[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20160803204354.GA12989@pc.thejh.net>
Date: Wed, 3 Aug 2016 22:43:54 +0200
From: Jann Horn <jann@...jh.net>
To: Joe Korty <joe.korty@...r.com>
Cc: "stable@...r.kernel.org" <stable@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] fix mm_access bug in pagemap_read
On Wed, Aug 03, 2016 at 02:58:30PM -0400, Joe Korty wrote:
> On Tue, Aug 02, 2016 at 05:40:48PM -0400, Jann Horn wrote:
> > On Tue, Aug 02, 2016 at 03:26:53PM -0400, Joe Korty wrote:
> > > Hi Jann,
> > > The following linux-4.1.y git commit, y > 17,
> > >
> > > Commit caaee6234d05a58c5b4d05e7bf766131b810a657
> > > Author: Jann Horn <jann@...jh.net>
> > > Date: Wed Jan 20 15:00:04 2016 -0800
> > >
> > > ptrace: use fsuid, fsgid, effective creds for fs access checks
> > >
> > > broke linux-4.1.y with the following oops, repeated forever.
> >
> > > [ 81.122531] ------------[ cut here ]------------
> > > [ 81.127161] WARNING: CPU: 6 PID: 5553 at kernel/ptrace.c:248 __ptrace_may_access+0x18a/0x1a0()
> > > [ 81.135780] denying ptrace access check without PTRACE_MODE_*CREDS
> >
> > (Nit: That's just a warning, not an oops - it blocks access, but
> > doesn't kill the calling process. But still not good, of course.)
> >
> >
> > > The problem is that the above git commit missed one mm_access call
> > > that needed converting. In this patch, we convert PTRACE_MODE_READ
> > > to PTRACE_MODE_READ_FSCREDS as that seems more correct for pagemap_read
> > > than PTRACE_MODE_READ_REALCREDS.
> >
> > Yup, PTRACE_MODE_READ_FSCREDS is appropriate here.
> >
> >
> > > There may be stable releases other than linux-4.1.y that need this fix.
> > >
> > > Signed-off-by: Joe Korty <joe.korty@...r.com>
> > >
> > > Index: b/fs/proc/task_mmu.c
> > > ===================================================================
> > > --- a/fs/proc/task_mmu.c
> > > +++ b/fs/proc/task_mmu.c
> > > @@ -1257,7 +1257,7 @@ static ssize_t pagemap_read(struct file
> > > if (!pm.buffer)
> > > goto out_task;
> > >
> > > - mm = mm_access(task, PTRACE_MODE_READ);
> > > + mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
> > > ret = PTR_ERR(mm);
> > > if (!mm || IS_ERR(mm))
> > > goto out_free;
> >
>
>
> Hi Jann,
> Greg may need an 'Acked-by' from you before he can apply this fix.
Ah, okay. Sure, you can add:
Acked-by: Jann Horn <jann@...jh.net>
> Greg, I just looked at the longterm and the 4.7 releases and it
> appears that only 4.1 and 3.18 need this fix.
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists