From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 20 Feb 2003 - 17:16:57 GMT
On Thu, Feb 20, 2003 at 04:26:19PM +0000, Jonathan Sambrook wrote:
> I'm looking at the ctx patch for DSVR to see how we could integrate it
> into our operation (see http://www.dsvr.co.uk).
hmm, maybe you could elaborate a little bit
on your plans regarding the "operation"
> We'd like vserver users to be as ignorant of their vserver-ness as
> possible, hence cloaking /proc/self/status.
but what about the other 10 or 20 indices for
a virtual server environment? (e.g. mknod, ethernet
etc ...) or do you give all capabilities?
> But for investigating/debugging/hacking-on-vserver purposes, this
> cloaking should be sysctl-able.
>
> The ctx sysctl should itself be cloakable too.
hmm, why not use a special capability to give
this kind of access, this would allow you to
enter a context with or without the ability
to get the extended /proc/self/status ...
> All this might not suit all tastes, so whilst the patch defaults to the
> most secure option, the usual:
>
> echo 1 > /proc/sys/kernel/ctx/visible-self-status
> echo 1 > /proc/sys/kernel/ctx/visible-sysctrls
>
> would restore previous behaviour.
>
> Comments please.
sounds to me like "maybe we could sell a
virtual server as dedicated machine?"
best,
Herbert
PS: nice page, though, unfortunately not HTML
or XHTML compliant ...
> Jonathan
>
> --
>
> Jonathan Sambrook
> Software Developer
> Designer Servers
> diff -Nur linux-2.4.20-quota-ctx/arch/i386/config.in linux-2.4.20/arch/i386/config.in
> --- linux-2.4.20-quota-ctx/arch/i386/config.in 2003-01-30 14:40:56.000000000 +0000
> +++ linux-2.4.20/arch/i386/config.in 2003-02-20 14:10:41.000000000 +0000
> @@ -286,6 +286,11 @@
> bool 'System V IPC' CONFIG_SYSVIPC
> bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT
> bool 'Sysctl support' CONFIG_SYSCTL
> +
> +if [ "$CONFIG_SYSCTL" = "y" ]; then
> + bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS
> +fi
> +
> if [ "$CONFIG_PROC_FS" = "y" ]; then
> choice 'Kernel core (/proc/kcore) format' \
> "ELF CONFIG_KCORE_ELF \
> diff -Nur linux-2.4.20-quota-ctx/arch/ppc/config.in linux-2.4.20/arch/ppc/config.in
> --- linux-2.4.20-quota-ctx/arch/ppc/config.in 2003-01-30 14:40:57.000000000 +0000
> +++ linux-2.4.20/arch/ppc/config.in 2003-02-18 13:28:35.000000000 +0000
> @@ -161,6 +161,11 @@
>
> bool 'Networking support' CONFIG_NET
> bool 'Sysctl support' CONFIG_SYSCTL
> +
> +if [ "$CONFIG_SYSCTL" = "y" ]; then
> + bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS
> +fi
> +
> bool 'System V IPC' CONFIG_SYSVIPC
> bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT
>
> diff -Nur linux-2.4.20-quota-ctx/arch/sparc/config.in linux-2.4.20/arch/sparc/config.in
> --- linux-2.4.20-quota-ctx/arch/sparc/config.in 2003-01-30 14:40:57.000000000 +0000
> +++ linux-2.4.20/arch/sparc/config.in 2003-02-18 13:28:35.000000000 +0000
> @@ -65,6 +65,11 @@
