| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+fCnZeb4eKAf18U7YQEUvS1GVJdC1+gn3PSAS2b4_hnkf8xaw@mail.gmail.com>
Date: Sun, 22 Jun 2025 15:00:33 +0200
From: Andrey Konovalov <andreyknvl@...il.com>
To: Sabyrzhan Tasbolatov <snovitoll@...il.com>
Cc: ryabinin.a.a@...il.com, hch@...radead.org, elver@...gle.com, arnd@...db.de,
glider@...gle.com, dvyukov@...gle.com, vincenzo.frascino@....com,
akpm@...ux-foundation.org, david@...hat.com, kasan-dev@...glegroups.com,
linux-mm@...ck.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm: unexport globally copy_to_kernel_nofault
On Sun, Jun 22, 2025 at 7:19 AM Sabyrzhan Tasbolatov
<snovitoll@...il.com> wrote:
>
> `copy_to_kernel_nofault()` is an internal helper which should not be
> visible to loadable modules – exporting it would give exploit code a
> cheap oracle to probe kernel addresses. Instead, keep the helper
> un-exported and compile the kunit case that exercises it only when
> `mm/kasan/kasan_test.o` is linked into vmlinux.
>
> Fixes: ca79a00bb9a8 ("kasan: migrate copy_user_test to kunit")
> Suggested-by: Christoph Hellwig <hch@...radead.org>
> Suggested-by: Marco Elver <elver@...gle.com>
> Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@...il.com>
> ---
> mm/kasan/kasan_test_c.c | 4 ++++
> mm/maccess.c | 1 -
> 2 files changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/mm/kasan/kasan_test_c.c b/mm/kasan/kasan_test_c.c
> index 5f922dd38ffa..094ecd27b707 100644
> --- a/mm/kasan/kasan_test_c.c
> +++ b/mm/kasan/kasan_test_c.c
> @@ -1977,6 +1977,7 @@ static void rust_uaf(struct kunit *test)
> KUNIT_EXPECT_KASAN_FAIL(test, kasan_test_rust_uaf());
> }
>
> +#ifndef MODULE
Would be great to have a comment here explaining the ifndef.
> static void copy_to_kernel_nofault_oob(struct kunit *test)
> {
> char *ptr;
> @@ -2011,6 +2012,7 @@ static void copy_to_kernel_nofault_oob(struct kunit *test)
>
> kfree(ptr);
> }
> +#endif /* !MODULE */
>
> static void copy_user_test_oob(struct kunit *test)
> {
> @@ -2131,7 +2133,9 @@ static struct kunit_case kasan_kunit_test_cases[] = {
> KUNIT_CASE(match_all_not_assigned),
> KUNIT_CASE(match_all_ptr_tag),
> KUNIT_CASE(match_all_mem_tag),
> +#ifndef MODULE
> KUNIT_CASE(copy_to_kernel_nofault_oob),
> +#endif
> KUNIT_CASE(rust_uaf),
> KUNIT_CASE(copy_user_test_oob),
> {}
> diff --git a/mm/maccess.c b/mm/maccess.c
> index 831b4dd7296c..486559d68858 100644
> --- a/mm/maccess.c
> +++ b/mm/maccess.c
> @@ -82,7 +82,6 @@ long copy_to_kernel_nofault(void *dst, const void *src, size_t size)
> pagefault_enable();
> return -EFAULT;
> }
> -EXPORT_SYMBOL_GPL(copy_to_kernel_nofault);
>
> long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count)
> {
> --
> 2.34.1
>
Other than that:
Reviewed-by: Andrey Konovalov <andreyknvl@...il.com>
Thank you!
Powered by blists - more mailing lists