From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB603CD128A for ; Tue, 9 Apr 2024 18:25:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3151B6B0082; Tue, 9 Apr 2024 14:25:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2C5476B0083; Tue, 9 Apr 2024 14:25:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 166116B0085; Tue, 9 Apr 2024 14:25:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id EC7406B0082 for ; Tue, 9 Apr 2024 14:25:58 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 278FDA0536 for ; Tue, 9 Apr 2024 18:25:58 +0000 (UTC) X-FDA: 81990822396.16.87AB0CB Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by imf01.hostedemail.com (Postfix) with ESMTP id 2ACE64001B for ; Tue, 9 Apr 2024 18:25:52 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=eyl3xGmE; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf01.hostedemail.com: domain of elver@google.com designates 209.85.128.50 as permitted sender) smtp.mailfrom=elver@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1712687153; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=CMVnTlKzzIBXlOvhWSp8lJbGWUU4Q1quhbk/89hlgNY=; b=MjQT2w+Ez/YVNyZVHJDiKtWZg3RBR43U0wP4ONgB/fYrJZzb1DKvSyYWMGjx5Hwr/cm8Fp N0Z+hV8WqI8H6rMUPJM6PbV5MU1Siarm5zSJQ9Gf7TISoKLVNLtXM8V4nBA1gLY1XJgBGG UdAbs746KcBuNrFR7bOZxvm2o8YIlmk= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=eyl3xGmE; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf01.hostedemail.com: domain of elver@google.com designates 209.85.128.50 as permitted sender) smtp.mailfrom=elver@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1712687153; a=rsa-sha256; cv=none; b=TzNYPiDY6lbx6DxTGrYVVBlL8v+fuK+Vkm2pvajSPtb8UYj5fPBrQXj2n0X13N3n/ARtUz iHL219wS82/x3FCQOEuYgQjNxzNpF1jgNmEn5WJF/wEgv2UrMbHwVMCx24t6H9vqKJya5U YD8sHwGkiBeHQ8GiQQSCBvEr49v6bVo= Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-41551500a7eso48032575e9.2 for ; Tue, 09 Apr 2024 11:25:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712687151; x=1713291951; darn=kvack.org; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=CMVnTlKzzIBXlOvhWSp8lJbGWUU4Q1quhbk/89hlgNY=; b=eyl3xGmEkCeJIOCz3lC981WluBpGVnM7oRJvmBFQjRWtCzsj1oL/RwRiS8A1A+WcyH gtJ2eHgMoIh2sZGpb8+KGc0kDoKZ8uQaLFFJRmhjnNQYix0n73w1QRBH6PjW1gUxc+4+ Yvsp+xQLloyQ76KN1zr5EfM1dAmEASqFOsLFOv067dAVSMC38x6DUxIGXnjSFGxEjJGg R9Ytuxzg1pjgdeRVHjaKUu7wO1Iiv/k++phYHNlKEQgDUIFS2jenrVwsK8NIu1tQMZ7z ouWDGldPHYiK2bLxLUA04XrkpBO09qtK3sNhhnIUQCusoxyq/knGMaeGafFeh82q/6fp U6kA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712687151; x=1713291951; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CMVnTlKzzIBXlOvhWSp8lJbGWUU4Q1quhbk/89hlgNY=; b=uuYkAjzrRY67UakdO22iukfjUKNym/U60+S4/VR1XQeM3bB1A/enoGK4iyRNeF3lkP Qpkx3UDX5DYPp4UOGQlE58NIarKomkxj5Aw5fOrj3Ebg3D+HbnfcpJgbzSCixt07TM3J IjFCwHcigyt4dC/vzwcIJ00ZeBh19gWvCRru8Wa41quJPXEVywxgnPNRI94RxsdEYaBC pWYqj74ZiGMgKbZi/jTvA/xy2DrT2j4KhmorLk1xNrV2uD3SLFOY0HJ8F8JaZhGIe2XW b3PC8UACtozrpUrpOPaoTV7aUsE1CVsiFN3PyAVfR7TIfnN0aB7CO6Q9of1tOxKdENoV YAWg== X-Forwarded-Encrypted: i=1; AJvYcCVgYb7LdVp7vQvYzRuZ1q15yXy8pDxHAv6qDGoOCvA8TUJInXA200scTDNx5yfPJIol9A22DVEmiErMucbvlded39w= X-Gm-Message-State: AOJu0Yy3q3D8oVSEmwWkNmJLW8EYN1YEMC/ds49+SfOJAGrTlZ00y3/B HYF2E4nGGyoMBJJkA6817A5TjtFzWS3LQ26uEW350v4K8+GYJHhU8WoILiPrqg== X-Google-Smtp-Source: AGHT+IFHEnlsqznP4KTV21mQuVExIU4Ie6hLZRtrEQN+FAIK8t6xpdewmL+c6BcHdbPggT+DVYeCMw== X-Received: by 2002:a05:600c:4707:b0:414:e0af:9b9f with SMTP id v7-20020a05600c470700b00414e0af9b9fmr337610wmo.30.1712687151262; Tue, 09 Apr 2024 11:25:51 -0700 (PDT) Received: from elver.google.com ([2a00:79e0:9c:201:ae75:6122:b198:210f]) by smtp.gmail.com with ESMTPSA id v11-20020a05600c470b00b00416b5f63822sm2048888wmo.0.2024.04.09.11.25.