Re: [PATCH] fix mm_access bug in pagemap_read

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Aug 03, 2016 at 02:58:30PM -0400, Joe Korty wrote:
> On Tue, Aug 02, 2016 at 05:40:48PM -0400, Jann Horn wrote:
> > On Tue, Aug 02, 2016 at 03:26:53PM -0400, Joe Korty wrote:
> > > Hi Jann,
> > > The following linux-4.1.y git commit, y > 17,
> > > 
> > >     Commit caaee6234d05a58c5b4d05e7bf766131b810a657
> > >     Author: Jann Horn <jann@xxxxxxxxx>
> > >     Date:   Wed Jan 20 15:00:04 2016 -0800
> > > 
> > >     ptrace: use fsuid, fsgid, effective creds for fs access checks
> > > 
> > > broke linux-4.1.y with the following oops, repeated forever.
> > 
> > >    [   81.122531] ------------[ cut here ]------------
> > >    [   81.127161] WARNING: CPU: 6 PID: 5553 at kernel/ptrace.c:248 __ptrace_may_access+0x18a/0x1a0()
> > >    [   81.135780] denying ptrace access check without PTRACE_MODE_*CREDS
> > 
> > (Nit: That's just a warning, not an oops - it blocks access, but
> > doesn't kill the calling process. But still not good, of course.)
> > 
> > 
> > > The problem is that the above git commit missed one mm_access call
> > > that needed converting.  In this patch, we convert PTRACE_MODE_READ
> > > to PTRACE_MODE_READ_FSCREDS as that seems more correct for pagemap_read
> > > than PTRACE_MODE_READ_REALCREDS.
> > 
> > Yup, PTRACE_MODE_READ_FSCREDS is appropriate here.
> > 
> > 
> > > There may be stable releases other than linux-4.1.y that need this fix.
> > > 
> > > Signed-off-by: Joe Korty <joe.korty@xxxxxxxx>
> > > 
> > > Index: b/fs/proc/task_mmu.c
> > > ===================================================================
> > > --- a/fs/proc/task_mmu.c
> > > +++ b/fs/proc/task_mmu.c
> > > @@ -1257,7 +1257,7 @@ static ssize_t pagemap_read(struct file 
> > >  	if (!pm.buffer)
> > >  		goto out_task;
> > >  
> > > -	mm = mm_access(task, PTRACE_MODE_READ);
> > > +	mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
> > >  	ret = PTR_ERR(mm);
> > >  	if (!mm || IS_ERR(mm))
> > >  		goto out_free;
> > 
> 
> 
> Hi Jann,
> Greg may need an 'Acked-by' from you before he can apply this fix.

Ah, okay. Sure, you can add:

Acked-by: Jann Horn <jann@xxxxxxxxx>

> Greg, I just looked at the longterm and the 4.7 releases and it
> appears that only 4.1 and 3.18 need this fix.

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]