On Wed, Aug 03, 2016 at 02:58:30PM -0400, Joe Korty wrote: > On Tue, Aug 02, 2016 at 05:40:48PM -0400, Jann Horn wrote: > > On Tue, Aug 02, 2016 at 03:26:53PM -0400, Joe Korty wrote: > > > Hi Jann, > > > The following linux-4.1.y git commit, y > 17, > > > > > > Commit caaee6234d05a58c5b4d05e7bf766131b810a657 > > > Author: Jann Horn <jann@xxxxxxxxx> > > > Date: Wed Jan 20 15:00:04 2016 -0800 > > > > > > ptrace: use fsuid, fsgid, effective creds for fs access checks > > > > > > broke linux-4.1.y with the following oops, repeated forever. > > > > > [ 81.122531] ------------[ cut here ]------------ > > > [ 81.127161] WARNING: CPU: 6 PID: 5553 at kernel/ptrace.c:248 __ptrace_may_access+0x18a/0x1a0() > > > [ 81.135780] denying ptrace access check without PTRACE_MODE_*CREDS > > > > (Nit: That's just a warning, not an oops - it blocks access, but > > doesn't kill the calling process. But still not good, of course.) > > > > > > > The problem is that the above git commit missed one mm_access call > > > that needed converting. In this patch, we convert PTRACE_MODE_READ > > > to PTRACE_MODE_READ_FSCREDS as that seems more correct for pagemap_read > > > than PTRACE_MODE_READ_REALCREDS. > > > > Yup, PTRACE_MODE_READ_FSCREDS is appropriate here. > > > > > > > There may be stable releases other than linux-4.1.y that need this fix. > > > > > > Signed-off-by: Joe Korty <joe.korty@xxxxxxxx> > > > > > > Index: b/fs/proc/task_mmu.c > > > =================================================================== > > > --- a/fs/proc/task_mmu.c > > > +++ b/fs/proc/task_mmu.c > > > @@ -1257,7 +1257,7 @@ static ssize_t pagemap_read(struct file > > > if (!pm.buffer) > > > goto out_task; > > > > > > - mm = mm_access(task, PTRACE_MODE_READ); > > > + mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); > > > ret = PTR_ERR(mm); > > > if (!mm || IS_ERR(mm)) > > > goto out_free; > > > > > Hi Jann, > Greg may need an 'Acked-by' from you before he can apply this fix. Ah, okay. Sure, you can add: Acked-by: Jann Horn <jann@xxxxxxxxx> > Greg, I just looked at the longterm and the 4.7 releases and it > appears that only 4.1 and 3.18 need this fix.
Attachment:
signature.asc
Description: Digital signature