> bool 'System V IPC' CONFIG_SYSVIPC
> bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT
> bool 'Sysctl support' CONFIG_SYSCTL
> +
> +if [ "$CONFIG_SYSCTL" = "y" ]; then
> + bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS
> +fi
> +
> if [ "$CONFIG_PROC_FS" = "y" ]; then
> define_bool CONFIG_KCORE_ELF y
> fi
> diff -Nur linux-2.4.20-quota-ctx/arch/sparc64/config.in linux-2.4.20/arch/sparc64/config.in
> --- linux-2.4.20-quota-ctx/arch/sparc64/config.in 2003-01-30 14:40:57.000000000 +0000
> +++ linux-2.4.20/arch/sparc64/config.in 2003-02-18 13:28:35.000000000 +0000
> @@ -64,6 +64,11 @@
> bool 'System V IPC' CONFIG_SYSVIPC
> bool 'BSD Process Accounting' CONFIG_BSD_PROCESS_ACCT
> bool 'Sysctl support' CONFIG_SYSCTL
> +
> +if [ "$CONFIG_SYSCTL" = "y" ]; then
> + bool 'Sysctl support for Context Patch' CONFIG_CTX_SYSCTLS
> +fi
> +
> if [ "$CONFIG_PROC_FS" = "y" ]; then
> define_bool CONFIG_KCORE_ELF y
> fi
> diff -Nur linux-2.4.20-quota-ctx/Documentation/Configure.help linux-2.4.20/Documentation/Configure.help
> --- linux-2.4.20-quota-ctx/Documentation/Configure.help 2003-01-30 14:40:57.000000000 +0000
> +++ linux-2.4.20/Documentation/Configure.help 2003-02-20 14:10:41.000000000 +0000
> @@ -526,6 +526,13 @@
> The umem driver has been allocated block major number 116.
> See Documentation/devices.txt for recommended device naming.
>
> +Context Patch Sysctls
> +CONFIG_CTX_SYSCTLS
> + Saying Y here will allow you to configure some of the behaviour of
> + the Jacques Gelinas Context Patch
> +
> + See http://www.solucorp.qc.ca/miscprj/s_context.hc
> +
> Network block device support
> CONFIG_BLK_DEV_NBD
> Saying Y here will allow your computer to be a client for network
> diff -Nur linux-2.4.20-quota-ctx/fs/proc/array.c linux-2.4.20/fs/proc/array.c
> --- linux-2.4.20-quota-ctx/fs/proc/array.c 2003-01-30 14:40:56.000000000 +0000
> +++ linux-2.4.20/fs/proc/array.c 2003-02-18 13:28:35.000000000 +0000
> @@ -279,6 +279,9 @@
> cap_t(p->cap_bset));
> }
>
> +#ifdef CONFIG_CTX_SYSCTLS
> +int sysctl_ctx_unsafe_self_status = 0; // Default to safe
> +#endif
>
> int proc_pid_status(struct task_struct *task, char * buffer)
> {
> @@ -299,47 +302,54 @@
> buffer = task_sig(task, buffer);
> buffer = task_cap(task, buffer);
> #ifdef __NR_new_s_context
> - if (task->s_info != NULL){
> - int i;
> - buffer += sprintf (buffer,"s_context: %d [",task->s_context);
> - for (i=0; i<NB_S_CONTEXT; i++){
> - short int ctx = task->s_info->s_context[i];
> - if (ctx == 0) break;
> - buffer += sprintf (buffer," %d",ctx);
> + if(current->s_context == 0
> +#ifdef CONFIG_CTX_SYSCTLS
> + || sysctl_ctx_unsafe_self_status
> +#endif
> + )
> + {
> + if (task->s_info != NULL){
> + int i;
> + buffer += sprintf (buffer,"s_context: %d [",task->s_context);
> + for (i=0; i<NB_S_CONTEXT; i++){
> + short int ctx = task->s_info->s_context[i];
> + if (ctx == 0) break;
> + buffer += sprintf (buffer," %d",ctx);
