| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160902161530.GB31273@krava>
Date: Fri, 2 Sep 2016 18:15:30 +0200
From: Jiri Olsa <jolsa@...hat.com>
To: Andi Kleen <andi@...stfloor.org>
Cc: Jiri Olsa <jolsa@...nel.org>, lkml <linux-kernel@...r.kernel.org>,
Kees Cook <keescook@...omium.org>,
Ingo Molnar <mingo@...nel.org>,
Adrian Hunter <adrian.hunter@...el.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH] fs/proc/kcore.c: Omit kernel text area for hardened
usercopy feature
On Fri, Sep 02, 2016 at 08:17:13AM -0700, Andi Kleen wrote:
> On Fri, Sep 02, 2016 at 02:25:45PM +0200, Jiri Olsa wrote:
> > One of the bullets for hardened usercopy feature is:
> > - object must not overlap with kernel text
> >
> > which is what we expose via /proc/kcore. We can hit
> > this check and crash the system very easily just by
> > reading the text area in kcore file:
> >
> > usercopy: kernel memory exposure attempt detected from ffffffff8179a01f (<kernel text>) (4065 bytes)
> > kernel BUG at mm/usercopy.c:75!
> >
> > Omitting kernel text area from kcore when there's
> > hardened usercopy feature is enabled.
>
> That will completely break PT decoding, which relies on looking
> at the kernel text in /proc/kcore.
>
> Need a different fix here, perhaps some special copy function
> that is not hardened.
ok, I'll try to come up with something
thanks,
jirka
Powered by blists - more mailing lists