From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8BE24CEDDA3 for ; Wed, 9 Oct 2024 14:41:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 562E76B00D1; Wed, 9 Oct 2024 10:41:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4EB686B00C2; Wed, 9 Oct 2024 10:41:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 18F9C8D0002; Wed, 9 Oct 2024 10:41:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id DCDB26B00C0 for ; Wed, 9 Oct 2024 10:41:40 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id BA337AC5FB for ; Wed, 9 Oct 2024 14:41:35 +0000 (UTC) X-FDA: 82654327560.04.0A52DEE Received: from fhigh-b4-smtp.messagingengine.com (fhigh-b4-smtp.messagingengine.com [202.12.124.155]) by imf13.hostedemail.com (Postfix) with ESMTP id 47B3D20019 for ; Wed, 9 Oct 2024 14:41:38 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=tycho.pizza header.s=fm1 header.b=XCsbWaw+; dkim=pass header.d=messagingengine.com header.s=fm2 header.b="Z 7Xq8f5"; dmarc=none; spf=pass (imf13.hostedemail.com: domain of tycho@tycho.pizza designates 202.12.124.155 as permitted sender) smtp.mailfrom=tycho@tycho.pizza ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728484854; a=rsa-sha256; cv=none; b=vqGNDt7VvICyx8lo/XRPx9Ig3mC80a28mha7+CoBvrfApinlQ3lSjI3gFeQKC3YLgug7m8 R+w/SuYNfYaqU+YY4k3XZUbSQ81D3dC4817QFssZCky/y4qQx5/7bLrtpcbs8Lmx1Z6TVI F1XSeu3/MlJyvD0wsumQPROW91F1Uig= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=tycho.pizza header.s=fm1 header.b=XCsbWaw+; dkim=pass header.d=messagingengine.com header.s=fm2 header.b="Z 7Xq8f5"; dmarc=none; spf=pass (imf13.hostedemail.com: domain of tycho@tycho.pizza designates 202.12.124.155 as permitted sender) smtp.mailfrom=tycho@tycho.pizza ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728484854; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=htYGirbttd3S0J/hRAVHjRvjVcCGGy2hTpcEQpIMag8=; b=QHXBiRSMyheeOsIp7DGKgGY09kfWJynSeNQGV1mXNhjsBzgFy+FwAzDnFlZesFx7Q/Z5Oo VZ0s/LUBG1wTLsQE3De6HBNi90gnpT9fFhoDnwE8saKU2vgRsZg7LlrHi/cUuPvkX7hxmO 6erlttP8vgyRAHWegdJ1Kko/AOL8BvQ= Received: from phl-compute-07.internal (phl-compute-07.phl.internal [10.202.2.47]) by mailfhigh.stl.internal (Postfix) with ESMTP id AB13D254006B; Wed, 9 Oct 2024 10:41:36 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-07.internal (MEProxy); Wed, 09 Oct 2024 10:41:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho.pizza; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1728484896; x=1728571296; bh=htYGirbttd3S0J/hRAVHjRvjVcCGGy2hTpcEQpIMag8=; b= XCsbWaw+QQklO62sUPscXPuXOxMRZ8fbzaRZT4RiXFPj9UeoSXi0Rj3wuKrS1zae DRmBOfEsZTM1d11MOknHVRekdPUsKmwyjnEX5cKCWg9GuxfwnkdC6GoxAdAn3wUd vtjkNhBEGAn3OC0chdN7q6e656UTVRGRD96ozl7zSMw/rPxmXqXrdKYHAjIbuXYB mOCfD3J3xSYpHB6UQSpnt5OALUEV0J1a8Pdoa4gTrDtOwlbE5fLLBPy2Mn7qA1NC SFM6YfRX0RND5BMN7tgMBiZCWsv3ba9fhzNEikeJ8AJDjVwv2Uvvd2QiLd+r4r/b 4qyxqgtFZ3QJOq+Dycm7Vg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1728484896; x= 1728571296; bh=htYGirbttd3S0J/hRAVHjRvjVcCGGy2hTpcEQpIMag8=; b=Z 7Xq8f54Fx88RyAhXxZzR6KH4WTdA+hbK7kpofuNR5dFRSAeXdKU4YGjya+8KW4Fa KMCc03APdRVYgh9QQ6z6plNLAGH782ZdOyAiunN0aP5Y+FgCVhNAkkL4DgwMZeQt E+4Kv3v5IscubEwjVxJFds8cmV360jTf4qtX68gWDfUl7EdcsLe+j5WXV51Jaf4W +/y3uTF+ngHgPJkLz7SuV4R3U4P5Lo1lk42EyskwqF5hDakOQRzdTSWaRbVWKm+Z QB0HPHKuQr5L/fSHBfkK8KFLST80kuHovvNFLNtVlBE3qmaE1SaMBqyBl+bzvI/0 