lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0d22814f-203c-65d8-6277-e133279e53fd@linux.alibaba.com>
Date:   Mon, 5 Feb 2018 09:32:12 +0800
From:   Jia Zhang <zhang.jia@...ux.alibaba.com>
To:     tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
        jolsa@...nel.org
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall
 user page

Hi Jiri,

The maintainers are too busy to review this patchset. You are the author
of the commit df04abfd181a. Please help to review this patchset.

Thanks,
Jia

On 2018/1/30 下午2:42, Jia Zhang wrote:
> The commit df04abfd181a
> ("fs/proc/kcore.c: Add bounce buffer for ktext data") introduces a
> bounce buffer to work around CONFIG_HARDENED_USERCOPY=y. However,
> accessing vsyscall user page will cause SMAP violation in this way.
> 
> In order to fix this issue, simply replace memcpy() with copy_from_user()
> may work, but using a common way to handle this sort of user page may be
> useful for future.
> 
> Currently, only vsyscall page requires KCORE_USER.
> 
> Signed-off-by: Jia Zhang <zhang.jia@...ux.alibaba.com>
> ---
>  arch/x86/mm/init_64.c | 2 +-
>  fs/proc/kcore.c       | 4 ++++
>  include/linux/kcore.h | 1 +
>  3 files changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
> index 4a83728..dab78f6 100644
> --- a/arch/x86/mm/init_64.c
> +++ b/arch/x86/mm/init_64.c
> @@ -1187,7 +1187,7 @@ void __init mem_init(void)
>  
>  	/* Register memory areas for /proc/kcore */
>  	kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
> -			 PAGE_SIZE, KCORE_OTHER);
> +		   PAGE_SIZE, KCORE_USER);
>  
>  	mem_init_print_info(NULL);
>  }
> diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
> index 4bc85cb..e4b0204 100644
> --- a/fs/proc/kcore.c
> +++ b/fs/proc/kcore.c
> @@ -510,6 +510,10 @@ static void elf_kcore_store_hdr(char *bufp, int nphdr, int dataoff)
>  			/* we have to zero-fill user buffer even if no read */
>  			if (copy_to_user(buffer, buf, tsz))
>  				return -EFAULT;
> +		} else if (m->type == KCORE_USER) {
> +			/* user page is handled prior to normal kernel page */
> +			if (copy_to_user(buffer, (char *)start, tsz))
> +				return -EFAULT;
>  		} else {
>  			if (kern_addr_valid(start)) {
>  				unsigned long n;
> diff --git a/include/linux/kcore.h b/include/linux/kcore.h
> index 7ff25a8..80db19d 100644
> --- a/include/linux/kcore.h
> +++ b/include/linux/kcore.h
> @@ -10,6 +10,7 @@ enum kcore_type {
>  	KCORE_VMALLOC,
>  	KCORE_RAM,
>  	KCORE_VMEMMAP,
> +	KCORE_USER,
>  	KCORE_OTHER,
>  };
>  
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