| Message ID | d81864a7f7f43bca6afa2a09fc2e850e4050ab42.1680611394.git.josh@joshtriplett.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp2992084vqo;
Tue, 4 Apr 2023 05:36:46 -0700 (PDT)
X-Google-Smtp-Source:
AKy350bPZ9GN5bvoyNhl8/mhcmMq1Wk8MhPIlNJcDnTEaMbNiBVXlE2UR9n2LQVjwhYwFPZhtK80
X-Received: by 2002:a05:6a20:4f1c:b0:da:4be2:caff with SMTP id
gi28-20020a056a204f1c00b000da4be2caffmr1985878pzb.56.1680611806386;
Tue, 04 Apr 2023 05:36:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680611806; cv=none;
d=google.com; s=arc-20160816;
b=c0Zv5rBu8hQih81AHG0v0l/hagJn49HZTvxp2JI0I9M0/+QTn5RZgB+fsQBo2GIH0L
k2J8A9U6DJqrE2ytsJx4ocklqc449bfoCuFbqVHEIcQNwHenpEvdIHglDm3Mv9HfwLg0
Mu0hml08VHW+scUYrti3rDRupq8tx8ZTvwzWN8hEZHg53WaNneMsSVnoK8gJqFOjY92Q
pO22QIE8v6j7ZfY/M3706ybPbM+hVPMEK29MN7I/YMemfujxt34MxySllu0l7wmt+lBO
gQMu1WVJKWYQ2foOgoYe9//n+QiEdD2c1SKudTIytw5ZWO+O7GXBGneARfP9XTM2GrFM
uZQg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-disposition:mime-version:message-id
:subject:to:from:date:feedback-id:dkim-signature:dkim-signature;
bh=nt6QuxRluVizW8uPZoCJ4NC8q9XQ4kfvc7TVTu/KcJw=;
b=axaPVGQdRyG9fHHFr0rwo0oDtLtPpoan0bB+hjjyw5iPFThB7WAuhzauIFAULsw0uh
OMSSTmI5Bpa+qTT4Gl3HSh4W9EDCneVZhFpBsrtT4r4qhwIW8HQArnaFK00YcVAphFgo
ClIv4RNAHHk/yyt8lbf0c2Krzq9LJt4CiklF3wxoxKNMRPWcwBePaFzkbgb2b58Y06T2
9K8GOvTlY+KYNNpZ3i3oNb+6b0HypbwwZUZztwkj6QKo8JoO7jsOUF+tKcIxuU1LhEFk
bkVcpFE8ZMQ1WobZEy9bMnxIc0J8V7ROXfiNRSjjJPUc0lkDeWz5sbLr3UWkYEEOE1QL
Vqbw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@joshtriplett.org header.s=fm1 header.b=ekmuq8zk;
dkim=pass header.i=@messagingengine.com header.s=fm2
header.b="TelJz/PP";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
c4-20020a621c04000000b00625c2bd736asi10750426pfc.20.2023.04.04.05.36.33;
Tue, 04 Apr 2023 05:36:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@joshtriplett.org header.s=fm1 header.b=ekmuq8zk;
dkim=pass header.i=@messagingengine.com header.s=fm2
header.b="TelJz/PP";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S234858AbjDDMb6 (ORCPT <rfc822;a1648639935@gmail.com>
+ 99 others); Tue, 4 Apr 2023 08:31:58 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44280 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231344AbjDDMb5 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 4 Apr 2023 08:31:57 -0400
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com
[64.147.123.19])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 37DE3170C
for <linux-kernel@vger.kernel.org>;
Tue, 4 Apr 2023 05:31:55 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
by mailout.west.internal (Postfix) with ESMTP id 7FAEF3200934;
Tue, 4 Apr 2023 08:31:54 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
by compute6.internal (MEProxy); Tue, 04 Apr 2023 08:31:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
joshtriplett.org; h=cc:content-type:content-type:date:date:from
:from:in-reply-to:message-id:mime-version:reply-to:sender
:subject:subject:to:to; s=fm1; t=1680611514; x=1680697914; bh=nt