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 11:25:50 -0700 (PDT) Date: Tue, 9 Apr 2024 20:25:45 +0200 From: Marco Elver To: Kees Cook Cc: Steven Rostedt , Eric Biederman , Alexander Viro , Christian Brauner , Jan Kara , Masami Hiramatsu , Mathieu Desnoyers , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Dmitry Vyukov Subject: Re: [PATCH] tracing: Add new_exec tracepoint Message-ID: References: <20240408090205.3714934-1-elver@google.com> <202404090840.E09789B66@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202404090840.E09789B66@keescook> User-Agent: Mutt/2.2.12 (2023-09-09) X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 2ACE64001B X-Stat-Signature: uukpnsung8dry7s1x1854655rdm4ci4p X-Rspam-User: X-HE-Tag: 1712687152-794222 X-HE-Meta: U2FsdGVkX1/VYIsuvYxVtPgYbMZOB6SFtqoEH+PsCO30F4oj1W05Yf6RrIU+F+xJrcxughmL4Ru1eRFy8SBaK7x6r3i8jfjWuV9Q2FeWGot4p1cks39b0tPM+vJGvLLATdYFMnKjj8O4Bp7QGBnrSCje1BznEFhmUAaluwOzBoy63CwiE26Agry3URdOGuZPpFcyjrYe82p5selhcuEHY6KFv+eY9v0+fYVhWg/Oht7FYIRst2cGg5swu4OFlH4HhmlGOsShXCYxcDDIFDTrICS9T+OJr4IkQtY09CmZQxx/J9lfS/pND9EaKOsx11yYPETVvhaSdauukuu77eB2hANc9WLOm5vfbs23ypMTYmVm4Uya3F6ZrBAetxELpRYtikMF9Jk5MlTYLlIaxhzDK5NhnfSRkqL6fc2Tnxqq+cT8GxXGHwMShQ+qAIjczMWhTCCZ5s577I8xEL1lEJM8mc0Dd8ih5E9zqN454y7O4Rl8uncsjsxqV7GSizZweUysRmtDfYVBwUCEn31GFevfWLmlf7o6NQkQjd4YtlmWYnpwhqSCsGfn3a29tmUaENCbA42lR9BHLAfKW0wV95FQrXFDnrEhY7FU5JhttcDEalAhsGYHdbiVrfarcYLhDbWoj6NySs1qZ3DLdzgvYV0K62T/QT1sKX9iDWwkSFQJPssqC3PkryfM6RabMW1u7Mn7jDMFoKnksP6yHvzAAeHefejwB/m15qiphCc2ZaA4MY/io3iOsa/UHW+hHjb4HAoxeYELouSplS6uE6kkRuFerYbaEftmD+mHEpNuLdf9sH1Nkt+Wsdv1DiqJF1IME/nkjlgtisGpwGlPSZGVlJW0l15302lupDyOLAaG7KsVnHqn+KbsYNhq+t3fIqZ/z6CP6964H/Ziwn+cl+ND7TcRG3jvcLN1AJ2/q1mzaNlIMai+fSgdpIw+crXWP+fogqfU3Q0jXjrwo9EiYlE6taT gjZhguXz MqsnL3qpH6PbBV5r944JBDHyTgTi1q9WbVXaDVLOZBAdi5fsv0zxGLmsRD+DdhOtiLnVpMTrlRq2vmUbxvmX8dAlBYqoP0o9oj9HgHuIjl3ZmCKg7IVpqxGyrpl6Vt3YYqqi8 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000285, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Apr 09, 2024 at 08:46AM -0700, Kees Cook wrote: [...] > > + trace_new_exec(current, bprm); > > + > > All other steps in this function have explicit comments about > what/why/etc. Please add some kind of comment describing why the > tracepoint is where it is, etc. I beefed up the tracepoint documentation, and wrote a little paragraph above where it's called to reinforce what we want. [...] > What about binfmt_misc, and binfmt_script? You may want bprm->interp > too? Good points. I'll make the below changes for v2: diff --git a/fs/exec.c b/fs/exec.c index ab778ae1fc06..472b9f7b40e8 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1268,6 +1268,12 @@ int begin_new_exec(struct linux_binprm * bprm) if (retval) return retval; + /* + * This tracepoint marks the point before flushing the old exec where + * the current task is still unchanged, but errors are fatal (point of + * no return). The later "sched_process_exec" tracepoint is called after + * the current task has successfully switched to the new exec. + */ trace_new_exec(current, bprm); /* diff --git a/include/trace/events/task.h b/include/trace/events/task.h index 8853dc44783d..623d9af777c1 100644 --- a/include/trace/events/task.h +++ b/include/trace/events/task.h @@ -61,8 +61,11 @@ TRACE_EVENT(task_rename, * @task: pointer to the current task * @bprm: pointer to linux_binprm used for new exec * - * Called before flushing the old exec, but at the point of no return during - * switching to the new exec. + * Called before flushing the old exec, where @task is still unchanged, but at + * the point of no return during switching to the new exec. At the point it is + * called the exec will either succeed, or on failure terminate the task. Also + * see the "sched_process_exec" tracepoint, which is called right after @task + * has successfully switched to the new exec. */ TRACE_EVENT(new_exec, @@ -71,19 +74,22 @@ TRACE_EVENT(new_exec, TP_ARGS(task, bprm), TP_STRUCT__entry( + __string( interp, bprm->interp ) __string( filename, bprm->filename ) __field( pid_t, pid ) __string( comm, task->comm ) ), TP_fast_assign( + __assign_str(interp, bprm->interp); __assign_str(filename, bprm->filename); __entry->pid = task->pid; __assign_str(comm, task->comm); ), - TP_printk("filename=%s pid=%d comm=%s", - __get_str(filename), __entry->pid, __get_str(comm)) + TP_printk("interp=%s filename=%s pid=%d comm=%s", + __get_str(interp), __get_str(filename), + __entry->pid, __get_str(comm)) ); #endif