LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Thomas Gleixner <tglx@linutronix.de>
To: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Jiri Kosina <jikos@kernel.org>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Ingo Molnar <mingo@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Josh Poimboeuf <jpoimboe@redhat.com>,
	Andrea Arcangeli <aarcange@redhat.com>,
	David Woodhouse <dwmw@amazon.co.uk>,
	Andi Kleen <ak@linux.intel.com>,
	Dave Hansen <dave.hansen@intel.com>,
	Casey Schaufler <casey.schaufler@intel.com>,
	Asit Mallick <asit.k.mallick@intel.com>,
	Arjan van de Ven <arjan@linux.intel.com>,
	Jon Masters <jcm@redhat.com>,
	linux-kernel@vger.kernel.org, x86@kernel.org
Subject: Re: [Patch v3 06/13] mm: Pass task instead of task->mm as argument to set_dumpable
Date: Thu, 18 Oct 2018 15:22:09 +0200 (CEST)	[thread overview]
Message-ID: <alpine.DEB.2.21.1810181504020.1647@nanos.tec.linutronix.de> (raw)
In-Reply-To: <c793fcd092063a68f1de7ce982df2ebb347a3542.1539798901.git.tim.c.chen@linux.intel.com>

On Wed, 17 Oct 2018, Tim Chen wrote:

> Change the argument to set_dumpable from task->mm to task.  This allows us
> to later add hooks to modify a task's property according to whether it is
> a non-dumpable task. Non dumpable tasks demand a higher level of security.
> Changes the dumpable value from in to unsigned int as negative number is
> not allowed.

Please use paragraphs and do not write everything in one big lump. Also
please start with the context and the rationale for a change before
explaining what. Suggestion:

  set_dumpable() takes a struct mm pointer as argument, but for finer
  grained security control of hardware vulnerabilites a architecture
  specific set_dumpable() needs to be added which needs access to the task
  struct and not only to the tasks mm struct.

  Replace the mm pointer with a task pointer and fix up implementation and
  call sites.
  
  While at it change the type of the value argument from int to unsigned
  int as the valid dumpable mode values are greater equal zero.

Hmm?

> diff --git a/fs/exec.c b/fs/exec.c
> index 1ebf6e5..e204830 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -1362,9 +1362,9 @@ void setup_new_exec(struct linux_binprm * bprm)
>  	if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP ||
>  	    !(uid_eq(current_euid(), current_uid()) &&
>  	      gid_eq(current_egid(), current_gid())))
> -		set_dumpable(current->mm, suid_dumpable);
> +		set_dumpable(current, (unsigned int) suid_dumpable);

Yuck. For one the type cast is pointless, but can we please fix the whole
thing and make suid_dumpable unsigned int?

Thanks,

	tglx

  reply	other threads:[~2018-10-18 13:22 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-17 17:59 [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection Tim Chen
2018-10-17 17:59 ` [Patch v3 01/13] x86/speculation: Clean up spectre_v2_parse_cmdline Tim Chen
2018-10-18 12:43   ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 02/13] x86/speculation: Remove unnecessary ret variable in cpu_show_common Tim Chen
2018-10-18 12:46   ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 03/13] x86/speculation: Add static key for Enhanced IBRS Tim Chen
2018-10-18 12:50   ` Thomas Gleixner
2018-10-26 16:58   ` Waiman Long
2018-10-26 18:15     ` Tim Chen
2018-10-28  9:32       ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 04/13] x86/speculation: Disable STIBP when enhanced IBRS is in use Tim Chen
2018-10-18 12:58   ` Thomas Gleixner
2018-10-26 17:00   ` Waiman Long
2018-10-26 18:18     ` Tim Chen
2018-10-26 18:29       ` Tim Chen
2018-10-17 17:59 ` [Patch v3 05/13] x86/smt: Create cpu_smt_enabled static key for SMT specific code Tim Chen
2018-10-18 13:03   ` Thomas Gleixner
2018-10-19  7:51   ` Peter Zijlstra
2018-10-17 17:59 ` [Patch v3 06/13] mm: Pass task instead of task->mm as argument to set_dumpable Tim Chen
2018-10-18 13:22   ` Thomas Gleixner [this message]
2018-10-19 20:02   ` Peter Zijlstra
2018-10-17 17:59 ` [Patch v3 07/13] x86/process Add arch_set_dumpable Tim Chen
2018-10-18 13:28   ` Thomas Gleixner
2018-10-18 18:46     ` Tim Chen
2018-10-19 19:12       ` Thomas Gleixner
2018-10-19 20:16         ` Thomas Gleixner
2018-10-22 23:55           ` Tim Chen
2018-10-17 17:59 ` [Patch v3 08/13] x86/speculation: Rename SSBD update functions Tim Chen
2018-10-18 13:37   ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 09/13] x86/speculation: Reorganize SPEC_CTRL MSR update Tim Chen
2018-10-18 13:47   ` Thomas Gleixner
2018-10-26 17:21   ` Waiman Long
2018-10-26 18:25     ` Tim Chen
2018-10-17 17:59 ` [Patch v3 10/13] x86/speculation: Add per thread STIBP flag Tim Chen
2018-10-18 13:53   ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 11/13] x86/speculation: Add Spectre v2 lite app to app protection mode Tim Chen
2018-10-18 15:12   ` Thomas Gleixner
2018-10-17 17:59 ` [Patch v3 12/13] x86/speculation: Protect non-dumpable processes against Spectre v2 attack Tim Chen
2018-10-18 15:17   ` Thomas Gleixner
2018-10-26 17:46   ` Waiman Long
2018-10-26 18:10     ` Tim Chen
2018-10-17 17:59 ` [Patch v3 13/13] x86/speculation: Create PRCTL interface to restrict indirect branch speculation Tim Chen
2018-10-17 19:12   ` Randy Dunlap
2018-10-18 15:31   ` Thomas Gleixner
2018-10-19  7:57 ` [Patch v3 00/13] Provide process property based options to enable Spectre v2 userspace-userspace protection Peter Zijlstra
2018-10-19 16:43   ` Tim Chen
2018-10-19 18:38     ` Peter Zijlstra

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.21.1810181504020.1647@nanos.tec.linutronix.de \
    --to=tglx@linutronix.de \
    --cc=aarcange@redhat.com \
    --cc=ak@linux.intel.com \
    --cc=arjan@linux.intel.com \
    --cc=asit.k.mallick@intel.com \
    --cc=casey.schaufler@intel.com \
    --cc=dave.hansen@intel.com \
    --cc=dwmw@amazon.co.uk \
    --cc=jcm@redhat.com \
    --cc=jikos@kernel.org \
    --cc=jpoimboe@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=thomas.lendacky@amd.com \
    --cc=tim.c.chen@linux.intel.com \
    --cc=x86@kernel.org \
    --subject='Re: [Patch v3 06/13] mm: Pass task instead of task->mm as argument to set_dumpable' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).