From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 34850C3064D
	for <linux-mm@archiver.kernel.org>; Tue,  2 Jul 2024 14:50:19 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 8741F6B0082; Tue,  2 Jul 2024 10:50:18 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 823FD6B0085; Tue,  2 Jul 2024 10:50:18 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 6EAEA6B0088; Tue,  2 Jul 2024 10:50:18 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id 521FF6B0082
	for <linux-mm@kvack.org>; Tue,  2 Jul 2024 10:50:18 -0400 (EDT)
Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id F32071A022E
	for <linux-mm@kvack.org>; Tue,  2 Jul 2024 14:50:17 +0000 (UTC)
X-FDA: 82295098074.27.4813484
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.10])
	by imf12.hostedemail.com (Postfix) with ESMTP id C444D4000B
	for <linux-mm@kvack.org>; Tue,  2 Jul 2024 14:50:14 +0000 (UTC)
Authentication-Results: imf12.hostedemail.com;
	dkim=pass header.d=intel.com header.s=Intel header.b=ZZnYdfBq;
	dmarc=pass (policy=none) header.from=intel.com;
	spf=none (imf12.hostedemail.com: domain of ak@linux.intel.com has no SPF policy when checking 198.175.65.10) smtp.mailfrom=ak@linux.intel.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719931798; a=rsa-sha256;
	cv=none;
	b=mueMAGTHY3PhsU/zUGeMpdYzbvUOwZpB9ciQe/rW1/J3Ec4cQCq5y2YypREGWIek/3qrfm
	DzgBiGTQYfjFD2ago/41mgEXEhIM59sCNU7j10lw30IByltZd+doyG5YQtGoYR9qFpGktA
	h5zrpTZ0YyJqznGmCmujBqSr/Q+yGJo=
ARC-Authentication-Results: i=1;
	imf12.hostedemail.com;
	dkim=pass header.d=intel.com header.s=Intel header.b=ZZnYdfBq;
	dmarc=pass (policy=none) header.from=intel.com;
	spf=none (imf12.hostedemail.com: domain of ak@linux.intel.com has no SPF policy when checking 198.175.65.10) smtp.mailfrom=ak@linux.intel.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1719931798;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=QIwvbj/sHtZH/20Ln6DHoGOvibaEtBWOBpS1H8hoPLw=;
	b=mab0b7NJHS66LMhY85bIpp25f0dSZ931YMGRh0in8/P7XtfI97zhnwHM4QgEtjnHoxeWpD
	MBpLbTxK7p3G5LxX2JzeQHcsSBQVTZ4fBofJyY7bRnmv91FKKvPTjhOgh2XD6KxEs6EYRB
	TktkyTt0zfowoeQfw7ktM+Dmx+N9Ovk=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1719931815; x=1751467815;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=HqJSSoNKjIMDM+CJGgP+I5L5NB+rRz1kCBLAO8WJm7A=;
  b=ZZnYdfBqjnATfzG3CLFd1+0D861dlCKvpp1joaakoI42itan5bZ2WI/y
   OUYw1zr+sSHtDnXhPGsla/XroPG68GmiT57tXCHFxNt8PHDHNLO77ufxn
   yDdHly0Z21YnbGhN0YpilkzB7RBeC/IqW9ZOJO4wPZivWqSdqMQiAUyKE
   p7OeuMUeEPQy+J6OXvw58jvCrtutgSU9GXYx8Z58TIpVLKT2nlVEJzsAo
   /Si+DshtcExVY47HObhtsGvXDO9q0EEqaFdnBV8bxblEqyV2QPdh1elWB
   7uao7CIFTDULG60Lk1Osv70te2INKVI0/QfpDkla08YPnXXcJSQG48yRv
   Q==;
X-CSE-ConnectionGUID: pBQcWzYZQ1mlsQGQ/4wIdA==
X-CSE-MsgGUID: zmEmfdlCT1uq/c3Js8F/jA==
X-IronPort-AV: E=McAfee;i="6700,10204,11121"; a="34558300"
X-IronPort-AV: E=Sophos;i="6.09,178,1716274800"; 
   d="scan'208";a="34558300"
Received: from orviesa004.jf.intel.com ([10.64.159.144])
  by orvoesa102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jul 2024 07:50:00 -0700
X-CSE-ConnectionGUID: 6Vw0grZvTcSZ8AqT595Amg==
X-CSE-MsgGUID: JIBGLbcKT1SxXJQ4cNjqIQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.09,178,1716274800"; 
   d="scan'208";a="51117023"
Received: from tassilo.jf.intel.com (HELO tassilo) ([10.54.38.190])
  by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jul 2024 07:49:59 -0700
Date: Tue, 2 Jul 2024 07:49:57 -0700
From: Andi Kleen <ak@linux.intel.com>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Cc: Andrii Nakryiko <andrii@kernel.org>, linux-fsdevel@vger.kernel.org,
