lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20121001225158.802435384@1wt.eu>
Date:	Tue, 02 Oct 2012 00:52:25 +0200
From:	Willy Tarreau <w@....eu>
To:	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc:	Robert Richter <robert.richter@....com>,
	Greg KH <gregkh@...uxfoundation.org>,
	Junxiao Bi <junxiao.bi@...cle.com>, Willy Tarreau <w@....eu>
Subject: [ 028/180] oprofile: use KM_NMI slot for kmap_atomic

2.6.32-longterm review patch.  If anyone has any objections, please let me know.

------------------

From: Junxiao Bi <junxiao.bi@...cle.com>

If one kernel path is using KM_USER0 slot and is interrupted by
the oprofile nmi, then in copy_from_user_nmi(), the KM_USER0 slot
will be overwrite and cleared to zero at last, when the control
return to the original kernel path, it will access an invalid
virtual address and trigger a crash.

Cc: Robert Richter <robert.richter@....com>
Cc: Greg KH <gregkh@...uxfoundation.org>
Cc: stable@...r.kernel.org
Signed-off-by: Junxiao Bi <junxiao.bi@...cle.com>

[WT: According to Junxiao and Robert, this patch is needed for stable kernels
 which include a backport of a0e3e70243f5b270bc3eca718f0a9fa5e6b8262e without
 3e4d3af501cccdc8a8cca41bdbe57d54ad7e7e73, but there is no exact equivalent in
 mainline]
Signed-off-by: Willy Tarreau <w@....eu>
---
 arch/x86/oprofile/backtrace.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c
index 829edf0..b50a280 100644
--- a/arch/x86/oprofile/backtrace.c
+++ b/arch/x86/oprofile/backtrace.c
@@ -71,9 +71,9 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n)
 		offset = addr & (PAGE_SIZE - 1);
 		size = min(PAGE_SIZE - offset, n - len);
 
-		map = kmap_atomic(page, KM_USER0);
+		map = kmap_atomic(page, KM_NMI);
 		memcpy(to, map+offset, size);
-		kunmap_atomic(map, KM_USER0);
+		kunmap_atomic(map, KM_NMI);
 		put_page(page);
 
 		len  += size;
-- 
1.7.2.1.45.g54fbc



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