From 950ea678dd4d39300f8c24967504e48ae3f47d88 Mon Sep 17 00:00:00 2001 From: Masamichi Takagi Date: Tue, 29 Jan 2019 12:39:29 +0900 Subject: [PATCH] Reject "setfsuid: Specify mcexec tid when asking mcexec for fsuid" This fix is rejected because it only makes the setfsuid test in ostest pass and doesn't fix the other issues including the one in which file I/O could be done with the old fsuid because an mcexec thread with an arbitrary tid could handle the system-call offload request. Explanation of the rejected fix: setfsuid() proceeds as follows: 1. McKernel asks mcexec for __NR_setfsuid (set) 2. mcexec calls setfsuid, reports the id to McKernel 3. McKernel asks mcexec for __NR_setfsuid (get) 4. mcexec calls mcexec_getcred(), reports the id to Mckernel 5. McKernel sets proc->fsuid to the obtained value tid of mcexec on the 2nd and 4th step could be different. So this fix lets mcexec report its tid on the 2nd step and McKernel specify it in the 3rd step. Change-Id: Id5cfeed18c64430d576a56e961bbca1ecb2e39ad Fujitsu: POSTK_DEBUG_TEMP_FIX_45 --- executer/kernel/mcctrl/control.c | 37 --------------------- executer/user/mcexec.c | 6 ---- kernel/syscall.c | 57 -------------------------------- 3 files changed, 100 deletions(-) diff --git a/executer/kernel/mcctrl/control.c b/executer/kernel/mcctrl/control.c index 392970b0..6bb2f30d 100644 --- a/executer/kernel/mcctrl/control.c +++ b/executer/kernel/mcctrl/control.c @@ -1647,42 +1647,6 @@ mcexec_getcred(unsigned long phys) { int *virt = phys_to_virt(phys); -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - int ret = -EINVAL; - - if (virt[0] == 0 || virt[0] == task_pid_vnr(current)) { - virt[0] = GUIDVAL(current_uid()); - virt[1] = GUIDVAL(current_euid()); - virt[2] = GUIDVAL(current_suid()); - virt[3] = GUIDVAL(current_fsuid()); - virt[4] = GUIDVAL(current_gid()); - virt[5] = GUIDVAL(current_egid()); - virt[6] = GUIDVAL(current_sgid()); - virt[7] = GUIDVAL(current_fsgid()); - - ret = 0; - } else { - const struct task_struct *task_p = - pid_task(find_get_pid(virt[0]), PIDTYPE_PID); - if (task_p) { - const struct cred *t_cred = __task_cred(task_p); - - rcu_read_lock(); - virt[0] = GUIDVAL(t_cred->uid); - virt[1] = GUIDVAL(t_cred->euid); - virt[2] = GUIDVAL(t_cred->suid); - virt[3] = GUIDVAL(t_cred->fsuid); - virt[4] = GUIDVAL(t_cred->gid); - virt[5] = GUIDVAL(t_cred->egid); - virt[6] = GUIDVAL(t_cred->sgid); - virt[7] = GUIDVAL(t_cred->fsgid); - rcu_read_unlock(); - - ret = 0; - } - } - return ret; -#else /* POSTK_DEBUG_TEMP_FIX_45 */ virt[0] = GUIDVAL(current_uid()); virt[1] = GUIDVAL(current_euid()); virt[2] = GUIDVAL(current_suid()); @@ -1692,7 +1656,6 @@ mcexec_getcred(unsigned long phys) virt[6] = GUIDVAL(current_sgid()); virt[7] = GUIDVAL(current_fsgid()); return 0; -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ } int diff --git a/executer/user/mcexec.c b/executer/user/mcexec.c index 35493214..cb01236d 100644 --- a/executer/user/mcexec.c +++ b/executer/user/mcexec.c @@ -4144,9 +4144,6 @@ return_execve2: } else{ ret = setfsuid(w.sr.args[0]); -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - ret |= (long)gettid() << 32; -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ } do_syscall_return(fd, cpu, ret, 0, 0, 0, 0); break; @@ -4195,9 +4192,6 @@ return_execve2: case __NR_setfsgid: ret = setfsgid(w.sr.args[0]); -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - ret |= (long)gettid() << 32; -#endif /*POSTK_DEBUG_TEMP_FIX_45 */ do_syscall_return(fd, cpu, ret, 0, 0, 0, 0); break; diff --git a/kernel/syscall.c b/kernel/syscall.c index 710c817a..6a192aeb 100644 --- a/kernel/syscall.c +++ b/kernel/syscall.c @@ -3105,11 +3105,7 @@ SYSCALL_DECLARE(tkill) } int * -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ -getcred(int *_buf, int tid) -#else /* POSTK_DEBUG_TEMP_FIX_45 */ getcred(int *_buf) -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ { int *buf; struct syscall_request request IHK_DMA_ALIGN; @@ -3119,9 +3115,6 @@ getcred(int *_buf) buf = _buf + 8; else buf = _buf; -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - buf[0] = tid; -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ phys = virt_to_phys(buf); request.number = __NR_setfsuid; request.args[0] = phys; @@ -3132,22 +3125,14 @@ getcred(int *_buf) } void -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ -do_setresuid(int tid) -#else /* POSTK_DEBUG_TEMP_FIX_45 */ do_setresuid() -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ { int _buf[16]; int *buf; struct thread *thread = cpu_local_var(current); struct process *proc = thread->proc; -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - buf = getcred(_buf, tid); -#else /* POSTK_DEBUG_TEMP_FIX_45 */ buf = getcred(_buf); -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ proc->ruid = buf[0]; proc->euid = buf[1]; @@ -3156,22 +3141,14 @@ do_setresuid() } void -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ -do_setresgid(int tid) -#else /* POSTK_DEBUG_TEMP_FIX_45 */ do_setresgid() -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ { int _buf[16]; int *buf; struct thread *thread = cpu_local_var(current); struct process *proc = thread->proc; -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - buf = getcred(_buf, tid); -#else /* POSTK_DEBUG_TEMP_FIX_45 */ buf = getcred(_buf); -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ proc->rgid = buf[4]; proc->egid = buf[5]; @@ -3185,11 +3162,7 @@ SYSCALL_DECLARE(setresuid) rc = syscall_generic_forwarding(__NR_setresuid, ctx); if(rc == 0){ -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - do_setresuid(0); -#else /* POSTK_DEBUG_TEMP_FIX_45 */ do_setresuid(); -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ } return rc; } @@ -3200,11 +3173,7 @@ SYSCALL_DECLARE(setreuid) rc = syscall_generic_forwarding(__NR_setreuid, ctx); if(rc == 0){ -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - do_setresuid(0); -#else /* POSTK_DEBUG_TEMP_FIX_45 */ do_setresuid(); -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ } return rc; } @@ -3215,11 +3184,7 @@ SYSCALL_DECLARE(setuid) rc = syscall_generic_forwarding(__NR_setuid, ctx); if(rc == 0){ -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - do_setresuid(0); -#else /* POSTK_DEBUG_TEMP_FIX_45 */ do_setresuid(); -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ } return rc; } @@ -3234,12 +3199,7 @@ SYSCALL_DECLARE(setfsuid) request.args[0] = fsuid; request.args[1] = 0; newfsuid = do_syscall(&request, ihk_mc_get_processor_id()); -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - do_setresuid((int)(newfsuid >> 32)); - newfsuid &= (1UL << 32) - 1; -#else /* POSTK_DEBUG_TEMP_FIX_45 */ do_setresuid(); -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ return newfsuid; } @@ -3249,11 +3209,7 @@ SYSCALL_DECLARE(setresgid) rc = syscall_generic_forwarding(__NR_setresgid, ctx); if(rc == 0){ -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - do_setresgid(0); -#else /* POSTK_DEBUG_TEMP_FIX_45 */ do_setresgid(); -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ } return rc; } @@ -3264,11 +3220,7 @@ SYSCALL_DECLARE(setregid) rc = syscall_generic_forwarding(__NR_setregid, ctx); if(rc == 0){ -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - do_setresgid(0); -#else /* POSTK_DEBUG_TEMP_FIX_45 */ do_setresgid(); -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ } return rc; } @@ -3279,11 +3231,7 @@ SYSCALL_DECLARE(setgid) rc = syscall_generic_forwarding(__NR_setgid, ctx); if(rc == 0){ -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - do_setresgid(0); -#else /* POSTK_DEBUG_TEMP_FIX_45 */ do_setresgid(); -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ } return rc; } @@ -3297,12 +3245,7 @@ SYSCALL_DECLARE(setfsgid) request.number = __NR_setfsgid; request.args[0] = fsgid; newfsgid = do_syscall(&request, ihk_mc_get_processor_id()); -#ifdef POSTK_DEBUG_TEMP_FIX_45 /* setfsgid()/setfsuid() mismatch fix. */ - do_setresgid((int)(newfsgid >> 32)); - newfsgid &= (1UL << 32) - 1; -#else /* POSTK_DEBUG_TEMP_FIX_45 */ do_setresgid(); -#endif /* POSTK_DEBUG_TEMP_FIX_45 */ return newfsgid; }