I'm looking at the ctx patch for DSVR to see how we could integrate it into our operation (see http://www.dsvr.co.uk).
We'd like vserver users to be as ignorant of their vserver-ness as
possible, hence cloaking /proc/self/status.
But for investigating/debugging/hacking-on-vserver purposes, this
cloaking should be sysctl-able.
The ctx sysctl should itself be cloakable too.
All this might not suit all tastes, so whilst the patch defaults to the
most secure option, the usual:
echo 1 > /proc/sys/kernel/ctx/visible-self-status
echo 1 > /proc/sys/kernel/ctx/visible-sysctrls
would restore previous behaviour.
Comments please.
Jonathan
--
Jonathan Sambrook
Software Developer
Designer Servers
diff -Nur linux-2.4.20-quota-ctx/arch/i386/config.in linux-2.4.20/arch/i386/config.in
--- linux-2.4.20-quota-ctx/arch/i386/config.in 2003-01-30 14:40:56.000000000 +0000
+++ linux-2.4.20/arch/i386/config.in 2003-02-20 14:10:41.000000000 +0000
@@ -286,6 +286,11 @@
bool 'System V IPC' CONFIG_SYSVIPC
bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT
bool 'Sysctl support' CONFIG_SYSCTL
+
+if [ "$CONFIG_SYSCTL" = "y" ]; then
+ bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS
+fi
+
if [ "$CONFIG_PROC_FS" = "y" ]; then
choice 'Kernel core (/proc/kcore) format' \
"ELF CONFIG_KCORE_ELF \
diff -Nur linux-2.4.20-quota-ctx/arch/ppc/config.in linux-2.4.20/arch/ppc/config.in
--- linux-2.4.20-quota-ctx/arch/ppc/config.in 2003-01-30 14:40:57.000000000 +0000
+++ linux-2.4.20/arch/ppc/config.in 2003-02-18 13:28:35.000000000 +0000
@@ -161,6 +161,11 @@
bool 'Networking support' CONFIG_NET
bool 'Sysctl support' CONFIG_SYSCTL
+
+if [ "$CONFIG_SYSCTL" = "y" ]; then
+ bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS
+fi
+
bool 'System V IPC' CONFIG_SYSVIPC
bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT
diff -Nur linux-2.4.20-quota-ctx/arch/sparc/config.in linux-2.4.20/arch/sparc/config.in
--- linux-2.4.20-quota-ctx/arch/sparc/config.in 2003-01-30 14:40:57.000000000 +0000
+++ linux-2.4.20/arch/sparc/config.in 2003-02-18 13:28:35.000000000 +0000
@@ -65,6 +65,11 @@
bool 'System V IPC' CONFIG_SYSVIPC
bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT
bool 'Sysctl support' CONFIG_SYSCTL
+
+if [ "$CONFIG_SYSCTL" = "y" ]; then
+ bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS
+fi
+
if [ "$CONFIG_PROC_FS" = "y" ]; then
define_bool CONFIG_KCORE_ELF y
fi
diff -Nur linux-2.4.20-quota-ctx/arch/sparc64/config.in
linux-2.4.20/arch/sparc64/config.in
--- linux-2.4.20-quota-ctx/arch/sparc64/config.in 2003-01-30 14:40:57.000000000
+0000
+++ linux-2.4.20/arch/sparc64/config.in 2003-02-18 13:28:35.000000000 +0000
@@ -64,6 +64,11 @@
bool 'System V IPC' CONFIG_SYSVIPC
bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT
bool 'Sysctl support' CONFIG_SYSCTL
+
+if [ "$CONFIG_SYSCTL" = "y" ]; then
+ bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS
+fi
+
if [ "$CONFIG_PROC_FS" = "y" ]; then
define_bool CONFIG_KCORE_ELF y
fi
diff -Nur linux-2.4.20-quota-ctx/Documentation/Configure.help
linux-2.4.20/Documentation/Configure.help
--- linux-2.4.20-quota-ctx/Documentation/Configure.help 2003-01-30 14:40:57.000000000
+0000
+++ linux-2.4.20/Documentation/Configure.help 2003-02-20 14:10:41.000000000 +0000
@@ -526,6 +526,13 @@
The umem driver has been allocated block major number 116.
See Documentation/devices.txt for recommended device naming.
