[PATCH] proc: add config & param to block forcing mem writes
Linus Torvalds
torvalds at linux-foundation.org
Tue Jul 23 18:30:31 UTC 2024
On Tue, 23 Jul 2024 at 10:18, Adrian Ratiu <adrian.ratiu at collabora.com> wrote:
>
> This adds a Kconfig option and boot param to allow removing
> the FOLL_FORCE flag from /proc/pid/mem write calls because
> it can be abused.
Ack, this looks much simpler.
That said, I think this can be prettied up some more:
> +enum proc_mem_force_state {
> + PROC_MEM_FORCE_ALWAYS,
> + PROC_MEM_FORCE_PTRACE,
> + PROC_MEM_FORCE_NEVER
> +};
> +
> +#if defined(CONFIG_PROC_MEM_ALWAYS_FORCE)
> +static enum proc_mem_force_state proc_mem_force_override __ro_after_init = PROC_MEM_FORCE_ALWAYS;
> +#elif defined(CONFIG_PROC_MEM_FORCE_PTRACE)
> +static enum proc_mem_force_state proc_mem_force_override __ro_after_init = PROC_MEM_FORCE_PTRACE;
> +#else
> +static enum proc_mem_force_state proc_mem_force_override __ro_after_init = PROC_MEM_FORCE_NEVER;
> +#endif
I think instead of that forest of #if defined(), we can just do
enum proc_mem_force {
PROC_MEM_FORCE_ALWAYS,
PROC_MEM_FORCE_PTRACE,
PROC_MEM_FORCE_NEVER
};
static enum proc_mem_force proc_mem_force_override __ro_after_init =
IS_ENABLED(CONFIG_PROC_MEM_ALWAYS_FORCE) ? PROC_MEM_FORCE_ALWAYS :
IS_ENABLED(CONFIG_PROC_MEM_FORCE_PTRACE) ? PROC_MEM_FORCE_PTRACE :
PROC_MEM_FORCE_NEVER;
I also really thought we had some parser helper for this pattern:
> +static int __init early_proc_mem_force_override(char *buf)
> +{
> + if (!buf)
> + return -EINVAL;
> +
> + if (strcmp(buf, "always") == 0) {
> + proc_mem_force_override = PROC_MEM_FORCE_ALWAYS;
....
but it turns out we only really "officially" have it for filesystem
superblock parsing.
Oh well. We could do
#include <linux/fs_parser.h>
...
struct constant_table proc_mem_force_table[] {
{ "ptrace", PROC_MEM_FORCE_PTRACE },
{ "never", PROC_MEM_FORCE_NEVER },
{ }
};
...
proc_mem_force_override = lookup_constant(
proc_mem_force_table, buf, PROC_MEM_FORCE_NEVER);
but while that looks a bit prettier, the whole "fs_parser.h" thing is
admittedly odd.
Anyway, I think the patch is ok, although I also happen to think it
could be a bit prettier.
Linus
More information about the Linux-security-module-archive
mailing list