[PATCH V2] Keep 3 high personality bytes across exec - Kernel

This is a discussion on [PATCH V2] Keep 3 high personality bytes across exec - Kernel ; Currently when a 32 bit process is exec'd on a powerpc 64 bit host the value in the top three bytes of the personality is clobbered. This patch adds a check in the SET_PERSONALITY macro that will carry all the ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: [PATCH V2] Keep 3 high personality bytes across exec

  1. [PATCH V2] Keep 3 high personality bytes across exec

    Currently when a 32 bit process is exec'd on a powerpc 64 bit host the value
    in the top three bytes of the personality is clobbered. This patch adds a
    check in the SET_PERSONALITY macro that will carry all the values in the top
    three bytes across the exec.

    These three bytes currently carry flags to disable address randomisation,
    limit the address space, force zeroing of an mmapped page, etc. Should an
    application set any of these bits they will be maintained and honoured on
    homogeneous environment but discarded and ignored on a heterogeneous
    environment. So if an application requires all mmapped pages to be initialised
    to zero and a wrapper is used to setup the personality and exec the target,
    these flags will remain set on an all 32 or all 64 bit envrionment, but they
    will be lost in the exec on a mixed 32/64 bit environment. Losing these bits
    means that the same application would behave differently in different
    environments. Tested on a POWER5+ machine with 64bit kernel and a mixed
    64/32 bit user space.

    Signed-off-by: Eric B Munson

    ---
    V2

    Changes from V1:
    Updated changelog with a better description of why this change is useful

    Based on 2.6.26-rc6

    include/asm-powerpc/elf.h | 3 ++-
    include/linux/personality.h | 6 ++++++
    2 files changed, 8 insertions(+), 1 deletions(-)

    diff --git a/include/asm-powerpc/elf.h b/include/asm-powerpc/elf.h
    index 9080d85..2f11a0e 100644
    --- a/include/asm-powerpc/elf.h
    +++ b/include/asm-powerpc/elf.h
    @@ -257,7 +257,8 @@ do { \
    else \
    clear_thread_flag(TIF_ABI_PENDING); \
    if (personality(current->personality) != PER_LINUX32) \
    - set_personality(PER_LINUX); \
    + set_personality(PER_LINUX | \
    + (current->personality & PER_INHERIT)); \
    } while (0)
    /*
    * An executable for which elf_read_implies_exec() returns TRUE will
    diff --git a/include/linux/personality.h b/include/linux/personality.h
    index a84e9ff..362eb90 100644
    --- a/include/linux/personality.h
    +++ b/include/linux/personality.h
    @@ -36,6 +36,12 @@ enum {
    ADDR_LIMIT_3GB = 0x8000000,
    };

    +/* Mask for the above personality values */
    +#define PER_INHERIT (ADDR_NO_RANDOMIZE|FDPIC_FUNCPTRS|MMAP_PAGE_ZERO| \
    + ADDR_COMPAT_LAYOUT|READ_IMPLIES_EXEC|ADDR_LIMIT_32 BIT| \
    + SHORT_INODE|WHOLE_SECONDS|STICKY_TIMEOUTS| \
    + ADDR_LIMIT_3GB)
    +
    /*
    * Security-relevant compatibility flags that must be
    * cleared upon setuid or setgid exec:


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFIZYDtsnv9E83jkzoRAu98AKDB62YlUFX951qoC8PItG 1iOu0akACgijgX
    5HmGq6MTB19tIiQGbCJOfjU=
    =BpRd
    -----END PGP SIGNATURE-----


  2. Re: [PATCH V2] Keep 3 high personality bytes across exec

    Eric B Munson writes:

    > --- a/include/asm-powerpc/elf.h
    > +++ b/include/asm-powerpc/elf.h
    > @@ -257,7 +257,8 @@ do { \
    > else \
    > clear_thread_flag(TIF_ABI_PENDING); \
    > if (personality(current->personality) != PER_LINUX32) \
    > - set_personality(PER_LINUX); \
    > + set_personality(PER_LINUX | \
    > + (current->personality & PER_INHERIT)); \


    Couldn't we use ~PER_MASK here instead of PER_INHERIT? That would
    mean we wouldn't have to modify include/linux/personality.h, and we
    wouldn't have to keep updating PER_INHERIT as more flags get added.

