lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1535515447-21167-1-git-send-email-asmadeus@codewreck.org>
Date:   Wed, 29 Aug 2018 06:04:07 +0200
From:   Dominique Martinet <asmadeus@...ewreck.org>
To:     Omar Sandoval <osandov@...ndov.com>,
        Andrew Morton <akpm@...ux-foundation.org>
Cc:     Dominique Martinet <asmadeus@...ewreck.org>,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        Alexey Dobriyan <adobriyan@...il.com>,
        Eric Biederman <ebiederm@...ssion.com>,
        James Morse <james.morse@....com>,
        Bhupesh Sharma <bhsharma@...hat.com>, kernel-team@...com
Subject: [PATCH] proc/kcore: fix invalid memory access in multi-page read optimization

The 'm' kcore_list item can point to kclist_head, and it is incorrect to
look at m->addr / m->size in this case.
There is no choice but to run through the list of entries for every address
if we did not find any entry in the previous iteration

Fixes: bf991c2231117 ("proc/kcore: optimize multiple page reads")
Signed-off-by: Dominique Martinet <asmadeus@...ewreck.org>
---

I guess now I'm looking at bf991c2231117 again that it would be slightly
more efficient to remove the !m check and initialize m to point to
kclist_head like this:
 m = list_entry(&kclist_head, struct kcore_list, list);
but it feels a bit forced to me; deferring the choice to others.

 fs/proc/kcore.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index ad72261ee3fe..50036f6e1f52 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -451,7 +451,8 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
 		 * If this is the first iteration or the address is not within
 		 * the previous entry, search for a matching entry.
 		 */
-		if (!m || start < m->addr || start >= m->addr + m->size) {
+		if (!m || &m->list == &kclist_head || start < m->addr ||
+		    start >= m->addr + m->size) {
 			list_for_each_entry(m, &kclist_head, list) {
 				if (start >= m->addr &&
 				    start < m->addr + m->size)
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