6QuxRluVizW8uPZoCJ4NC8q9XQ4kfvc7TVTu/KcJw=; b=ekmuq8zkGHbLBYey+c
1XMecsdG2y9co0x62WU2T2zlddxfC976rXhIjQynILiMPq1jxI9RFHmdcaaWf06A
0NT61BrlAkFGCNzhM1pb8aW7vnk599VrAgTgXr8STZcdN8sZg5OuznQoCsxznUjN
nVoRQo+Fx+JpLQ9v6UZpMuN8JbgpXQml4O8rr9ceuAc9D7sEo7MrCJ0TZfIEYq2U
lquCMu2Y+8hni7kuv53j6vX/UxRHu/u+LCdWaC0CGK2nvxuvw+fJoDtXgrv5blhd
NTG74N5qr8KfM4T2nTsSySWlRmQsLSRv+vb/L7YzYEwLTbkXBq4C2jA4lW71rqup
BJYw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:content-type:content-type:date:date
:feedback-id:feedback-id:from:from:in-reply-to:message-id
:mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy
:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=
1680611514; x=1680697914; bh=nt6QuxRluVizW8uPZoCJ4NC8q9XQ4kfvc7T
VTu/KcJw=; b=TelJz/PPtY2EeYcftDqF5K1vPxYxI1iHYy4ovtr4RgWveLbfGuj
s+a1/TgvBK2uBcvvqj6yh9+WEBjvuyFu5m4NrJCFqjWFM27KIMar6b8NL2QFV87b
V1VByMRcLozA0bJZ/3F9ppcOTkjGtvceXGzY0IYKfYXSIBaO+rI3kBhKct+bUumV
RMcHZqnlLq3doU7aGwIfbifsow7Gi/AEqNKtlMII1FEy9pQEvEn44I9UPV2/T0Bk
A+gZNX584FuL57Xpt520bcyN5LYltUSmSRQOziwm9Iy9FZgIAuoCio7OG5x5J+iS
vqhwIHAmYgCNZCkoTZ8Vv84QRFI+y4ZJNSg==
X-ME-Sender: <xms:uRgsZCCNuliajZGcABZ3kq8jQJ195CX8R155lmVpqZyx2UEp-1oRKA>
<xme:uRgsZMjyroOxFhtGjnYkWLOyIq6VSbnEqu8AxbZXO-_BkRyTMhMiBjDtrpvxAfUaA
aq5WBVOgwz3Ky-rOmk>
X-ME-Received:
<xmr:uRgsZFlnXXccSYG6vgnodaOuz6_HYY887lKPMl_SCIP88SPlMkrJE6TBiN8zB12az-4ysdSkI0JlBV650OGITo0GPCxRVSOyqlJtzgs>
X-ME-Proxy-Cause:
gggruggvucftvghtrhhoucdtuddrgedvhedrvdeiledgheefucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtugesthdtredttd
dtvdenucfhrhhomheplfhoshhhucfvrhhiphhlvghtthcuoehjohhshhesjhhoshhhthhr
ihhplhgvthhtrdhorhhgqeenucggtffrrghtthgvrhhnpeelleeggedtjeejfeeuvddufe
eggfektdefkeehveeuvedvvdfhgeffgfdvgfffkeenucevlhhushhtvghrufhiiigvpedt
necurfgrrhgrmhepmhgrihhlfhhrohhmpehjohhshhesjhhoshhhthhrihhplhgvthhtrd
horhhg
X-ME-Proxy: <xmx:uhgsZAxjjnYzcp42II1fPBtuP-3rCtE_KdFA4laR9MZ5_w9DWy79bg>
<xmx:uhgsZHS48FpanaOc2rRtnDJiyL_4wqK_LSZR5rlDrkfu1Z7Qt8CJHw>
<xmx:uhgsZLZdDSKZuAYD4PY-co9joRCnI5Kjm-g6d1IHoflbZUib1F4LTw>
<xmx:uhgsZI62ZMXW3aJI65vfTh6GDBbpKDckd_Wf8qN6z-L3VgD83jV23w>
Feedback-ID: i83e94755:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
4 Apr 2023 08:31:52 -0400 (EDT)
Date: Tue, 4 Apr 2023 21:31:48 +0900
From: Josh Triplett <josh@joshtriplett.org>
To: Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: [PATCH v2] prctl: Add PR_GET_AUXV to copy auxv to userspace
Message-ID:
<d81864a7f7f43bca6afa2a09fc2e850e4050ab42.1680611394.git.josh@joshtriplett.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_PASS
autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1762224450914062793?=
X-GMAIL-MSGID: =?utf-8?q?1762249205386186832?=
|
| Series |
[v2] prctl: Add PR_GET_AUXV to copy auxv to userspace
|
|
Commit Message
Josh Triplett
April 4, 2023, 12:31 p.m. UTC
If a library wants to get information from auxv (for instance,
AT_HWCAP/AT_HWCAP2), it has a few options, none of them perfectly
reliable or ideal:
- Be main or the pre-main startup code, and grub through the stack above
main. Doesn't work for a library.