+Context Patch Sysctls
+CONFIG_CTX_SYSCTLS
+ Saying Y here will allow you to configure some of the behaviour of
+ the Jacques Gelinas Context Patch
+
+ See http://www.solucorp.qc.ca/miscprj/s_context.hc
+
Network block device support
CONFIG_BLK_DEV_NBD
Saying Y here will allow your computer to be a client for network
diff -Nur linux-2.4.20-quota-ctx/fs/proc/array.c linux-2.4.20/fs/proc/array.c
--- linux-2.4.20-quota-ctx/fs/proc/array.c 2003-01-30 14:40:56.000000000 +0000
+++ linux-2.4.20/fs/proc/array.c 2003-02-18 13:28:35.000000000 +0000
@@ -279,6 +279,9 @@
cap_t(p->cap_bset));
}
+#ifdef CONFIG_CTX_SYSCTLS
+int sysctl_ctx_unsafe_self_status = 0; // Default to safe
+#endif
int proc_pid_status(struct task_struct *task, char * buffer)
{
@@ -299,47 +302,54 @@
buffer = task_sig(task, buffer);
buffer = task_cap(task, buffer);
#ifdef __NR_new_s_context
- if (task->s_info != NULL){
- int i;
- buffer += sprintf (buffer,"s_context: %d [",task->s_context);
- for (i=0; i<NB_S_CONTEXT; i++){
- short int ctx = task->s_info->s_context[i];
- if (ctx == 0) break;
- buffer += sprintf (buffer," %d",ctx);
+ if(current->s_context == 0
+#ifdef CONFIG_CTX_SYSCTLS
+ || sysctl_ctx_unsafe_self_status
+#endif
+ )
+ {
+ if (task->s_info != NULL){
+ int i;
+ buffer += sprintf (buffer,"s_context: %d [",task->s_context);
+ for (i=0; i<NB_S_CONTEXT; i++){
+ short int ctx = task->s_info->s_context[i];
+ if (ctx == 0) break;
+ buffer += sprintf (buffer," %d",ctx);
+ }
+ *buffer++ = ']';
+ *buffer++ = '\n';
+ buffer += sprintf (buffer,"ctxticks: %d %ld %d\n"
+ ,atomic_read(&task->s_info->ticks),task->counter
+ ,task->s_info->refcount);
+ buffer += sprintf (buffer,"ctxflags: %d\n"
+ ,task->s_info->flags);
+ buffer += sprintf (buffer,"initpid: %d\n"
+ ,task->s_info->initpid);
+ }else{
+ buffer += sprintf (buffer,"s_context: %d\n",task->s_context);
+ buffer += sprintf (buffer,"ctxticks: none\n");
+ buffer += sprintf (buffer,"ctxflags: none\n");
+ buffer += sprintf (buffer,"initpid: none\n");
}
- *buffer++ = ']';
- *buffer++ = '\n';
- buffer += sprintf (buffer,"ctxticks: %d %ld %d\n"
- ,atomic_read(&task->s_info->ticks),task->counter
- ,task->s_info->refcount);
- buffer += sprintf (buffer,"ctxflags: %d\n"
- ,task->s_info->flags);
- buffer += sprintf (buffer,"initpid: %d\n"
- ,task->s_info->initpid);
- }else{
- buffer += sprintf (buffer,"s_context: %d\n",task->s_context);
- buffer += sprintf (buffer,"ctxticks: none\n");
- buffer += sprintf (buffer,"ctxflags: none\n");
- buffer += sprintf (buffer,"initpid: none\n");
- }
- if (task->ip_info != NULL){
- int i;
- buffer += sprintf (buffer,"ipv4root:");
- for (i=0; i<task->ip_info->nbipv4; i++){
- buffer += sprintf (buffer," %08x"
- ,task->ip_info->ipv4[i]);
+ if (task->ip_info != NULL){
+ int i;
+ buffer += sprintf (buffer,"ipv4root:");
+ for (i=0; i<task->ip_info->nbipv4; i++){
+ buffer += sprintf (buffer," %08x"
+ ,task->ip_info->ipv4[i]);
+ }
+ *buffer++ = '\n';
+ buffer += sprintf (buffer,"ipv4root_bcast: %08x\n"
+ ,task->ip_info->v4_bcast);
+ buffer += sprintf (buffer,"ipv4root_refcnt: %d\n"
+ ,task->ip_info->refcount);
+ }else{
+ buffer += sprintf (buffer,"ipv4root: 0\n");
+ buffer += sprintf (buffer,"ipv4root_bcast: 0\n");
}
- *buffer++ = '\n';
- buffer += sprintf (buffer,"ipv4root_bcast: %08x\n"
- ,task->ip_info->v4_bcast);
- buffer += sprintf (buffer,"ipv4root_refcnt: %d\n"
- ,task->ip_info->refcount);
- }else{
- buffer += sprintf (buffer,"ipv4root: 0\n");
- buffer += sprintf (buffer,"ipv4root_bcast: 0\n");
+ buffer += sprintf (buffer,"__NR_new_s_context:
+%d\n",__NR_new_s_context);
+ buffer += sprintf (buffer,"__NR_set_ipv4root: %d
+rev2\n",__NR_set_ipv4root);
}
- buffer += sprintf (buffer,"__NR_new_s_context: %d\n",__NR_new_s_context);
- buffer += sprintf (buffer,"__NR_set_ipv4root: %d rev2\n",__NR_set_ipv4root);
#endif
#if defined(CONFIG_ARCH_S390)
buffer = task_show_regs(task, buffer);
diff -Nur linux-2.4.20-quota-ctx/fs/proc/generic.c linux-2.4.20/fs/proc/generic.c
--- linux-2.4.20-quota-ctx/fs/proc/generic.c 2003-01-30 14:40:56.000000000 +0000
+++ linux-2.4.20/fs/proc/generic.c 2003-02-20 13:39:23.000000000 +0000
@@ -249,6 +249,9 @@
* Don't create negative dentries here, return -ENOENT by hand
* instead.