    (Nice patch description, BTW. Thanks.)

    Paul.
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  3. Re: [PATCH V2] Keep 3 high personality bytes across exec

    On Mon, 30 Jun 2008, Paul Mackerras wrote:

    > Eric B Munson writes:
    >
    > > --- a/include/asm-powerpc/elf.h
    > > +++ b/include/asm-powerpc/elf.h
    > > @@ -257,7 +257,8 @@ do { \
    > > else \
    > > clear_thread_flag(TIF_ABI_PENDING); \
    > > if (personality(current->personality) != PER_LINUX32) \
    > > - set_personality(PER_LINUX); \
    > > + set_personality(PER_LINUX | \
    > > + (current->personality & PER_INHERIT)); \

    >
    > Couldn't we use ~PER_MASK here instead of PER_INHERIT? That would
    > mean we wouldn't have to modify include/linux/personality.h, and we
    > wouldn't have to keep updating PER_INHERIT as more flags get added.
    >
    > (Nice patch description, BTW. Thanks.)
    >
    > Paul.
    >


    Yeah, ~PER_MASK will work fine. I used PER_INHERIT first because I
    was not sure if there were values that should not be carried forward.
    I will have an updated patch out shortly.

    Eric

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFIaQIusnv9E83jkzoRAjBzAJ9bQ+qYRJSc7v+Xnd0p2K LekE8oWQCgsDHz
    UNvamXxuUJ461lmmtsQMZh4=
    =yDrU
    -----END PGP SIGNATURE-----


  4. [PATCH V3] Keep 3 high personality bytes across exec

    Currently when a 32 bit process is exec'd on a powerpc 64 bit host the value
    in the top three bytes of the personality is clobbered. This patch adds a
    check in the SET_PERSONALITY macro that will carry all the values in the top
    three bytes across the exec.

    These three bytes currently carry flags to disable address randomisation,
    limit the address space, force zeroing of an mmapped page, etc. Should an
    application set any of these bits they will be maintained and honoured on
    homogeneous environment but discarded and ignored on a heterogeneous
    environment. So if an application requires all mmapped pages to be initialised
    to zero and a wrapper is used to setup the personality and exec the target,
    these flags will remain set on an all 32 or all 64 bit envrionment, but they
    will be lost in the exec on a mixed 32/64 bit environment. Losing these bits
    means that the same application would behave differently in different
    environments. Tested on a POWER5+ machine with 64bit kernel and a mixed
    64/32 bit user space.

    Signed-off-by: Eric B Munson
    ---
    V3
    Based on 2.6.26-rc8

    Changes from V2:
    Use ~PER_MASK instead of PER_INHERIT
    Remove PER_INHERIT
    Rebase to 2.6.26-rc8

    Changes from V1:
    Updated changelog with a better description of why this change is useful

    include/asm-powerpc/elf.h | 3 ++-
    1 files changed, 2 insertions(+), 1 deletions(-)

    diff --git a/include/asm-powerpc/elf.h b/include/asm-powerpc/elf.h
    index 9080d85..5eee73e 100644
    --- a/include/asm-powerpc/elf.h
    +++ b/include/asm-powerpc/elf.h
    @@ -257,7 +257,8 @@ do { \
    else \
    clear_thread_flag(TIF_ABI_PENDING); \
    if (personality(current->personality) != PER_LINUX32) \
    - set_personality(PER_LINUX); \
    + set_personality(PER_LINUX | \
    + (current->personality & (~PER_MASK))); \
    } while (0)
    /*
    * An executable for which elf_read_implies_exec() returns TRUE will
    --
    1.5.6.1

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread