Re: [PATCH] proc: add config & param to block forcing mem writes

"Adrian Ratiu" <adrian.ratiu@xxxxxxxxxxxxx> · Wed, 24 Jul 2024 10:16:25 +0100

On Tuesday, July 23, 2024 21:30 EEST, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:

> On Tue, 23 Jul 2024 at 10:18, Adrian Ratiu <adrian.ratiu@xxxxxxxxxxxxx> wrote:
> >
> > This adds a Kconfig option and boot param to allow removing
> > the FOLL_FORCE flag from /proc/pid/mem write calls because
> > it can be abused.
> 
> Ack, this looks much simpler.
> 
> That said, I think this can be prettied up some more:
> 
> > +enum proc_mem_force_state {
> > +       PROC_MEM_FORCE_ALWAYS,
> > +       PROC_MEM_FORCE_PTRACE,
> > +       PROC_MEM_FORCE_NEVER
> > +};
> > +
> > +#if defined(CONFIG_PROC_MEM_ALWAYS_FORCE)
> > +static enum proc_mem_force_state proc_mem_force_override __ro_after_init = PROC_MEM_FORCE_ALWAYS;
> > +#elif defined(CONFIG_PROC_MEM_FORCE_PTRACE)
> > +static enum proc_mem_force_state proc_mem_force_override __ro_after_init = PROC_MEM_FORCE_PTRACE;
> > +#else
> > +static enum proc_mem_force_state proc_mem_force_override __ro_after_init = PROC_MEM_FORCE_NEVER;
> > +#endif
> 
> I think instead of that forest of #if defined(), we can just do
> 
>   enum proc_mem_force {
>         PROC_MEM_FORCE_ALWAYS,
>         PROC_MEM_FORCE_PTRACE,
>         PROC_MEM_FORCE_NEVER
>   };
> 
>   static enum proc_mem_force proc_mem_force_override __ro_after_init =
>       IS_ENABLED(CONFIG_PROC_MEM_ALWAYS_FORCE) ? PROC_MEM_FORCE_ALWAYS :
>       IS_ENABLED(CONFIG_PROC_MEM_FORCE_PTRACE) ? PROC_MEM_FORCE_PTRACE :
>       PROC_MEM_FORCE_NEVER;
> 
> I also really thought we had some parser helper for this pattern:
> 
> > +static int __init early_proc_mem_force_override(char *buf)
> > +{
> > +       if (!buf)
> > +               return -EINVAL;
> > +
> > +       if (strcmp(buf, "always") == 0) {
> > +               proc_mem_force_override = PROC_MEM_FORCE_ALWAYS;
>  ....
> 
> but it turns out we only really "officially" have it for filesystem
> superblock parsing.
> 
> Oh well. We could do
> 
>   #include <linux/fs_parser.h>
>  ...
>   struct constant_table proc_mem_force_table[] {
>         { "ptrace", PROC_MEM_FORCE_PTRACE },
>         { "never", PROC_MEM_FORCE_NEVER },
>         { }
>   };
>   ...
>   proc_mem_force_override = lookup_constant(
>         proc_mem_force_table, buf, PROC_MEM_FORCE_NEVER);
> 
> but while that looks a bit prettier, the whole "fs_parser.h" thing is
> admittedly odd.
> 
> Anyway, I think the patch is ok, although I also happen to think it
> could be a bit prettier.

Thanks again, I am perfectly fine with using fs_parser.h.

I'll wait a few days to give others a chance to review/respond,
then apply your changes and send a v3.

(this was actually v2, however git format-patch removed my
"Changes in v2" blurb and v2 title; will add them next time)