- Call libc getauxval. Not ideal for libraries that are trying to be
libc-independent and/or don't otherwise require anything from other
libraries.
- Open and read /proc/self/auxv. Doesn't work for libraries that may run
in arbitrarily constrained environments that may not have /proc
mounted (e.g. libraries that might be used by an init program or a
container setup tool).
- Assume you're on the main thread and still on the original stack, and
try to walk the stack upwards, hoping to find auxv. Extremely bad
idea.
- Ask the caller to pass auxv in for you. Not ideal for a user-friendly
library, and then your caller may have the same problem.
Add a prctl that copies current->mm->saved_auxv to a userspace buffer.
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
---
v2:
- Fix W=1 warning about min type mismatch
I've built, booted, and tested this.
man-pages snippet:
.\" prctl PR_GET_AUXV
.TP
.BR PR_GET_AUXV " (since Linux 6.x)"
Get the auxilliary vector (auxv) into the buffer pointed to by
.IR "(void\~*) arg2" ,
whose length is given by \fIarg3\fP.
If the buffer is not long enough for the full auxilliary vector,
the copy will be truncated.
Return (as the function result)
the full length of the auxilliary vector.
\fIarg4\fP and \fIarg5\fP must be 0.
Will send a patch for man-pages once merged.
include/uapi/linux/prctl.h | 2 ++
kernel/sys.c | 15 +++++++++++++++
2 files changed, 17 insertions(+)
Comments
On Tue, 4 Apr 2023 21:31:48 +0900 Josh Triplett <josh@joshtriplett.org> wrote: > If a library wants to get information from auxv (for instance, > AT_HWCAP/AT_HWCAP2), it has a few options, none of them perfectly > reliable or ideal: > > - Be main or the pre-main startup code, and grub through the stack above > main. Doesn't work for a library. > - Call libc getauxval. Not ideal for libraries that are trying to be > libc-independent and/or don't otherwise require anything from other > libraries. > - Open and read /proc/self/auxv. Doesn't work for libraries that may run > in arbitrarily constrained environments that may not have /proc > mounted (e.g. libraries that might be used by an init program or a > container setup tool). > - Assume you're on the main thread and still on the original stack, and > try to walk the stack upwards, hoping to find auxv. Extremely bad > idea. > - Ask the caller to pass auxv in for you. Not ideal for a user-friendly > library, and then your caller may have the same problem. How does glibc's getauxval() do its thing? Why can't glibc-independent code do the same thing? > Add a prctl that copies current->mm->saved_auxv to a userspace buffer. > > ... > > --- a/include/uapi/linux/prctl.h > +++ b/include/uapi/linux/prctl.h > @@ -290,4 +290,6 @@ struct prctl_mm_map { > #define PR_SET_VMA 0x53564d41 > # define PR_SET_VMA_ANON_NAME 0 > > +#define PR_GET_AUXV 0x41555856 How was this constant arrived at? > --- a/kernel/sys.c > +++ b/kernel/sys.c > @@ -2377,6 +2377,16 @@ static inline int prctl_get_mdwe(unsigned long arg2, unsigned long arg3, > PR_MDWE_REFUSE_EXEC_GAIN : 0; > } > > +static int prctl_get_auxv(void __user *addr, unsigned long len) > +{ > + struct mm_struct *mm = current->mm; > + unsigned long size = min_t(unsigned long, sizeof(mm->saved_auxv), len); > + > + if (size && copy_to_user(addr, mm->saved_auxv, size)) > + return -EFAULT; > + return sizeof(mm->saved_auxv); > +} The type choices are unpleasing. Maybe make `len' a size_t and make the function return a size_t? That way prctl_get_auxv() will be much nicer, but the caller less so. > SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, > unsigned long, arg4, unsigned long, arg5) > { > @@ -2661,6 +2671,11 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, > case PR_SET_VMA: > error = prctl_set_vma(arg2, arg3, arg4, arg5); > break; > + case PR_GET_AUXV: > + if (arg4 || arg5) > + return -EINVAL; > + error = prctl_get_auxv((void __user *)arg2, arg3); > + break; > default: > error = -EINVAL; > break;
