From patchwork Thu Feb 18 05:59:31 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Stultz X-Patchwork-Id: 62154 Delivered-To: patches@linaro.org Received: by 10.112.43.199 with SMTP id y7csp403103lbl; Wed, 17 Feb 2016 21:59:45 -0800 (PST) X-Received: by 10.66.139.234 with SMTP id rb10mr7668173pab.82.1455775185706; Wed, 17 Feb 2016 21:59:45 -0800 (PST) Return-Path: Received: from mail-pa0-x234.google.com (mail-pa0-x234.google.com. [2607:f8b0:400e:c03::234]) by mx.google.com with ESMTPS id ff7si7078579pab.184.2016.02.17.21.59.45 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Feb 2016 21:59:45 -0800 (PST) Received-SPF: pass (google.com: domain of john.stultz@linaro.org designates 2607:f8b0:400e:c03::234 as permitted sender) client-ip=2607:f8b0:400e:c03::234; Authentication-Results: mx.google.com; spf=pass (google.com: domain of john.stultz@linaro.org designates 2607:f8b0:400e:c03::234 as permitted sender) smtp.mailfrom=john.stultz@linaro.org; dkim=pass header.i=@linaro.org Received: by mail-pa0-x234.google.com with SMTP id fl4so24802419pad.0 for ; Wed, 17 Feb 2016 21:59:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Vv6aX7YVJEwYL4/E2amToeMug92x0FGq/XEF/OKNRuQ=; b=RGBG/6tPIlmhfLyZAW1xxqp8UHg/NWp1wztkHEvq3wywOmlNAp7qKXXw+mxVBiUOCh oh3lGzj6Le2ZahG2JYN6OUb1inPVWLiw9yTak4fao10Hmy3Ub07z2yO20K7Mj+BY10ob ZS9b+GG6rD69r31MdASMvGdVF+e1k2eglktXE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Vv6aX7YVJEwYL4/E2amToeMug92x0FGq/XEF/OKNRuQ=; b=kuQ3kFuFB5sRTJqaSlJuFlQSNB76PJy1MqZQfgPQknMLi5cty063JiD5o7CoOCpcjd MQjIwdlD1IUCU9dZ8nI8C3fzgntpZzds1wBzxh+FS+giZGxwWbqIuiUoqRNaTwatIlBO tslJBQBwLBjd4ISw1bdGQLDvjxD2TXCksrqNFhB0hIfGkHF4HMp5g7jELsianD9U36Or U+ZwWFHES7bxQEMZ7f+6yvJWQX1kKobpQ2uQTO7YW0kJtv0eljnumhvrb5RXdAMCr5Rf QQmjpxAIeH9w8/0B5XFxbvH47Xh2MOCeus9IRtlFb3u7VR0MrrKrbbg543Qvgerjiwl5 yI5Q== X-Gm-Message-State: AG10YORuO2mdnkFnfOEum+wHFeAzj6+z9fXFKGwuB3vfkXCYajzn/dMNGOl+xBP6cb2OHXAaxxU= X-Received: by 10.66.251.162 with SMTP id zl2mr7772591pac.116.1455775185056; Wed, 17 Feb 2016 21:59:45 -0800 (PST) Return-Path: Received: from localhost.localdomain (c-76-115-103-22.hsd1.or.comcast.net. [76.115.103.22]) by smtp.gmail.com with ESMTPSA id y11sm6790935pfa.85.2016.02.17.21.59.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 17 Feb 2016 21:59:44 -0800 (PST) From: John Stultz To: Andrew Morton , Thomas Gleixner , Arjan van de Ven Cc: lkml , John Stultz , Oren Laadan , Ruchi Kandoi , Rom Lemarchand , Kees Cook , Android Kernel Team Subject: [PATCH] proc: /proc//timerslack_ns permissions fixes Date: Wed, 17 Feb 2016 21:59:31 -0800 Message-Id: <1455775171-8125-1-git-send-email-john.stultz@linaro.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1455671191-32105-3-git-send-email-john.stultz@linaro.org> References: <1455671191-32105-3-git-send-email-john.stultz@linaro.org> This patch adjusts the timerslack_ns file permissions to be 0666 but requires PTRACE_MODE_ATTACH_FSCREDS to read or write the value. This allows tasks with sufficient privledges (CAP_SYS_PTRACE) to be able to modify a the timerslack for proccesses owned by a different user. This patch also fixes a return value from EINVAL to EPERM, and does task locking consistently, given we're handling u64s on 32bit systems. It also makes use of kstrtoull_from_user which simplifies some code. Cc: Arjan van de Ven Cc: Thomas Gleixner Cc: Oren Laadan Cc: Ruchi Kandoi Cc: Rom Lemarchand Cc: Kees Cook Cc: Andrew Morton Cc: Android Kernel Team Signed-off-by: John Stultz --- This patch applies on top of the previous two patches which Andrew already added to -mm. It can be folded down or kept separate as desired. I've also wired up the Android userspace side to use this interface, and tested it there, and things seem to be working properly ( - with some selinux noise, I still need to figure out the selinux policy changes, but its working with permissive mode). fs/proc/base.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) -- 1.9.1 diff --git a/fs/proc/base.c b/fs/proc/base.c index d7c51ca..35f583a 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2262,18 +2262,10 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf, { struct inode *inode = file_inode(file); struct task_struct *p; - char buffer[PROC_NUMBUF]; u64 slack_ns; int err; - memset(buffer, 0, sizeof(buffer)); - if (count > sizeof(buffer) - 1) - count = sizeof(buffer) - 1; - - if (copy_from_user(buffer, buf, count)) - return -EFAULT; - - err = kstrtoull(strstrip(buffer), 10, &slack_ns); + err = kstrtoull_from_user(buf, count, 10, &slack_ns); if (err < 0) return err; @@ -2282,12 +2274,14 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf, return -ESRCH; if (ptrace_may_access(p, PTRACE_MODE_ATTACH_FSCREDS)) { + task_lock(p); if (slack_ns == 0) p->timer_slack_ns = p->default_timer_slack_ns; else p->timer_slack_ns = slack_ns; + task_unlock(p); } else - count = -EINVAL; + count = -EPERM; put_task_struct(p); @@ -2298,18 +2292,22 @@ static int timerslack_ns_show(struct seq_file *m, void *v) { struct inode *inode = m->private; struct task_struct *p; + int err = 0; p = get_proc_task(inode); if (!p) return -ESRCH; - task_lock(p); - seq_printf(m, "%llu\n", p->timer_slack_ns); - task_unlock(p); + if (ptrace_may_access(p, PTRACE_MODE_ATTACH_FSCREDS)) { + task_lock(p); + seq_printf(m, "%llu\n", p->timer_slack_ns); + task_unlock(p); + } else + err = -EPERM; put_task_struct(p); - return 0; + return err; } static int timerslack_ns_open(struct inode *inode, struct file *filp) @@ -2899,7 +2897,7 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_CHECKPOINT_RESTORE REG("timers", S_IRUGO, proc_timers_operations), #endif - REG("timerslack_ns", S_IRUGO|S_IWUSR, proc_pid_set_timerslack_ns_operations), + REG("timerslack_ns", S_IRUGO|S_IWUGO, proc_pid_set_timerslack_ns_operations), }; static int proc_tgid_base_readdir(struct file *file, struct dir_context *ctx)