Re: [PATCH V2] Keep 3 high personality bytes across exec

2008-06-30 Thread Paul Mackerras 
Eric B Munson writes:

 --- a/include/asm-powerpc/elf.h
 +++ b/include/asm-powerpc/elf.h
 @@ -257,7 +257,8 @@ do {  
 \
   else\
   clear_thread_flag(TIF_ABI_PENDING); \
   if (personality(current-personality) != PER_LINUX32)   \
 - set_personality(PER_LINUX); \
 + set_personality(PER_LINUX | \
 + (current-personality  PER_INHERIT));  \

Couldn't we use ~PER_MASK here instead of PER_INHERIT?  That would
mean we wouldn't have to modify include/linux/personality.h, and we
wouldn't have to keep updating PER_INHERIT as more flags get added.

(Nice patch description, BTW.  Thanks.)

Paul.
___
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman/listinfo/linuxppc-dev

Re: [PATCH V2] Keep 3 high personality bytes across exec

2008-06-30 Thread Eric B Munson 
On Mon, 30 Jun 2008, Paul Mackerras wrote:

 Eric B Munson writes:
 
  --- a/include/asm-powerpc/elf.h
  +++ b/include/asm-powerpc/elf.h
  @@ -257,7 +257,8 @@ do {
  \
  else\
  clear_thread_flag(TIF_ABI_PENDING); \
  if (personality(current-personality) != PER_LINUX32)   \
  -   set_personality(PER_LINUX); \
  +   set_personality(PER_LINUX | \
  +   (current-personality  PER_INHERIT));  \
 
 Couldn't we use ~PER_MASK here instead of PER_INHERIT?  That would
 mean we wouldn't have to modify include/linux/personality.h, and we
 wouldn't have to keep updating PER_INHERIT as more flags get added.
 
 (Nice patch description, BTW.  Thanks.)
 
 Paul.
 

Yeah, ~PER_MASK will work fine.  I used PER_INHERIT first because I
was not sure if there were values that should not be carried forward.
I will have an updated patch out shortly.

Eric


signature.asc
Description: Digital signature
___
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman/listinfo/linuxppc-dev

[PATCH V2] Keep 3 high personality bytes across exec

2008-06-27 Thread Eric B Munson 
Currently when a 32 bit process is exec'd on a powerpc 64 bit host the value
in the top three bytes of the personality is clobbered.  This patch adds a
check in the SET_PERSONALITY macro that will carry all the values in the top
three bytes across the exec.

These three bytes currently carry flags to disable address randomisation,
limit the address space, force zeroing of an mmapped page, etc.  Should an
application set any of these bits they will be maintained and honoured on
homogeneous environment but discarded and ignored on a heterogeneous
environment.  So if an application requires all mmapped pages to be initialised
to zero and a wrapper is used to setup the personality and exec the target,
these flags will remain set on an all 32 or all 64 bit envrionment, but they
will be lost in the exec on a mixed 32/64 bit environment.  Losing these bits
means that the same application would behave differently in different
environments.  Tested on a POWER5+ machine with 64bit kernel and a mixed
64/32 bit user space.

Signed-off-by: Eric B Munson [EMAIL PROTECTED]

---
V2

Changes from V1:
Updated changelog with a better description of why this change is useful

Based on 2.6.26-rc6

 include/asm-powerpc/elf.h   |3 ++-
 include/linux/personality.h |6 ++
 2 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/include/asm-powerpc/elf.h b/include/asm-powerpc/elf.h
index 9080d85..2f11a0e 100644
--- a/include/asm-powerpc/elf.h
+++ b/include/asm-powerpc/elf.h
@@ -257,7 +257,8 @@ do {
\
else\
clear_thread_flag(TIF_ABI_PENDING); \
if (personality(current-personality) != PER_LINUX32)   \
-   set_personality(PER_LINUX); \
+   set_personality(PER_LINUX | \
+   (current-personality  PER_INHERIT));  \
 } while (0)
 /*
  * An executable for which elf_read_implies_exec() returns TRUE will
diff --git a/include/linux/personality.h b/include/linux/personality.h
index a84e9ff..362eb90 100644
--- a/include/linux/personality.h
+++ b/include/linux/personality.h
@@ -36,6 +36,12 @@ enum {
ADDR_LIMIT_3GB =0x800,
 };
 
+/* Mask for the above personality values */
+#define PER_INHERIT (ADDR_NO_RANDOMIZE|FDPIC_FUNCPTRS|MMAP_PAGE_ZERO| \
+   ADDR_COMPAT_LAYOUT|READ_IMPLIES_EXEC|ADDR_LIMIT_32BIT| \
+   SHORT_INODE|WHOLE_SECONDS|STICKY_TIMEOUTS| \
+   ADDR_LIMIT_3GB)
+
 /*
  * Security-relevant compatibility flags that must be
  * cleared upon setuid or setgid exec:



signature.asc
Description: Digital signature
___
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman/listinfo/linuxppc-dev

[RFC PATCH V2] Keep 3 high personality bytes across exec

2008-06-18 Thread Eric B Munson 
Currently when a 32 bit process is exec'd on a powerpc 64 bit host the value
in the top three bytes of the personality is clobbered.  This patch adds a
check in the SET_PERSONALITY macro that will carry all the values in the top
three bytes across the exec.

These three bytes currently carry flags to disable address randomisation,
limit the address space, force zeroing of an mmapped page, etc.  Should an
application set any of these bits they will be maintained and honoured on
homogeneous environment but discarded and ignored on a heterogeneous
environment.  So if an application requires all mmapped pages to be initialised
to zero and a wrapper is used to setup the personality and exec the target,
these flags will remain set on an all 32 or all 64 bit envrionment, but they
will be lost in the exec on a mixed 32/64 bit environment.  Losing these bits
means that the same application would behave differently in different
environments.  Tested on a POWER5+ machine with 64bit kernel and a mixed
64/32 bit user space.

Signed-off-by: Eric B Munson [EMAIL PROTECTED]

---
V2

Changes from V1:
Updated changelog with a better description of why this change is useful

Based on 2.6.26-rc6

 include/asm-powerpc/elf.h   |3 ++-
 include/linux/personality.h |6 ++
 2 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/include/asm-powerpc/elf.h b/include/asm-powerpc/elf.h
index 9080d85..2f11a0e 100644
--- a/include/asm-powerpc/elf.h
+++ b/include/asm-powerpc/elf.h
@@ -257,7 +257,8 @@ do {
\
else\
clear_thread_flag(TIF_ABI_PENDING); \
if (personality(current-personality) != PER_LINUX32)   \
-   set_personality(PER_LINUX); \
+   set_personality(PER_LINUX | \
+   (current-personality  PER_INHERIT));  \
 } while (0)
 /*
  * An executable for which elf_read_implies_exec() returns TRUE will
diff --git a/include/linux/personality.h b/include/linux/personality.h
index a84e9ff..362eb90 100644
--- a/include/linux/personality.h
+++ b/include/linux/personality.h
@@ -36,6 +36,12 @@ enum {
ADDR_LIMIT_3GB =0x800,
 };
 
+/* Mask for the above personality values */
+#define PER_INHERIT (ADDR_NO_RANDOMIZE|FDPIC_FUNCPTRS|MMAP_PAGE_ZERO| \
+   ADDR_COMPAT_LAYOUT|READ_IMPLIES_EXEC|ADDR_LIMIT_32BIT| \
+   SHORT_INODE|WHOLE_SECONDS|STICKY_TIMEOUTS| \
+   ADDR_LIMIT_3GB)
+
 /*
  * Security-relevant compatibility flags that must be
  * cleared upon setuid or setgid exec:



signature.asc
Description: Digital signature
___
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman/listinfo/linuxppc-dev