On Tue, Apr 04, 2023 at 12:43:55PM -0700, Andrew Morton wrote: > On Tue, 4 Apr 2023 21:31:48 +0900 Josh Triplett <josh@joshtriplett.org> wrote: > > > If a library wants to get information from auxv (for instance, > > AT_HWCAP/AT_HWCAP2), it has a few options, none of them perfectly > > reliable or ideal: > > > > - Be main or the pre-main startup code, and grub through the stack above > > main. Doesn't work for a library. > > - Call libc getauxval. Not ideal for libraries that are trying to be > > libc-independent and/or don't otherwise require anything from other > > libraries. > > - Open and read /proc/self/auxv. Doesn't work for libraries that may run > > in arbitrarily constrained environments that may not have /proc > > mounted (e.g. libraries that might be used by an init program or a > > container setup tool). > > - Assume you're on the main thread and still on the original stack, and > > try to walk the stack upwards, hoping to find auxv. Extremely bad > > idea. > > - Ask the caller to pass auxv in for you. Not ideal for a user-friendly > > library, and then your caller may have the same problem. > > How does glibc's getauxval() do its thing? Why can't glibc-independent > code do the same thing? glibc owns the pre-main startup code in programs linked to glibc, so it can record auxv for later reference in getauxval. That isn't an option for something that *doesn't* own the pre-main startup code. > > --- a/include/uapi/linux/prctl.h > > +++ b/include/uapi/linux/prctl.h > > @@ -290,4 +290,6 @@ struct prctl_mm_map { > > #define PR_SET_VMA 0x53564d41 > > # define PR_SET_VMA_ANON_NAME 0 > > > > +#define PR_GET_AUXV 0x41555856 > > How was this constant arrived at? It's 'A' 'U' 'X' 'V', inspired by PR_SET_VMA above which is 'S' 'V' 'M' 'A'. > > --- a/kernel/sys.c > > +++ b/kernel/sys.c > > @@ -2377,6 +2377,16 @@ static inline int prctl_get_mdwe(unsigned long arg2, unsigned long arg3, > > PR_MDWE_REFUSE_EXEC_GAIN : 0; > > } > > > > +static int prctl_get_auxv(void __user *addr, unsigned long len) > > +{ > > + struct mm_struct *mm = current->mm; > > + unsigned long size = min_t(unsigned long, sizeof(mm->saved_auxv), len); > > + > > + if (size && copy_to_user(addr, mm->saved_auxv, size)) > > + return -EFAULT; > > + return sizeof(mm->saved_auxv); > > +} > > The type choices are unpleasing. Maybe make `len' a size_t and make > the function return a size_t? That way prctl_get_auxv() will be much > nicer, but the caller less so. It'd have to be an ssize_t return to support returning -EFAULT. Also, sadly, size_t would still look just as bad, because `sizeof(mm->saved_auxv)` doesn't have type size_t (at least according to the error from the type-safe min macro). So this would still need a cast or a `min_t`. But I'm happy to change the argument to size_t and the return value to ssize_t, if you'd prefer. Will send v3 with that changed. - Josh Triplett
On Wed, Apr 05, 2023 at 09:24:36AM +0900, Josh Triplett wrote: > On Tue, Apr 04, 2023 at 12:43:55PM -0700, Andrew Morton wrote: > > On Tue, 4 Apr 2023 21:31:48 +0900 Josh Triplett <josh@joshtriplett.org> wrote: > > > --- a/kernel/sys.c > > > +++ b/kernel/sys.c > > > @@ -2377,6 +2377,16 @@ static inline int prctl_get_mdwe(unsigned long arg2, unsigned long arg3, > > > PR_MDWE_REFUSE_EXEC_GAIN : 0; > > > } > > > > > > +static int prctl_get_auxv(void __user *addr, unsigned long len) > > > +{ > > > + struct mm_struct *mm = current->mm; > > > + unsigned long size = min_t(unsigned