diff options
| author | Jiri Olsa <jolsa@kernel.org> | 2016-09-08 09:57:08 +0200 |
|---|---|---|
| committer | Sami Tolvanen <samitolvanen@google.com> | 2016-10-05 08:09:43 -0700 |
| commit | c7642969a507168ab9d4a5d4715030af5d2a11a7 (patch) | |
| tree | 2e92810a00326c9d4c45a54bed9d5daa82c9df45 | |
| parent | 762a327de1b8dc48f813c7d397f7b627cff215c5 (diff) | |
UPSTREAM: fs/proc/kcore.c: Add bounce buffer for ktext data
We hit hardened usercopy feature check for kernel text access by reading
kcore file:
usercopy: kernel memory exposure attempt detected from ffffffff8179a01f (<kernel text>) (4065 bytes)
kernel BUG at mm/usercopy.c:75!
Bypassing this check for kcore by adding bounce buffer for ktext data.
Reported-by: Steve Best <sbest@redhat.com>
Fixes: f5509cc18daa ("mm: Hardened usercopy")
Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bug: 31374226
Change-Id: Ic93e6041b67d804a994518bf4950811f828b406e
(cherry picked from commit df04abfd181acc276ba6762c8206891ae10ae00d)
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
| -rw-r--r-- | fs/proc/kcore.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c index 2dc84040b0cb..21f198aa0961 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c @@ -509,7 +509,12 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) if (kern_addr_valid(start)) { unsigned long n; - n = copy_to_user(buffer, (char *)start, tsz); + /* + * Using bounce buffer to bypass the + * hardened user copy kernel text checks. + */ + memcpy(buf, (char *) start, tsz); + n = copy_to_user(buffer, buf, tsz); /* * We cannot distinguish between fault on source * and fault on destination. When this happens |