8S6VQZdde7j3w6QSuhI3w== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvdeffedgkeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepfffhvfevuffkfhggtggugfgjsehtkeertddttdej necuhfhrohhmpefvhigthhhoucetnhguvghrshgvnhcuoehthigthhhosehthigthhhord hpihiiiigrqeenucggtffrrghtthgvrhhnpeettddvheefffetkeejieehhfehieekgedv jeelieehkeefueevheehteegteevgeenucevlhhushhtvghrufhiiigvpedtnecurfgrrh grmhepmhgrihhlfhhrohhmpehthigthhhosehthigthhhordhpihiiiigrpdhnsggprhgt phhtthhopedugedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepiigshihsiigvkh esihhnrdifrgifrdhplhdprhgtphhtthhopegvsghivgguvghrmhesgihmihhsshhiohhn rdgtohhmpdhrtghpthhtohepvhhirhhoseiivghnihhvrdhlihhnuhigrdhorhhgrdhukh dprhgtphhtthhopegsrhgruhhnvghrsehkvghrnhgvlhdrohhrghdprhgtphhtthhopehj rggtkhesshhushgvrdgtiidprhgtphhtthhopehkvggvsheskhgvrhhnvghlrdhorhhgpd hrtghpthhtohepjhhlrgihthhonheskhgvrhhnvghlrdhorhhgpdhrtghpthhtoheptghh uhgtkhdrlhgvvhgvrhesohhrrggtlhgvrdgtohhmpdhrtghpthhtoheprghlvgigrdgrrh hinhhgsehgmhgrihhlrdgtohhm X-ME-Proxy: Feedback-ID: i21f147d5:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 9 Oct 2024 10:41:33 -0400 (EDT) Date: Wed, 9 Oct 2024 08:41:31 -0600 From: Tycho Andersen To: Zbigniew =?utf-8?Q?J=C4=99drzejewski-Szmek?= Cc: "Eric W. Biederman" , Alexander Viro , Christian Brauner , Jan Kara , Kees Cook , Jeff Layton , Chuck Lever , Alexander Aring , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Tycho Andersen , Aleksa Sarai Subject: Re: [RFC] exec: add a flag for "reasonable" execveat() comm Message-ID: References: <20240924141001.116584-1-tycho@tycho.pizza> <87msjx9ciw.fsf@email.froward.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspam-User: X-Rspamd-Queue-Id: 47B3D20019 X-Rspamd-Server: rspam01 X-Stat-Signature: xhx5btigdctx5rsgbp39sjyqziqjfmm4 X-HE-Tag: 1728484898-649031 X-HE-Meta: U2FsdGVkX1+GaV09viFPqkEtDcnkNkNB/0j1cRn5DymMjUZ7kO5/dPzInHRx7uHB/qPiWJc0a9ausSE0LnEDv3NXdKc6yv5I0MH/IFhFHeaZYig+eRPpQv6WcktihJWLcw5XvRZZyWxGLbttAKGOTudH/DfHu5DsVBbjpz4YBTE2ulHPQD0dejL2sm8bhIedps3w7q8PVs31OvpA9hzkQLzMA/8hZyDSvuv9mpVai6IICnEAheZUflYIxquTcXiQutf2lscm+8Gvm4ql01oqdER9z99v5BMKboMnNbQlxP2+dddjj6ddsglLfddNcGuuizqbyuHlG9UERJsKxK+BKDeLweDuCskVgzu/HOZ8Ncbmo9EPULhtdYlsRDzHiQWO0T/Iuhf6mNwNR789ZPU59XU6tvvN5c0xDQqyjlNiMP6PXzUHOytPGLg4T1TJW+bmTYc1qzzdRfVW/YbQ3ypoZTwYJXtjd4ZOZwqfcnELoFXF1V0ttjMgUzmpJBhGr5T8BbVlMeov1MnLEa5aQueW6BCGfekqFp01N2VJBuPTarfSYcBmgY9rPm6n4oheYawo4QXV7PZ5VsmJ1xP6ongGZyFrf03VuEZfYF/+cZvYtVTjYSl4NF731BcfYGeJAzZUD0sT+ecZhMydazmcHjKFvYuu3EVp9r+a++eX7vaCHsApuv8zGlIsJ3oEkZ2sZPg3GKHnyK4ofFIk2P+lh+d5nN34+rjWOHUGrqC6CHSxcGD8XcF3M2gawmVRtMR4OH7Lg4LrNpdalXJe7ZQlzAm4D/3vXuqzGRKtwt2TfnRV+iprHugIl4AuSejKWP7Aeag1Aco59CNGaAxmuVAVzuzHLsdLX6fIj4nC3w0px97BAqZKXEJoMZCiMLLOldg7WhXdeRXK6yjECnj898GR8BlVyQuPejjFyfZYqRAoujq2fpIiOu0Tgf4DblCfbTWBtgb0Kh/6xpLU+xgdG9KzSMe JJ23+Lw7 nT4a7bbVEke+H63ANRN25phxrdVNIqOlAEoy5pURXcr//AP+9kXRQm87TZLX4zGkgq8KzBrm//rUTlfClSdNLDAkhC5DkcWODEdE8yFU4v6cB9HQDU5KPO1AHohwPOmno1hxULIWNtdkUaUnd28iTa5qNtG/fiQJ9YWO0mLk0Wdp0Sif13P1abOz6N2aapUxK0xK7SR8qA/C+kXqOdHVlZNTDeofUT42Dwsu0meyLnbpVQwfKB/09i9bL52FGCh9kBFlMj14pommttAK/qtwYlRuRpW9z16fmxAhvb5VOlEOfRYpEXrB4xwjcjPgCBqe55dL6GF5UO1QwVQdvNJq0kqmHJISAExJDWfF4kF4NLK6kWGI0ade68nqT27IyonGECmUnSXOcLXtTqkLgLiZRONbbFDx/MEr+brAvlukcKaZuVHgPhar2kiG+h5771k00ePE/eoOxRuwfhWrTQhhf60XzvQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Oct 02, 2024 at 02:34:43PM +0000, Zbigniew Jędrzejewski-Szmek wrote: > On Tue, Sep 24, 2024 at 12:39:35PM -0500, Eric