| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200520201126.f37d3b1e46355199216404e2@kernel.org>
Date: Wed, 20 May 2020 20:11:26 +0900
From: Masami Hiramatsu <mhiramat@...nel.org>
To: Christoph Hellwig <hch@....de>
Cc: x86@...nel.org, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-parisc@...r.kernel.org, linux-um@...ts.infradead.org,
netdev@...r.kernel.org, bpf@...r.kernel.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 13/20] maccess: always use strict semantics for
probe_kernel_read
On Tue, 19 May 2020 15:44:42 +0200
Christoph Hellwig <hch@....de> wrote:
> diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
> index 2f6737cc53e6c..82da20e712507 100644
> --- a/kernel/trace/trace_kprobe.c
> +++ b/kernel/trace/trace_kprobe.c
> @@ -1208,7 +1208,13 @@ fetch_store_strlen(unsigned long addr)
> u8 c;
>
> do {
> - ret = probe_kernel_read(&c, (u8 *)addr + len, 1);
> + if (IS_ENABLED(CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE) &&
> + (unsigned long)addr < TASK_SIZE) {
> + ret = probe_user_read(&c,
> + (__force u8 __user *)addr + len, 1);
> + } else {
> + ret = probe_kernel_read(&c, (u8 *)addr + len, 1);
> + }
> len++;
> } while (c && ret == 0 && len < MAX_STRING_SIZE);
To avoid redundant check in the loop, we can use strnlen_user_nofault() out of
the loop. Something like below.
...
u8 c;
if (IS_ENABLED(CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE) &&
(unsigned long)addr < TASK_SIZE) {
return strnlen_user_nofault((__force u8 __user *)addr, MAX_STRING_SIZE);
do {
ret = probe_kernel_read(&c, (u8 *)addr + len, 1);
len++;
} while (c && ret == 0 && len < MAX_STRING_SIZE);
...
This must work because we must not have a string that continues across
kernel space and user space.
Thank you,
--
Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists