Page MenuHomeFreeBSD

linux(4) prctl(2): Implement PR_[GS]ET_DUMPABLE
ClosedPublic

Authored by cem on Oct 29 2020, 9:10 PM.
Tags
None
Referenced Files
F107896424: D27015.diff
Sun, Jan 19, 3:21 AM
Unknown Object (File)
Sat, Jan 11, 7:28 AM
Unknown Object (File)
Fri, Jan 10, 12:20 AM
Unknown Object (File)
Thu, Jan 2, 6:00 AM
Unknown Object (File)
Thu, Jan 2, 12:03 AM
Unknown Object (File)
Fri, Dec 27, 10:00 PM
Unknown Object (File)
Fri, Dec 27, 12:43 PM
Unknown Object (File)
Dec 12 2024, 11:33 PM
Subscribers

Details

Summary

Proxy the flag to the roughly analogous FreeBSD procctl 'TRACE'.

TRACE-disabled processes are not coredumped, and Linux !DUMPABLE processes
can not be ptraced. There are some additional semantics around ownership of
files in the /proc/[pid] pseudo-filesystem, which we do not attempt to
emulate correctly at this time.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 34512
Build 31610: arc lint + arc unit

Event Timeline

cem requested review of this revision.Oct 29 2020, 9:10 PM
cem created this revision.

Stub wasn't sufficient; chrome self-tests that disabling dump is reflected in
subsequent GET. Instead, proxy the prctl to the similar procctl PROC_TRACE.

This diff doesn't appear to match the description.

sys/compat/linux/linux_misc.c
1918

aldo -> also

This diff doesn't appear to match the description.

Ah, yes. Arc diff update doesn’t update the commit message text on phabricator. I’ve rewritten the text somewhat and will update it manually in a bit.

Thanks for taking a look at all of these.

sys/compat/linux/linux_misc.c
1918

Fixed locally, will update in a minute. I should probably also drop the comment about ownership— SUID_DUMP_ROOT was short-lived and is no longer an acceptable mode.

1939

Caveat: I have no idea if Linux inherits this flag across exec or not.

cem retitled this revision from linux(4) prctl(2): Stub implement PR_[GS]ET_DUMPABLE to linux(4) prctl(2): Implement PR_[GS]ET_DUMPABLE.Oct 30 2020, 6:25 PM
cem edited the summary of this revision. (Show Details)
cem marked an inline comment as done.
  • Update the comment. No functional change.
sys/compat/linux/linux_misc.c
1932

Why is id 0 here? I don't see any special handling in kern_procctl() for that case: id gets passed to pfind().

sys/compat/linux/linux_misc.c
1932

Copied from PROC_PDEATHSIG_STATUS above, but now I see that has special handling in kern_procctl. So yes, we need to explicitly include curthread's pid.

cem marked an inline comment as done.
  • Fix PID passed to kern_procctl. Previously, the syscall would manipulate the tracability of the kernel 0 process, which is probably meaningless and certainly not intended.
markj added inline comments.
sys/compat/linux/linux_misc.c
1914–1949

For LINUX_PR_SET_DUMPABLE we unconditionally return but here we only do so upon error.

1939

By my reading of Linux the "dumpable" flags are preserved across execve, so I think this is right. bprm_mm_init() calls mm_alloc(), which preserves flags from the current mm if they are in MM_INIT_MASK, which includes MMF_DUMPABLE_MASK.

This revision is now accepted and ready to land.Nov 2 2020, 10:41 PM
sys/compat/linux/linux_misc.c
1914–1949

The break is essentially just return (error). The prevailing pattern seems to use break, but given we don't have other cleanup to perform and we exit early in a number of error cases, I'm inclined to reconcile this by explicitly returning in GET_DUMPABLE as well.

1939

Thanks for checking.

cem marked an inline comment as done.
  • Unify return style of GET/SET cases in switch
This revision now requires review to proceed.Nov 3 2020, 1:08 AM
This revision was not accepted when it landed; it landed in state Needs Review.Nov 3 2020, 2:11 AM
This revision was automatically updated to reflect the committed changes.