	brauner@kernel.org, viro@zeniv.linux.org.uk,
	akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
	bpf@vger.kernel.org, gregkh@linuxfoundation.org, linux-mm@kvack.org,
	liam.howlett@oracle.com, surenb@google.com, rppt@kernel.org,
	adobriyan@gmail.com
Subject: Re: [PATCH v6 3/6] fs/procfs: add build ID fetching to PROCMAP_QUERY
 API
Message-ID: <ZoQTlSLDwaX3u37r@tassilo>
References: <20240627170900.1672542-1-andrii@kernel.org>
 <20240627170900.1672542-4-andrii@kernel.org>
 <878qyqyorq.fsf@linux.intel.com>
 <CAEf4BzZHOhruFGinsRoPLtOsCzbEJyf2hSW=-F67hEHhvAsNZQ@mail.gmail.com>
 <Zn86IUVaFh7rqS2I@tassilo>
 <CAEf4Bzb3CnCKZi-kZ21F=qM0BHvJnexgajP0mHanRfEOzzES6A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAEf4Bzb3CnCKZi-kZ21F=qM0BHvJnexgajP0mHanRfEOzzES6A@mail.gmail.com>
X-Rspamd-Queue-Id: C444D4000B
X-Rspam-User: 
X-Rspamd-Server: rspam05
X-Stat-Signature: e9wxmmt5r65miwgwdd75sua3ok5hctix
X-HE-Tag: 1719931814-365107
X-HE-Meta: U2FsdGVkX188Uz6gPyDNCGUDOAukH0lpIDY4upQfil7oLxouL6DRNAGV/c0lzMfnSVsSo1jj+kbjlT/FBzjjZ/DXpZ1jZgpQYXX3SU2VVNccGQykpDRv6zcMVGJNQYjJ+JHgv6OjfPh2Fe7xOg53Vth8QzJuC/YNbeYDzwuzJ5xUx781Myqkj5fBx6ztMhcN5IkK1Ljezgnpvw3PM0iwCXuM8bLkbzVHtKzIhsywpfxJbs2M3hREd0uiTUfvLolvxyzgk1fpzfC1/C5YKOVlww/rPsUzFHgo7y/hs7yQRwFxU3ujPQ1QQVv5hueVY1HKep5deef16eKAiY7FrjkQalm0Wa2OPitQfaTuO2I+e0mFPyLR1Ue6iVB2Cty0aRNKisfmM4276zlIvmVI/yCJvDUBWg2E8EkAuCKLaDwGoCLICmU1dW2AEsJbvdG1j4QX+JAES+C+NQcluYpNem9X0jEtDRZRhBPACR6rWMo2PAtAziUn72QJRHkuHkfzDPzu5Yx+Uhb1WsFWny+OkGgrGEWev4KKsCOXxQDLLI4y9WgPsPlEgEZzFMkrcLhPBi984jaSP++pA7OOVWNlqYl4YXzSm0QwCPQdnGTE8Wyfvm7wz28nDvQvdHtx+f5eXX4y3+h7/gWydqe30Gg5yQvGuVukMWttNuZebehJGuS9kwQwRjxKmymI9OCB7jS0fVZ7a3etABJsSzjuneN6yV6p2clwEPJ/z42Rxn+mZ3yO6r1Lympa4FSPJCAffZPjiKws42+S+J0lU71UYZwMxB37x4JCW6WP0D1VA3sH6cGKNu+ekC8zGdiFMMCnSJ6sQhB8P+vMA3lXNOq567NRofnil0fd+CPbSVmU9Mqd7gUd8XZRJemn6cf8krXMng5RrAKcw0ASZySZ1MvquJBLb9QgJFae+vFLVU4ykhdwjOgBtrNE1SxMJ2+sexOco0Kd0J7mz6VQT+tgOLG5CG3IkDB
 0g4GnW1l
 1fgdtuYqjxplodrqsmUaT3pTniFDqgqJp0GnCk/305IjdTSStOBogD1+a1Y6FJFR9qw5oPkVk0gSAs/KX44wzOF4PrlriArcYn0XlrQaDA/cfQnMwWZSnNS9wntuEx0SiY309P2Ul80tsKckpErghZbMF7G/CXZy+pCEPKfog1wMjSJ3I7UWTRjJT7KzpYfxvgzOuodFZ/IhdIlaOpWMUlzTgJF8tsZ2fiKEerZg6+/UWUOsc32ZHxhqhq3xEYlkCBjcYsG5YKZKAxOtYdHBfVDlIyg==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

> 1) non-executable file-backed VMA still has build ID associated with
> it. Note, build ID is extracted from the backing file's content, not
> from VMA itself. The part of ELF file that contains build ID isn't
> necessarily mmap()'ed at all

That's true, but there should be at least one executable mapping
for any useful ELF file.

Basically such a check guarantee that you cannot tell anything
about a non x mapping not related to ELF.

> 
> 2) What sort of exploitation are we talking about here? it's not
> enough for backing file to have correct 4 starting bytes (0x7f"ELF"),
> we still have to find correct PT_NOTE segment, and .note.gnu.build-id
> section within it, that has correct type (3) and key name "GNU".

There's a timing side channel, you can tell where the checks
stop. I don't think it's a big problem, but it's still better to avoid
such leaks in the first place as much as possible.

> 
> I'm trying to understand what we are protecting against here.
> Especially that opening /proc/<pid>/maps already requires
> PTRACE_MODE_READ permissions anyways (or pid should be self).

While that's true for the standard security permission model there might
be non standard ones where the relationship is more complicated.

-Andi