*/
+#if defined CONFIG_CTX_SYSCTLS
+extern int sysctl_ctx_unsafe_sysctrls;
+#endif
struct dentry *proc_lookup(struct inode * dir, struct dentry *dentry)
{
struct inode *inode;
@@ -264,6 +267,12 @@
continue;
if (de->namelen != dentry->d_name.len)
continue;
+#if defined CONFIG_CTX_SYSCTLS
+ // Cloak /proc/sys/kernel/ctx outside of root ctx unless explicitly visible
+ if( de->namelen == 3 && !strcmp("ctx", de->name) &&
+ current->s_context != 0 && !sysctl_ctx_unsafe_sysctrls )
+ continue;
+#endif
if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
int ino = de->low_ino;
error = -EINVAL;
@@ -281,6 +290,10 @@
return ERR_PTR(error);
}
+#if defined CONFIG_CTX_SYSCTLS
+int sysctl_ctx_unsafe_sysctrls = 0; // Default to safe
+#endif
+
/*
* This returns non-zero if at EOF, so that the /proc
* root directory can use this and check if it should
@@ -331,6 +344,10 @@
}
do {
+#if defined CONFIG_CTX_SYSCTLS
+ // Ctx sysctls only visible to root context (by
+default)
+ if( current->s_context == 0 ||
+sysctl_ctx_unsafe_sysctrls || strcmp(de->name, "ctx") )
+#endif
if (filldir(dirent, de->name, de->namelen, filp->f_pos,
de->low_ino, de->mode >> 12) < 0)
return 0;
Binary files linux-2.4.20-quota-ctx/fs/proc/.generic.c.swp and
linux-2.4.20/fs/proc/.generic.c.swp differ
diff -Nur linux-2.4.20-quota-ctx/include/linux/sysctl.h
linux-2.4.20/include/linux/sysctl.h
--- linux-2.4.20-quota-ctx/include/linux/sysctl.h 2003-01-30 14:40:56.000000000
+0000
+++ linux-2.4.20/include/linux/sysctl.h 2003-02-20 09:53:20.000000000 +0000
@@ -124,6 +124,7 @@
KERN_CORE_USES_PID=52, /* int: use core or core.%pid */
KERN_TAINTED=53, /* int: various kernel tainted flags */
KERN_CADPID=54, /* int: PID of the process to notify on CAD */
+ KERN_CTX, /* Context Patch */
};
diff -Nur linux-2.4.20-quota-ctx/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c
--- linux-2.4.20-quota-ctx/kernel/sysctl.c 2003-01-30 14:40:56.000000000 +0000
+++ linux-2.4.20/kernel/sysctl.c 2003-02-20 09:34:08.000000000 +0000
@@ -86,6 +86,25 @@
extern int sysctl_userprocess_debug;
#endif
+#ifdef CONFIG_CTX_SYSCTLS
+extern int sysctl_ctx_unsafe_self_status;
+extern int sysctl_ctx_unsafe_sysctrls;
+
+enum
+{
+ CTX_SYSCTRL_UNSAFE_SYSCTRLS=1, // int: non-root-ctx visible ctx sysctls
+ CTX_SYSCTRL_UNSAFE_SELF_STATUS // int: non-root-ctx visible ctx info in
+/proc/self/status
+};
+
+static ctl_table ctx_table[] = {
+ {CTX_SYSCTRL_UNSAFE_SYSCTRLS,"visible-sysctrls",
+ &sysctl_ctx_unsafe_sysctrls,sizeof(int),0644,NULL,&proc_dointvec},
+ {CTX_SYSCTRL_UNSAFE_SELF_STATUS,"visible-self-status",
+ &sysctl_ctx_unsafe_self_status,sizeof(int),0644,NULL,&proc_dointvec},
+ {0}
+};
+#endif
+
#ifdef CONFIG_PPC32
extern unsigned long zero_paged_on, powersave_nap;
int proc_dol2crvec(ctl_table *table, int write, struct file *filp,
@@ -256,6 +275,9 @@
{KERN_S390_USER_DEBUG_LOGGING,"userprocess_debug",
&sysctl_userprocess_debug,sizeof(int),0644,NULL,&proc_dointvec},
#endif
+#ifdef CONFIG_CTX_SYSCTLS
+ {KERN_CTX, "ctx", NULL, 0, 0700, ctx_table},
+#endif
{0}
};
msg01122/pgp00000.pgp
Description: PGP signature
