On Thu, Feb 20, 2003 at 04:26:19PM +0000, Jonathan Sambrook wrote: > I'm looking at the ctx patch for DSVR to see how we could integrate it > into our operation (see http://www.dsvr.co.uk).
hmm, maybe you could elaborate a little bit on your plans regarding the "operation" > We'd like vserver users to be as ignorant of their vserver-ness as > possible, hence cloaking /proc/self/status. but what about the other 10 or 20 indices for a virtual server environment? (e.g. mknod, ethernet etc ...) or do you give all capabilities? > But for investigating/debugging/hacking-on-vserver purposes, this > cloaking should be sysctl-able. > > The ctx sysctl should itself be cloakable too. hmm, why not use a special capability to give this kind of access, this would allow you to enter a context with or without the ability to get the extended /proc/self/status ... > All this might not suit all tastes, so whilst the patch defaults to the > most secure option, the usual: > > echo 1 > /proc/sys/kernel/ctx/visible-self-status > echo 1 > /proc/sys/kernel/ctx/visible-sysctrls > > would restore previous behaviour. > > Comments please. sounds to me like "maybe we could sell a virtual server as dedicated machine?" best, Herbert PS: nice page, though, unfortunately not HTML or XHTML compliant ... > Jonathan > > -- > > Jonathan Sambrook > Software Developer > Designer Servers > diff -Nur linux-2.4.20-quota-ctx/arch/i386/config.in linux-2.4.20/arch/i386/config.in > --- linux-2.4.20-quota-ctx/arch/i386/config.in 2003-01-30 14:40:56.000000000 >+0000 > +++ linux-2.4.20/arch/i386/config.in 2003-02-20 14:10:41.000000000 +0000 > @@ -286,6 +286,11 @@ > bool 'System V IPC' CONFIG_SYSVIPC > bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT > bool 'Sysctl support' CONFIG_SYSCTL > + > +if [ "$CONFIG_SYSCTL" = "y" ]; then > + bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS > +fi > + > if [ "$CONFIG_PROC_FS" = "y" ]; then > choice 'Kernel core (/proc/kcore) format' \ > "ELF CONFIG_KCORE_ELF \ > diff -Nur linux-2.4.20-quota-ctx/arch/ppc/config.in linux-2.4.20/arch/ppc/config.in > --- linux-2.4.20-quota-ctx/arch/ppc/config.in 2003-01-30 14:40:57.000000000 +0000 > +++ linux-2.4.20/arch/ppc/config.in 2003-02-18 13:28:35.000000000 +0000 > @@ -161,6 +161,11 @@ > > bool 'Networking support' CONFIG_NET > bool 'Sysctl support' CONFIG_SYSCTL > + > +if [ "$CONFIG_SYSCTL" = "y" ]; then > + bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS > +fi > + > bool 'System V IPC' CONFIG_SYSVIPC > bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT > > diff -Nur linux-2.4.20-quota-ctx/arch/sparc/config.in >linux-2.4.20/arch/sparc/config.in > --- linux-2.4.20-quota-ctx/arch/sparc/config.in 2003-01-30 14:40:57.000000000 >+0000 > +++ linux-2.4.20/arch/sparc/config.in 2003-02-18 13:28:35.000000000 +0000 > @@ -65,6 +65,11 @@ > bool 'System V IPC' CONFIG_SYSVIPC > bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT > bool 'Sysctl support' CONFIG_SYSCTL > + > +if [ "$CONFIG_SYSCTL" = "y" ]; then > + bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS > +fi > + > if [ "$CONFIG_PROC_FS" = "y" ]; then > define_bool CONFIG_KCORE_ELF y > fi > diff -Nur linux-2.4.20-quota-ctx/arch/sparc64/config.in >linux-2.4.20/arch/sparc64/config.in > --- linux-2.4.20-quota-ctx/arch/sparc64/config.in 2003-01-30 14:40:57.000000000 >+0000 > +++ linux-2.4.20/arch/sparc64/config.in 2003-02-18 13:28:35.000000000 +0000 > @@ -64,6 +64,11 @@ > bool 'System V IPC' CONFIG_SYSVIPC > bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT > bool 'Sysctl support' CONFIG_SYSCTL > + > +if [ "$CONFIG_SYSCTL" = "y" ]; then > + bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS > +fi > + > if [ "$CONFIG_PROC_FS" = "y" ]; then > define_bool CONFIG_KCORE_ELF y > fi > diff -Nur linux-2.4.20-quota-ctx/Documentation/Configure.help >linux-2.4.20/Documentation/Configure.help > --- linux-2.4.20-quota-ctx/Documentation/Configure.help 2003-01-30 >14:40:57.000000000 +0000 > +++ linux-2.4.20/Documentation/Configure.help 2003-02-20 14:10:41.000000000 +0000 > @@ -526,6 +526,13 @@ > The umem driver has been allocated block major number 116. > See Documentation/devices.txt for recommended device naming. > > +Context Patch Sysctls > +CONFIG_CTX_SYSCTLS > + Saying Y here will allow you to configure some of the behaviour of > + the Jacques Gelinas Context Patch > + > + See http://www.solucorp.qc.ca/miscprj/s_context.hc > + > Network block device support > CONFIG_BLK_DEV_NBD > Saying Y here will allow your computer to be a client for network > diff -Nur linux-2.4.20-quota-ctx/fs/proc/array.c linux-2.4.20/fs/proc/array.c > --- linux-2.4.20-quota-ctx/fs/proc/array.c 2003-01-30 14:40:56.000000000 +0000 > +++ linux-2.4.20/fs/proc/array.c 2003-02-18 13:28:35.000000000 +0000 > @@ -279,6 +279,9 @@ > cap_t(p->cap_bset)); > } > > +#ifdef CONFIG_CTX_SYSCTLS > +int sysctl_ctx_unsafe_self_status = 0; // Default to safe > +#endif > > int proc_pid_status(struct task_struct *task, char * buffer) > { > @@ -299,47 +302,54 @@ > buffer = task_sig(task, buffer); > buffer = task_cap(task, buffer); > #ifdef __NR_new_s_context > - if (task->s_info != NULL){ > - int i; > - buffer += sprintf (buffer,"s_context: %d [",task->s_context); > - for (i=0; i<NB_S_CONTEXT; i++){ > - short int ctx = task->s_info->s_context[i]; > - if (ctx == 0) break; > - buffer += sprintf (buffer," %d",ctx); > + if(current->s_context == 0 > +#ifdef CONFIG_CTX_SYSCTLS > + || sysctl_ctx_unsafe_self_status > +#endif > + ) > + { > + if (task->s_info != NULL){ > + int i; > + buffer += sprintf (buffer,"s_context: %d [",task->s_context); > + for (i=0; i<NB_S_CONTEXT; i++){ > + short int ctx = task->s_info->s_context[i]; > + if (ctx == 0) break; > + buffer += sprintf (buffer," %d",ctx); > + } > + *buffer++ = ']'; > + *buffer++ = '\n'; > + buffer += sprintf (buffer,"ctxticks: %d %ld %d\n" > + ,atomic_read(&task->s_info->ticks),task->counter > + ,task->s_info->refcount); > + buffer += sprintf (buffer,"ctxflags: %d\n" > + ,task->s_info->flags); > + buffer += sprintf (buffer,"initpid: %d\n" > + ,task->s_info->initpid); > + }else{ > + buffer += sprintf (buffer,"s_context: %d\n",task->s_context); > + buffer += sprintf (buffer,"ctxticks: none\n"); > + buffer += sprintf (buffer,"ctxflags: none\n"); > + buffer += sprintf (buffer,"initpid: none\n"); > } > - *buffer++ = ']'; > - *buffer++ = '\n'; > - buffer += sprintf (buffer,"ctxticks: %d %ld %d\n" > - ,atomic_read(&task->s_info->ticks),task->counter > - ,task->s_info->refcount); > - buffer += sprintf (buffer,"ctxflags: %d\n" > - ,task->s_info->flags); > - buffer += sprintf (buffer,"initpid: %d\n" > - ,task->s_info->initpid); > - }else{ > - buffer += sprintf (buffer,"s_context: %d\n",task->s_context); > - buffer += sprintf (buffer,"ctxticks: none\n"); > - buffer += sprintf (buffer,"ctxflags: none\n"); > - buffer += sprintf (buffer,"initpid: none\n"); > - } > - if (task->ip_info != NULL){ > - int i; > - buffer += sprintf (buffer,"ipv4root:"); > - for (i=0; i<task->ip_info->nbipv4; i++){ > - buffer += sprintf (buffer," %08x" > - ,task->ip_info->ipv4[i]); > + if (task->ip_info != NULL){ > + int i; > + buffer += sprintf (buffer,"ipv4root:"); > + for (i=0; i<task->ip_info->nbipv4; i++){ > + buffer += sprintf (buffer," %08x" > + ,task->ip_info->ipv4[i]); > + } > + *buffer++ = '\n'; > + buffer += sprintf (buffer,"ipv4root_bcast: %08x\n" > + ,task->ip_info->v4_bcast); > + buffer += sprintf (buffer,"ipv4root_refcnt: %d\n" > + ,task->ip_info->refcount); > + }else{ > + buffer += sprintf (buffer,"ipv4root: 0\n"); > + buffer += sprintf (buffer,"ipv4root_bcast: 0\n"); > } > - *buffer++ = '\n'; > - buffer += sprintf (buffer,"ipv4root_bcast: %08x\n" > - ,task->ip_info->v4_bcast); > - buffer += sprintf (buffer,"ipv4root_refcnt: %d\n" > - ,task->ip_info->refcount); > - }else{ > - buffer += sprintf (buffer,"ipv4root: 0\n"); > - buffer += sprintf (buffer,"ipv4root_bcast: 0\n"); > + buffer += sprintf (buffer,"__NR_new_s_context: >%d\n",__NR_new_s_context); > + buffer += sprintf (buffer,"__NR_set_ipv4root: %d >rev2\n",__NR_set_ipv4root); > } > - buffer += sprintf (buffer,"__NR_new_s_context: %d\n",__NR_new_s_context); > - buffer += sprintf (buffer,"__NR_set_ipv4root: %d rev2\n",__NR_set_ipv4root); > #endif > #if defined(CONFIG_ARCH_S390) > buffer = task_show_regs(task, buffer); > diff -Nur linux-2.4.20-quota-ctx/fs/proc/generic.c linux-2.4.20/fs/proc/generic.c > --- linux-2.4.20-quota-ctx/fs/proc/generic.c 2003-01-30 14:40:56.000000000 +0000 > +++ linux-2.4.20/fs/proc/generic.c 2003-02-20 13:39:23.000000000 +0000 > @@ -249,6 +249,9 @@ > * Don't create negative dentries here, return -ENOENT by hand > * instead. > */ > +#if defined CONFIG_CTX_SYSCTLS > +extern int sysctl_ctx_unsafe_sysctrls; > +#endif > struct dentry *proc_lookup(struct inode * dir, struct dentry *dentry) > { > struct inode *inode; > @@ -264,6 +267,12 @@ > continue; > if (de->namelen != dentry->d_name.len) > continue; > +#if defined CONFIG_CTX_SYSCTLS > + // Cloak /proc/sys/kernel/ctx outside of root ctx unless explicitly visible > + if( de->namelen == 3 && !strcmp("ctx", de->name) && > + current->s_context != 0 && !sysctl_ctx_unsafe_sysctrls ) > + continue; > +#endif > if (!memcmp(dentry->d_name.name, de->name, de->namelen)) { > int ino = de->low_ino; > error = -EINVAL; > @@ -281,6 +290,10 @@ > return ERR_PTR(error); > } > > +#if defined CONFIG_CTX_SYSCTLS > +int sysctl_ctx_unsafe_sysctrls = 0; // Default to safe > +#endif > + > /* > * This returns non-zero if at EOF, so that the /proc > * root directory can use this and check if it should > @@ -331,6 +344,10 @@ > } > > do { > +#if defined CONFIG_CTX_SYSCTLS > + // Ctx sysctls only visible to root context (by >default) > + if( current->s_context == 0 || >sysctl_ctx_unsafe_sysctrls || strcmp(de->name, "ctx") ) > +#endif > if (filldir(dirent, de->name, de->namelen, filp->f_pos, > de->low_ino, de->mode >> 12) < 0) > return 0; > Binary files linux-2.4.20-quota-ctx/fs/proc/.generic.c.swp and >linux-2.4.20/fs/proc/.generic.c.swp differ > diff -Nur linux-2.4.20-quota-ctx/include/linux/sysctl.h >linux-2.4.20/include/linux/sysctl.h > --- linux-2.4.20-quota-ctx/include/linux/sysctl.h 2003-01-30 14:40:56.000000000 >+0000 > +++ linux-2.4.20/include/linux/sysctl.h 2003-02-20 09:53:20.000000000 +0000 > @@ -124,6 +124,7 @@ > KERN_CORE_USES_PID=52, /* int: use core or core.%pid */ > KERN_TAINTED=53, /* int: various kernel tainted flags */ > KERN_CADPID=54, /* int: PID of the process to notify on CAD */ > + KERN_CTX, /* Context Patch */ > }; > > > diff -Nur linux-2.4.20-quota-ctx/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c > --- linux-2.4.20-quota-ctx/kernel/sysctl.c 2003-01-30 14:40:56.000000000 +0000 > +++ linux-2.4.20/kernel/sysctl.c 2003-02-20 09:34:08.000000000 +0000 > @@ -86,6 +86,25 @@ > extern int sysctl_userprocess_debug; > #endif > > +#ifdef CONFIG_CTX_SYSCTLS > +extern int sysctl_ctx_unsafe_self_status; > +extern int sysctl_ctx_unsafe_sysctrls; > + > +enum > +{ > + CTX_SYSCTRL_UNSAFE_SYSCTRLS=1, // int: non-root-ctx visible ctx sysctls > + CTX_SYSCTRL_UNSAFE_SELF_STATUS // int: non-root-ctx visible ctx info in >/proc/self/status > +}; > + > +static ctl_table ctx_table[] = { > + {CTX_SYSCTRL_UNSAFE_SYSCTRLS,"visible-sysctrls", > + &sysctl_ctx_unsafe_sysctrls,sizeof(int),0644,NULL,&proc_dointvec}, > + {CTX_SYSCTRL_UNSAFE_SELF_STATUS,"visible-self-status", > + &sysctl_ctx_unsafe_self_status,sizeof(int),0644,NULL,&proc_dointvec}, > + {0} > +}; > +#endif > + > #ifdef CONFIG_PPC32 > extern unsigned long zero_paged_on, powersave_nap; > int proc_dol2crvec(ctl_table *table, int write, struct file *filp, > @@ -256,6 +275,9 @@ > {KERN_S390_USER_DEBUG_LOGGING,"userprocess_debug", > &sysctl_userprocess_debug,sizeof(int),0644,NULL,&proc_dointvec}, > #endif > +#ifdef CONFIG_CTX_SYSCTLS > + {KERN_CTX, "ctx", NULL, 0, 0700, ctx_table}, > +#endif > {0} > }; >