long, sizeof(mm->saved_auxv), len); > > > + > > > + if (size && copy_to_user(addr, mm->saved_auxv, size)) > > > + return -EFAULT; > > > + return sizeof(mm->saved_auxv); > > > +} > > > > The type choices are unpleasing. Maybe make `len' a size_t and make > > the function return a size_t? That way prctl_get_auxv() will be much > > nicer, but the caller less so. > > It'd have to be an ssize_t return to support returning -EFAULT. Also, > sadly, size_t would still look just as bad, because > `sizeof(mm->saved_auxv)` doesn't have type size_t (at least according to > the error from the type-safe min macro). So this would still need a cast > or a `min_t`. > > But I'm happy to change the argument to size_t and the return value to > ssize_t, if you'd prefer. Will send v3 with that changed. That said, *all* the other helper functions here seem to return int...
From: Josh Triplett > Sent: 04 April 2023 13:32 > > If a library wants to get information from auxv (for instance, > AT_HWCAP/AT_HWCAP2), it has a few options, none of them perfectly > reliable or ideal: > > - Be main or the pre-main startup code, and grub through the stack above > main. Doesn't work for a library. > - Call libc getauxval. Not ideal for libraries that are trying to be > libc-independent and/or don't otherwise require anything from other > libraries. > - Open and read /proc/self/auxv. Doesn't work for libraries that may run > in arbitrarily constrained environments that may not have /proc > mounted (e.g. libraries that might be used by an init program or a > container setup tool). > - Assume you're on the main thread and still on the original stack, and > try to walk the stack upwards, hoping to find auxv. Extremely bad > idea. > - Ask the caller to pass auxv in for you. Not ideal for a user-friendly > library, and then your caller may have the same problem. > > Add a prctl that copies current->mm->saved_auxv to a userspace buffer. ... > +static int prctl_get_auxv(void __user *addr, unsigned long len) > +{ > + struct mm_struct *mm = current->mm; > + unsigned long size = min_t(unsigned long, sizeof(mm->saved_auxv), len); Don't use min_t() fix the types. min_t() is a horrid abomination that is massively overused. It would be better to have a min_unchecked() that just skips the type test. Or accept my patches that allows allow min/max against compile-time constants between 0 and MAX_INT. After all, the only reason for the type check is to try to avoid negative values becoming large positive ones due to integer promotions. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 1312a137f7fb..b2b24eaf2427 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -290,4 +290,6 @@ struct prctl_mm_map { #define PR_SET_VMA 0x53564d41 # define PR_SET_VMA_ANON_NAME 0 +#define PR_GET_AUXV 0x41555856 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 495cd87d9bf4..43f922170706 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2377,6 +2377,16 @@ static inline int prctl_get_mdwe(unsigned long arg2, unsigned long arg3, PR_MDWE_REFUSE_EXEC_GAIN : 0; } +static int prctl_get_auxv(void __user *addr, unsigned long len) +{ + struct mm_struct *mm = current->mm; + unsigned long size = min_t(unsigned long, sizeof(mm->saved_auxv), len); + + if (size && copy_to_user(addr, mm->saved_auxv, size)) + return -EFAULT; + return sizeof(mm->saved_auxv); +} + SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, unsigned long, arg4, unsigned long, arg5) { @@ -2661,6 +2671,11 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, case PR_SET_VMA: error = prctl_set_vma(arg2, arg3, arg4, arg5); break; + case PR_GET_AUXV: + if (arg4 || arg5) + return -EINVAL; + error = prctl_get_auxv((void __user *)arg2, arg3); + break; default: error = -EINVAL; break;