvLi3ag8NuQrcBWgEzhMToaOic=; b=rNMyGFIStSKs7IsS6rdO1QySsCVQUJkjqI7Ur6/yc3OM7Vg4jKsecRSbri/Yl8jtMi dgPXnJwhiy6LUqeUW0eYsmhnmLxYQ6hSCfgfo7mJh1j7+nCG/frVPDN84WOSKvOBuA+a E876wITaZtv1hxCm/pLFIQhRD+8cptk/2bvM4TbWGw6LFY0yCvW9HJGseS9jk9d+zR1E XdMkEJgfElFRAglTnCbG9CxnQABSGf0GrhJobqHF1O+QqK+V5CVs8TZr702SqQafI/+n +UhOVt58aFeM7iMvBOzTi6OmhuyDhz4wY+MFFURFDWF3JeUceu0hP9DGDRtmeR0sTeQx OIWQ== X-Forwarded-Encrypted: i=1; AJvYcCXIK+lS0IbJQknOIHP7ZjPhip5KwvixgtVavJEPPUK+1YwKtV6MsT/tq85J3sPbO8xIYB3C2lhXINJy+wJ+VHHu2VM= X-Gm-Message-State: AOJu0YxbF+w+kVOwMzS8Gwprw9xDSIYnuASGlPY1BP5afdSE140VneOi ZEkpq2xKapUewcOIzSGuwt72YAxNzqvR2/1sqBPUPxSao7t8USiw9qclH8TgkmCqH8ulr6IZ99b h0xOBbE5SP/brQVk9gRWvSohxVhbNzSfr X-Google-Smtp-Source: AGHT+IGa/i0nN98GS2VsTjzVAvr2RQG96odo51ftlshRyGhUf4qNiggjj+2ZkACUlKbkr16pF6t6A2UJFj4H8SmmVeo= X-Received: by 2002:a05:6122:1695:b0:4d4:2931:7d4d with SMTP id 21-20020a056122169500b004d429317d4dmr12138191vkl.5.1714430111799; Mon, 29 Apr 2024 15:35:11 -0700 (PDT) MIME-Version: 1.0 References: <20240429172128.4246-1-apais@linux.microsoft.com> <202404291245.18281A6D@keescook> In-Reply-To: <202404291245.18281A6D@keescook> From: Allen Date: Mon, 29 Apr 2024 15:35:01 -0700 Message-ID: Subject: Re: [RFC PATCH] fs/coredump: Enable dynamic configuration of max file note size To: Kees Cook Cc: Allen Pais , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz, ebiederm@xmission.com, mcgrof@kernel.org, j.granados@samsung.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 9E13CC0024 X-Stat-Signature: 5pzs6rhwyq6ssw585nf8wyhykdcqe8gj X-HE-Tag: 1714430112-634563 X-HE-Meta: U2FsdGVkX1+/y5Mzt8gkLyu5JkXLUy6NRnbaQAQ+c09ZF6RO/vJlDzcdh99X1Gj8480FFEuho0p0K6h5/4zIcXR/hWTmHQHaE3SycH/Xs7wumHgXBOMC7y7AIcOYSmaZWFk3TU6vV7uCHgHc4R+uvkNhUZeWTt6sQ7gmm0kTfwgfdD+ahzvP8cZyzQNecCP28+06hwGEzUDhOVa7sYSb8Jy9+ZgnpdJFAgV98ZpmFA0ln92iRBw4fXQv9nOAdHKi2mgw34suEmCLmlxMJSlAHbu5L7WzzeP3RorpVHMf3AECKlH3bi633tgYSdzZFEZYJxOnhdIKqANcKEbE75D2oJu47RJQg4B6ZC8XaOcPagKhgBYJHc/rZtN/HhuN+3tZ19LLxNF9Uuwh7VFiABPMvEUxWoDJYMk1aZM547GT+G9ZqRMp+dIlgy006A/DXa3hTI55+BKEDLBgB1AWQ1J8/eCumRdJGQNk4Sp0rE+uaLg3ubIoc0ShGmgDRMW3ZAePCvuhX7N40WsMwiADLA0S5QpZURrkICSjX1audWCJzIFEM9CapLyF0rVmV1fUy1dxbPJbWhK0QbmEFlZQqXT5Qg2FdHy4PSDU6+qzXrkv9Fffpcmo5dvjUSUreIFDpgiGAcY+DBZj2+oVb5vpQKN/kTUWDEzjuUlvsft6pWvcUWDzobeJnV87XyZAI6Qyw5Wfgu0yutiXG6CQM5lIjDyWA2m+Lu5XdG3Vn7yo9YwZUokU+EV6IdxhEP2Er1hfgCiKbzSLnQ9JVJknMSr7Qm+MYA20LlnZaQ94/q2G5EoWw0LEg8HbCYkwJ4mTyi6+VKca5+49H6M5Ue+kAmwiq6V5K6yfZmDuSb5G0qPiFN1Ef3noDC/LeaRscPEib1AtKxeYhIGrjoBIhBBueRka85RbTr3U0azu6uCPVE+9NMaXa24Pyv8hfmS8Fft96RrumV7zbR+FviEUZH95ptnQlgR ubvXic9T nnzcUsLzt1+mfZ8WqGHQyNQKRarwpW7IRuB0gl0jCkNtDReo8iv9evyU34AJAEJOWuzKG X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Apr 29, 2024 at 12:49=E2=80=AFPM Kees Cook = wrote: > > On Mon, Apr 29, 2024 at 05:21:28PM +0000, Allen Pais wrote: > > Introduce the capability to dynamically configure the maximum file > > note size for ELF core dumps via sysctl. This enhancement removes > > the previous static limit of 4MB, allowing system administrators to > > adjust the size based on system-specific requirements or