[PATCH v4] fs/proc, core/debug: Don't expose absolute kernel addresses via wchan

From: Ingo Molnar
Date: Thu Oct 01 2015 - 05:38:29 EST



* Ingo Molnar <mingo@xxxxxxxxxx> wrote:

>
> * Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> > > @@ -507,7 +505,7 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
> > > seq_put_decimal_ull(m, ' ', task->blocked.sig[0] & 0x7fffffffUL);
> > > seq_put_decimal_ull(m, ' ', sigign.sig[0] & 0x7fffffffUL);
> > > seq_put_decimal_ull(m, ' ', sigcatch.sig[0] & 0x7fffffffUL);
> > > - seq_put_decimal_ull(m, ' ', wchan);
> > > + seq_puts(m, " 0"); /* Used to be numeric wchan - replaced by /proc/PID/wchan */
> >
> > Probably should also update Documentation/filesystems/proc.txt with
> > something like:
> >
> > --- a/Documentation/filesystems/proc.txt
> > +++ b/Documentation/filesystems/proc.txt
> > @@ -310,7 +310,7 @@ Table 1-4: Contents of the stat files (as of 2.6.30-rc7)
> > blocked bitmap of blocked signals
> > sigign bitmap of ignored signals
> > sigcatch bitmap of caught signals
> > - wchan address where process went to sleep
> > + 0 (place holder, was wchan, see /proc/PID/wchan instead)
> > 0 (place holder)
> > 0 (place holder)
> > exit_signal signal to send to parent thread on exit
>
> Indeed - I ended up clarifying both wchan explanations, see the changes below.
>
> I also made the 'no symbols' output "0" (instead of an empty string), to better
> match the /proc/PID/stat behavior and previous output.
>
> I'll push it out after a bit more testing and if nothing goes wrong I'll send this
> patch to Linus in the v4.4 merge window.

Yeah, so testing uncovered the following additional ABI detail: procps relies on
the wchan field in /proc/PID/stat, but only as a flag (in most cases), whether to
look at /proc/PID/wchan.

To keep the ABI, the v4 patch below outputs not the absolute address, but a 0/1
flag to indicate whether the task is blocked and whether there's anything worth
looking at in /proc/PID/wchan.

I tested this approach with procps and it seems to fully work. In fact due to the
ptrace check we properly restrict the information to our own tasks only. root
still sees the wchan field of all tasks.

Btw., the very latest procps-ng grew this nice change:

6b8dc5511fb9 ("library: refactor and rely on modern kernels for wchan")

which greatly simplified procps's handling of /proc/PID/wchan.

... but my testing was done with an older procps version.

Thanks,

Ingo

==========================>