W. Biederman wrote: > > Tycho Andersen writes: > > > > > From: Tycho Andersen > > > > > > Zbigniew mentioned at Linux Plumber's that systemd is interested in > > > switching to execveat() for service execution, but can't, because the > > > contents of /proc/pid/comm are the file descriptor which was used, > > > instead of the path to the binary. This makes the output of tools like > > > top and ps useless, especially in a world where most fds are opened > > > CLOEXEC so the number is truly meaningless. > > > > > > This patch adds an AT_ flag to fix up /proc/pid/comm to instead be the > > > contents of argv[0], instead of the fdno. > > I tried this version (with a local modification to drop the flag and > enable the new codepath if get_user_arg_ptr(argv, 0) returns nonnull > as suggested later in the thread), and it seems to work as expected. > In particular, 'pgrep' finds for the original name in case of > symlinks. Here is a version that only affects /proc/pid/comm, without a flag. We still have to do the dance of keeping the user argv0 before actually doing __set_task_comm(), since we want to surface the resulting fault if people pass a bad argv0. Thoughts? Tycho diff --git a/fs/exec.c b/fs/exec.c index dad402d55681..61de8a71f316 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1416,7 +1416,16 @@ int begin_new_exec(struct linux_binprm * bprm) set_dumpable(current->mm, SUID_DUMP_USER); perf_event_exec(); - __set_task_comm(me, kbasename(bprm->filename), true); + + /* + * If fdpath was set, execveat() made up a path that will + * probably not be useful to admins running ps or similar. + * Let's fix it up to be something reasonable. + */ + if (bprm->argv0) + __set_task_comm(me, kbasename(bprm->argv0), true); + else + __set_task_comm(me, kbasename(bprm->filename), true); /* An exec changes our domain. We are no longer part of the thread group */ @@ -1566,9 +1575,30 @@ static void free_bprm(struct linux_binprm *bprm) if (bprm->interp != bprm->filename) kfree(bprm->interp); kfree(bprm->fdpath); + kfree(bprm->argv0); kfree(bprm); } +static int bprm_add_fixup_comm(struct linux_binprm *bprm, struct user_arg_ptr argv) +{ + const char __user *p = get_user_arg_ptr(argv, 0); + + /* + * In keeping with the logic in do_execveat_common(), we say p == NULL + * => "" for comm. + */ + if (!p) { + bprm->argv0 = kstrdup("", GFP_KERNEL); + return 0; + } + + bprm->argv0 = strndup_user(p, MAX_ARG_STRLEN); + if (bprm->argv0) + return 0; + + return -EFAULT; +} + static struct linux_binprm *alloc_bprm(int fd, struct filename *filename, int flags) { struct linux_binprm *bprm; @@ -1975,6 +2005,10 @@ static int do_execveat_common(int fd, struct filename *filename, goto out_ret; } + retval = bprm_add_fixup_comm(bprm, argv); + if (retval != 0) + goto out_free; + retval = count(argv, MAX_ARG_STRINGS); if (retval == 0) pr_warn_once("process '%s' launched '%s' with NULL argv: empty string added\n", diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index e6c00e860951..0cd1f2d0e8c6 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -55,6 +55,7 @@ struct linux_binprm { of the time same as filename, but could be different for binfmt_{misc,script} */ const char *fdpath; /* generated filename for execveat */ + const char *argv0; /* argv0 from execveat */ unsigned interp_flags; int execfd; /* File descriptor of the executable */ unsigned long loader, exec;