constraints. > > Under what conditions is this actually needed? I addressed this in the email I sent out before this. > > > [...] > > diff --git a/kernel/sysctl.c b/kernel/sysctl.c > > index 81cc974913bb..80cdc37f2fa2 100644 > > --- a/kernel/sysctl.c > > +++ b/kernel/sysctl.c > > @@ -63,6 +63,7 @@ > > #include > > #include > > #include > > +#include > > > > #include "../lib/kstrtox.h" > > > > @@ -1623,6 +1624,13 @@ static struct ctl_table kern_table[] =3D { > > .mode =3D 0644, > > .proc_handler =3D proc_dointvec, > > }, > > + { > > + .procname =3D "max_file_note_size", > > + .data =3D &max_file_note_size, > > + .maxlen =3D sizeof(unsigned int), > > + .mode =3D 0644, > > + .proc_handler =3D proc_dointvec, > > + }, > > Please don't add new sysctls to kernel/sysctl.c. Put this in fs/coredump.= c > instead, and name it "core_file_note_size_max". (A "max" suffix is more > common than prefixes, and I'd like it clarified that it relates to the > coredumper with the "core" prefix that match the other coredump sysctls. > > -Kees Makes sense. Let me know if the below looks fine, diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 5397b552fbeb..6aebd062b92b 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1564,7 +1564,6 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); } -#define MAX_FILE_NOTE_SIZE (4*1024*1024) /* * Format of NT_FILE note: * @@ -1592,7 +1591,7 @@ static int fill_files_note(struct memelfnote *note, struct coredump_params *cprm names_ofs =3D (2 + 3 * count) * sizeof(data[0]); alloc: - if (size >=3D MAX_FILE_NOTE_SIZE) /* paranoia check */ + if (size >=3D core_file_note_size_max) /* paranoia check */ return -EINVAL; size =3D round_up(size, PAGE_SIZE); /* diff --git a/fs/coredump.c b/fs/coredump.c index be6403b4b14b..2108eb93acb9 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -56,10 +56,13 @@ static bool dump_vma_snapshot(struct coredump_params *cprm); static void free_vma_snapshot(struct coredump_params *cprm); +#define MAX_FILE_NOTE_SIZE (4*1024*1024) + static int core_uses_pid; static unsigned int core_pipe_limit; static char core_pattern[CORENAME_MAX_SIZE] =3D "core"; static int core_name_size =3D CORENAME_MAX_SIZE; +unsigned int core_file_note_size_max =3D MAX_FILE_NOTE_SIZE; struct core_name { char *corename; @@ -1020,6 +1023,13 @@ static struct ctl_table coredump_sysctls[] =3D { .mode =3D 0644, .proc_handler =3D proc_dointvec, }, + { + .procname =3D "core_file_note_size_max", + .data =3D &core_file_note_size_max, + .maxlen =3D sizeof(unsigned int), + .mode =3D 0644, + .proc_handler =3D proc_douintvec, + }, }; static int __init init_fs_coredump_sysctls(void) diff --git a/include/linux/coredump.h b/include/linux/coredump.h index d3eba4360150..14c057643e7f 100644 --- a/include/linux/coredump.h +++ b/include/linux/coredump.h @@ -46,6 +46,7 @@ static inline void do_coredump(const kernel_siginfo_t *siginfo) {} #endif #if defined(CONFIG_COREDUMP) && defined(CONFIG_SYSCTL) +extern unsigned int core_file_note_size_max; extern void validate_coredump_safety(void); #else static inline void validate_coredump_safety(void) {} Thanks, Allen