lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20221129191839.2471308-2-jannh@google.com>
Date:   Tue, 29 Nov 2022 20:18:39 +0100
From:   Jann Horn <jannh@...gle.com>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     Andrei Vagin <avagin@...il.com>, linux-kernel@...r.kernel.org
Subject: [PATCH 2/2] time/namespace: Forbid timens page faults under kthread_use_mm()

find_timens_vvar_page() doesn't work when current's timens does not match
the timens associated with current->mm.
v6 of the series adding this code [1] had some complicated code to deal
with this case, but v7 [2] removed that.

Since the vvar region is designed to only be accessed by vDSO code, and
vDSO code can't run in kthread context, it should be fine to error out in
this case.

Backporting note: This commit depends on the preceding refactoring patch.

[1] https://lore.kernel.org/lkml/20190815163836.2927-24-dima@arista.com/
[2] https://lore.kernel.org/lkml/20191011012341.846266-24-dima@arista.com/

Fixes: ee3cda8e4606 ("arm64/vdso: Handle faults on timens page")
Fixes: 74205b3fc2ef ("powerpc/vdso: Add support for time namespaces")
Fixes: dffe11e280a4 ("riscv/vdso: Add support for time namespaces")
Fixes: eeab78b05d20 ("s390/vdso: implement generic vdso time namespace support")
Fixes: af34ebeb866f ("x86/vdso: Handle faults on timens page")
Cc: stable@...r.kernel.org
Signed-off-by: Jann Horn <jannh@...gle.com>
---
 kernel/time/namespace.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/kernel/time/namespace.c b/kernel/time/namespace.c
index 761c0ada5142a..7315d0aeb1d21 100644
--- a/kernel/time/namespace.c
+++ b/kernel/time/namespace.c
@@ -194,6 +194,17 @@ static void timens_setup_vdso_data(struct vdso_data *vdata,
 
 struct page *find_timens_vvar_page(struct vm_area_struct *vma)
 {
+	/*
+	 * We can't handle faults where current's timens does not match the
+	 * timens associated with the mm_struct. This can happen if a page fault
+	 * occurs in a kthread that is using kthread_use_mm().
+	 */
+	if (current->flags & PF_KTHREAD) {
+		pr_warn("%s: kthread %s/%d tried to fault in timens page\n",
+			__func__, current->comm, current->pid);
+		return NULL;
+	}
+
 	if (likely(vma->vm_mm == current->mm))
 		return current->nsproxy->time_ns->vvar_page;
 
-- 
2.38.1.584.g0f3c55d4c2-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