From owner-svn-src-head@freebsd.org  Tue Nov  3 02:10:55 2020
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1B8D646367C;
 Tue,  3 Nov 2020 02:10:55 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CQCtk74Blz4NWN;
 Tue,  3 Nov 2020 02:10:54 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D634E12CE7;
 Tue,  3 Nov 2020 02:10:54 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0A32As7H074321;
 Tue, 3 Nov 2020 02:10:54 GMT (envelope-from cem@FreeBSD.org)
Received: (from cem@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0A32AsV5074319;
 Tue, 3 Nov 2020 02:10:54 GMT (envelope-from cem@FreeBSD.org)
Message-Id: <202011030210.0A32AsV5074319@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org
 using -f
From: Conrad Meyer <cem@FreeBSD.org>
Date: Tue, 3 Nov 2020 02:10:54 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r367290 - head/sys/compat/linux
X-SVN-Group: head
X-SVN-Commit-Author: cem
X-SVN-Commit-Paths: head/sys/compat/linux
X-SVN-Commit-Revision: 367290
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2020 02:10:55 -0000

Author: cem
Date: Tue Nov  3 02:10:54 2020
New Revision: 367290
URL: https://svnweb.freebsd.org/changeset/base/367290

Log:
  linux(4) prctl(2): Implement PR_[GS]ET_DUMPABLE
  
  Proxy the flag to the roughly analogous FreeBSD procctl 'TRACE'.
  
  TRACE-disabled processes are not coredumped, and Linux !DUMPABLE processes
  can not be ptraced.  There are some additional semantics around ownership of
  files in the /proc/[pid] pseudo-filesystem, which we do not attempt to
  emulate correctly at this time.
  
  Reviewed by:	markj (earlier version)
  Differential Revision:	https://reviews.freebsd.org/D27015

Modified:
  head/sys/compat/linux/linux_misc.c
  head/sys/compat/linux/linux_misc.h

Modified: head/sys/compat/linux/linux_misc.c
==============================================================================
--- head/sys/compat/linux/linux_misc.c	Tue Nov  3 01:38:16 2020	(r367289)
+++ head/sys/compat/linux/linux_misc.c	Tue Nov  3 02:10:54 2020	(r367290)
@@ -1937,7 +1937,7 @@ linux_prctl(struct thread *td, struct linux_prctl_args
 	int error = 0, max_size;
 	struct proc *p = td->td_proc;
 	char comm[LINUX_MAX_COMM_LEN];
-	int pdeath_signal;
+	int pdeath_signal, trace_state;
 
 	switch (args->option) {
 	case LINUX_PR_SET_PDEATHSIG:
@@ -1955,10 +1955,46 @@ linux_prctl(struct thread *td, struct linux_prctl_args
 		return (copyout(&pdeath_signal,
 		    (void *)(register_t)args->arg2,
 		    sizeof(pdeath_signal)));
+	/*
+	 * In Linux, this flag controls if set[gu]id processes can coredump.
+	 * There are additional semantics imposed on processes that cannot
+	 * coredump:
+	 * - Such processes can not be ptraced.
+	 * - There are some semantics around ownership of process-related files
+	 *   in the /proc namespace.
+	 *
+	 * In FreeBSD, we can (and by default, do) disable setuid coredump
+	 * system-wide with 'sugid_coredump.'  We control tracability on a
+	 * per-process basis with the procctl PROC_TRACE (=> P2_NOTRACE flag).
+	 * By happy coincidence, P2_NOTRACE also prevents coredumping.  So the
+	 * procctl is roughly analogous to Linux's DUMPABLE.
+	 *
+	 * So, proxy these knobs to the corresponding PROC_TRACE setting.
+	 */
+	case LINUX_PR_GET_DUMPABLE:
+		error = kern_procctl(td, P_PID, p->p_pid, PROC_TRACE_STATUS,
+		    &trace_state);
+		if (error != 0)
+			return (error);
+		td->td_retval[0] = (trace_state != -1);
+		return (0);
 	case LINUX_PR_SET_DUMPABLE:
-		linux_msg(td, "unsupported prctl PR_SET_DUMPABLE");
-		error = EINVAL;
-		break;
+		/*
+		 * It is only valid for userspace to set one of these two
+		 * flags, and only one at a time.
+		 */
+		switch (args->arg2) {
+		case LINUX_SUID_DUMP_DISABLE:
+			trace_state = PROC_TRACE_CTL_DISABLE_EXEC;
+			break;
+		case LINUX_SUID_DUMP_USER:
+			trace_state = PROC_TRACE_CTL_ENABLE;
+			break;
+		default:
+			return (EINVAL);
+		}
+		return (kern_procctl(td, P_PID, p->p_pid, PROC_TRACE_CTL,
+		    &trace_state));
 	case LINUX_PR_GET_KEEPCAPS:
 		/*
 		 * Indicate that we always clear the effective and

Modified: head/sys/compat/linux/linux_misc.h
==============================================================================
--- head/sys/compat/linux/linux_misc.h	Tue Nov  3 01:38:16 2020	(r367289)
+++ head/sys/compat/linux/linux_misc.h	Tue Nov  3 02:10:54 2020	(r367290)
@@ -50,6 +50,7 @@
 					 * Second arg is a ptr to return the
 					 * signal.
 					 */
+#define	LINUX_PR_GET_DUMPABLE	3
 #define	LINUX_PR_SET_DUMPABLE	4
 #define	LINUX_PR_GET_KEEPCAPS	7	/* Get drop capabilities on setuid */
 #define	LINUX_PR_SET_KEEPCAPS	8	/* Set drop capabilities on setuid */
@@ -61,6 +62,11 @@
 #define	LINUX_PR_SET_PTRACER	1499557217
 
 #define	LINUX_MAX_COMM_LEN	16	/* Maximum length of the process name. */
+
+/* For GET/SET DUMPABLE */
+#define	LINUX_SUID_DUMP_DISABLE	0	/* Don't coredump setuid processes. */
+#define	LINUX_SUID_DUMP_USER	1	/* Dump as user of process. */
+#define	LINUX_SUID_DUMP_ROOT	2	/* Dump as root. */
 
 #define	LINUX_MREMAP_MAYMOVE	1
 #define	LINUX_MREMAP_FIXED	2