| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202007161415.10D015477@keescook>
Date: Thu, 16 Jul 2020 14:16:09 -0700
From: Kees Cook <keescook@...omium.org>
To: Scott Branden <scott.branden@...adcom.com>
Cc: Matthew Wilcox <willy@...radead.org>,
James Morris <jmorris@...ei.org>,
Luis Chamberlain <mcgrof@...nel.org>,
Mimi Zohar <zohar@...ux.ibm.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Rafael J. Wysocki" <rafael@...nel.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
Jessica Yu <jeyu@...nel.org>,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
"Serge E. Hallyn" <serge@...lyn.com>,
Casey Schaufler <casey@...aufler-ca.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Peter Zijlstra <peterz@...radead.org>,
Matthew Garrett <matthewgarrett@...gle.com>,
David Howells <dhowells@...hat.com>,
Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
Randy Dunlap <rdunlap@...radead.org>,
"Joel Fernandes (Google)" <joel@...lfernandes.org>,
KP Singh <kpsingh@...gle.com>, Dave Olsthoorn <dave@...aar.me>,
Hans de Goede <hdegoede@...hat.com>,
Peter Jones <pjones@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Stephen Boyd <stephen.boyd@...aro.org>,
Paul Moore <paul@...l-moore.com>, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org
Subject: Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from
kernel_read_file() enums
On Thu, Jul 16, 2020 at 01:35:17PM -0700, Scott Branden wrote:
> On 2020-07-10 3:44 p.m., Kees Cook wrote:
> > On Fri, Jul 10, 2020 at 03:10:25PM -0700, Scott Branden wrote:
> > >
> > > On 2020-07-10 3:04 p.m., Matthew Wilcox wrote:
> > > > On Fri, Jul 10, 2020 at 02:00:32PM -0700, Scott Branden wrote:
> > > > > > @@ -950,8 +951,8 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size,
> > > > > > goto out;
> > > > > > }
> > > > > > - if (id != READING_FIRMWARE_PREALLOC_BUFFER)
> > > > > > - *buf = vmalloc(i_size);
> > > > > > + if (!*buf)
> > > > > The assumption that *buf is always NULL when id !=
> > > > > READING_FIRMWARE_PREALLOC_BUFFER doesn't appear to be correct.
> > > > > I get unhandled page faults due to this change on boot.
> > > > Did it give you a stack backtrace?
> > > Yes, but there's no requirement that *buf need to be NULL when calling this
> > > function.
> > > To fix my particular crash I added the following locally:
> > >
> > > --- a/kernel/module.c
> > > +++ b/kernel/module.c
> > > @@ -3989,7 +3989,7 @@ SYSCALL_DEFINE3(finit_module, int, fd, const char
> > > __user *, uargs, int, flags)
> > > {
> > > struct load_info info = { };
> > > loff_t size;
> > > - void *hdr;
> > > + void *hdr = NULL;
> > > int err;
> > >
> > > err = may_init_module();
> > Thanks for the diagnosis and fix! I haven't had time to cycle back
> > around to this series yet. Hopefully soon. :)
> >
> In order to assist in your patchset I have combined it with my patch series
> here:
> https://github.com/sbranden/linux/tree/kernel_read_file_for_kees
>
> Please let me know if this matches your expectations for my patches or if
> there is something else I need to change.
Thanks! I was working on the next revision of this last night, and I'm
trying to get through today's email to finish it. I'll take a look!
--
Kees Cook
Powered by blists - more mailing lists