> + }
> + *buffer++ = ']';
> + *buffer++ = '\n';
> + buffer += sprintf (buffer,"ctxticks: %d %ld %d\n"
> + ,atomic_read(&task->s_info->ticks),task->counter
> + ,task->s_info->refcount);
> + buffer += sprintf (buffer,"ctxflags: %d\n"
> + ,task->s_info->flags);
> + buffer += sprintf (buffer,"initpid: %d\n"
> + ,task->s_info->initpid);
> + }else{
> + buffer += sprintf (buffer,"s_context: %d\n",task->s_context);
> + buffer += sprintf (buffer,"ctxticks: none\n");
> + buffer += sprintf (buffer,"ctxflags: none\n");
> + buffer += sprintf (buffer,"initpid: none\n");
> }
> - *buffer++ = ']';
> - *buffer++ = '\n';
> - buffer += sprintf (buffer,"ctxticks: %d %ld %d\n"
> - ,atomic_read(&task->s_info->ticks),task->counter
> - ,task->s_info->refcount);
> - buffer += sprintf (buffer,"ctxflags: %d\n"
> - ,task->s_info->flags);
> - buffer += sprintf (buffer,"initpid: %d\n"
> - ,task->s_info->initpid);
> - }else{
> - buffer += sprintf (buffer,"s_context: %d\n",task->s_context);
> - buffer += sprintf (buffer,"ctxticks: none\n");
> - buffer += sprintf (buffer,"ctxflags: none\n");
> - buffer += sprintf (buffer,"initpid: none\n");
> - }
> - if (task->ip_info != NULL){
> - int i;
> - buffer += sprintf (buffer,"ipv4root:");
> - for (i=0; i<task->ip_info->nbipv4; i++){
> - buffer += sprintf (buffer," %08x"
> - ,task->ip_info->ipv4[i]);
> + if (task->ip_info != NULL){
> + int i;
> + buffer += sprintf (buffer,"ipv4root:");
> + for (i=0; i<task->ip_info->nbipv4; i++){
> + buffer += sprintf (buffer," %08x"
> + ,task->ip_info->ipv4[i]);
> + }
> + *buffer++ = '\n';
> + buffer += sprintf (buffer,"ipv4root_bcast: %08x\n"
> + ,task->ip_info->v4_bcast);
> + buffer += sprintf (buffer,"ipv4root_refcnt: %d\n"
> + ,task->ip_info->refcount);
> + }else{
> + buffer += sprintf (buffer,"ipv4root: 0\n");
> + buffer += sprintf (buffer,"ipv4root_bcast: 0\n");
> }
> - *buffer++ = '\n';
> - buffer += sprintf (buffer,"ipv4root_bcast: %08x\n"
> - ,task->ip_info->v4_bcast);
> - buffer += sprintf (buffer,"ipv4root_refcnt: %d\n"
> - ,task->ip_info->refcount);
> - }else{
> - buffer += sprintf (buffer,"ipv4root: 0\n");
> - buffer += sprintf (buffer,"ipv4root_bcast: 0\n");
> + buffer += sprintf (buffer,"__NR_new_s_context: %d\n",__NR_new_s_context);
> + buffer += sprintf (buffer,"__NR_set_ipv4root: %d rev2\n",__NR_set_ipv4root);
> }
> - buffer += sprintf (buffer,"__NR_new_s_context: %d\n",__NR_new_s_context);
> - buffer += sprintf (buffer,"__NR_set_ipv4root: %d rev2\n",__NR_set_ipv4root);
> #endif
> #if defined(CONFIG_ARCH_S390)
> buffer = task_show_regs(task, buffer);
> diff -Nur linux-2.4.20-quota-ctx/fs/proc/generic.c linux-2.4.20/fs/proc/generic.c
> --- linux-2.4.20-quota-ctx/fs/proc/generic.c 2003-01-30 14:40:56.000000000 +0000
> +++ linux-2.4.20/fs/proc/generic.c 2003-02-20 13:39:23.000000000 +0000
> @@ -249,6 +249,9 @@
> * Don't create negative dentries here, return -ENOENT by hand
> * instead.
> */
> +#if defined CONFIG_CTX_SYSCTLS
> +extern int sysctl_ctx_unsafe_sysctrls;
> +#endif
> struct dentry *proc_lookup(struct inode * dir, struct dentry *dentry)
> {
> struct inode *inode;
> @@ -264,6 +267,12 @@
> continue;
> if (de->namelen != dentry->d_name.len)
> continue;
> +#if defined CONFIG_CTX_SYSCTLS
> + // Cloak /proc/sys/kernel/ctx outside of root ctx unless explicitly visible
> + if( de->namelen == 3 && !strcmp("ctx", de->name) &&
> + current->s_context != 0 && !sysctl_ctx_unsafe_sysctrls )
> + continue;
> +#endif
> if (!memcmp(dentry->d_name.name, de->name, de->namelen)) {
> int ino = de->low_ino;
> error = -EINVAL;
> @@ -281,6 +290,10 @@
> return ERR_PTR(error);
> }
>
> +#if defined CONFIG_CTX_SYSCTLS
> +int sysctl_ctx_unsafe_sysctrls = 0; // Default to safe
> +#endif
> +
> /*
> * This returns non-zero if at EOF, so that the /proc
> * root directory can use this and check if it should
> @@ -331,6 +344,10 @@
> }
>
> do {
> +#if defined CONFIG_CTX_SYSCTLS
> + // Ctx sysctls only visible to root context (by default)
> + if( current->s_context == 0 || sysctl_ctx_unsafe_sysctrls || strcmp(de->name, "ctx") )
> +#endif
> if (filldir(dirent, de->name, de->namelen, filp->f_pos,
> de->low_ino, de->mode >> 12) < 0)
> return 0;
> Binary files linux-2.4.20-quota-ctx/fs/proc/.generic.c.swp and linux-2.4.20/fs/proc/.generic.c.swp differ
> diff -Nur linux-2.4.20-quota-ctx/include/linux/sysctl.h linux-2.4.20/include/linux/sysctl.h
> --- linux-2.4.20-quota-ctx/include/linux/sysctl.h 2003-01-30 14:40:56.000000000 +0000
> +++ linux-2.4.20/include/linux/sysctl.h 2003-02-20 09:53:20.000000000 +0000
> @@ -124,6 +124,7 @@
> KERN_CORE_USES_PID=52, /* int: use core or core.%pid */
> KERN_TAINTED=53, /* int: various kernel tainted flags */
> KERN_CADPID=54, /* int: PID of the process to notify on CAD */
> + KERN_CTX, /* Context Patch */
> };
>
>
> diff -Nur linux-2.4.20-quota-ctx/kernel/sysctl.c linux-2.4.20/kernel/sysctl.c
> --- linux-2.4.20-quota-ctx/kernel/sysctl.c 2003-01-30 14:40:56.000000000 +0000
> +++ linux-2.4.20/kernel/sysctl.c 2003-02-20 09:34:08.000000000 +0000
> @@ -86,6 +86,25 @@
> extern int sysctl_userprocess_debug;
> #endif
>
> +#ifdef CONFIG_CTX_SYSCTLS
> +extern int sysctl_ctx_unsafe_self_status;
> +extern int sysctl_ctx_unsafe_sysctrls;
> +
> +enum
> +{
> + CTX_SYSCTRL_UNSAFE_SYSCTRLS=1, // int: non-root-ctx visible ctx sysctls
> + CTX_SYSCTRL_UNSAFE_SELF_STATUS // int: non-root-ctx visible ctx info in /proc/self/status
> +};
> +
> +static ctl_table ctx_table[] = {
> + {CTX_SYSCTRL_UNSAFE_SYSCTRLS,"visible-sysctrls",
> + &sysctl_ctx_unsafe_sysctrls,sizeof(int),0644,NULL,&proc_dointvec},
> + {CTX_SYSCTRL_UNSAFE_SELF_STATUS,"visible-self-status",
> + &sysctl_ctx_unsafe_self_status,sizeof(int),0644,NULL,&proc_dointvec},
> + {0}
> +};
> +#endif
> +
> #ifdef CONFIG_PPC32
> extern unsigned long zero_paged_on, powersave_nap;
> int proc_dol2crvec(ctl_table *table, int write, struct file *filp,
> @@ -256,6 +275,9 @@
> {KERN_S390_USER_DEBUG_LOGGING,"userprocess_debug",
> &sysctl_userprocess_debug,sizeof(int),0644,NULL,&proc_dointvec},
> #endif
> +#ifdef CONFIG_CTX_SYSCTLS
> + {KERN_CTX, "ctx", NULL, 0, 0700, ctx_table},
> +#endif
> {0}
> };
>