[PATCH] proc: add config & param to block forcing mem writes

[Linus Torvalds]

On Tue, 23 Jul 2024 at 10:18, Adrian Ratiu <adrian.ratiu at collabora.com> wrote:
>
> This adds a Kconfig option and boot param to allow removing
> the FOLL_FORCE flag from /proc/pid/mem write calls because
> it can be abused.

Ack, this looks much simpler.

That said, I think this can be prettied up some more:

> +enum proc_mem_force_state {
> +       PROC_MEM_FORCE_ALWAYS,
> +       PROC_MEM_FORCE_PTRACE,
> +       PROC_MEM_FORCE_NEVER
> +};
> +
> +#if defined(CONFIG_PROC_MEM_ALWAYS_FORCE)
> +static enum proc_mem_force_state proc_mem_force_override __ro_after_init = PROC_MEM_FORCE_ALWAYS;
> +#elif defined(CONFIG_PROC_MEM_FORCE_PTRACE)
> +static enum proc_mem_force_state proc_mem_force_override __ro_after_init = PROC_MEM_FORCE_PTRACE;
> +#else
> +static enum proc_mem_force_state proc_mem_force_override __ro_after_init = PROC_MEM_FORCE_NEVER;
> +#endif

I think instead of that forest of #if defined(), we can just do

  enum proc_mem_force {
        PROC_MEM_FORCE_ALWAYS,
        PROC_MEM_FORCE_PTRACE,
        PROC_MEM_FORCE_NEVER
  };

  static enum proc_mem_force proc_mem_force_override __ro_after_init =
      IS_ENABLED(CONFIG_PROC_MEM_ALWAYS_FORCE) ? PROC_MEM_FORCE_ALWAYS :
      IS_ENABLED(CONFIG_PROC_MEM_FORCE_PTRACE) ? PROC_MEM_FORCE_PTRACE :
      PROC_MEM_FORCE_NEVER;

I also really thought we had some parser helper for this pattern:

> +static int __init early_proc_mem_force_override(char *buf)
> +{
> +       if (!buf)
> +               return -EINVAL;
> +
> +       if (strcmp(buf, "always") == 0) {
> +               proc_mem_force_override = PROC_MEM_FORCE_ALWAYS;
 ....

but it turns out we only really "officially" have it for filesystem
superblock parsing.

Oh well. We could do

  #include <linux/fs_parser.h>
 ...
  struct constant_table proc_mem_force_table[] {
        { "ptrace", PROC_MEM_FORCE_PTRACE },
        { "never", PROC_MEM_FORCE_NEVER },
        { }
  };
  ...
  proc_mem_force_override = lookup_constant(
        proc_mem_force_table, buf, PROC_MEM_FORCE_NEVER);

but while that looks a bit prettier, the whole "fs_parser.h" thing is
admittedly odd.

Anyway, I think the patch is ok, although I also happen to think it
could be a bit prettier.

            Linus