Commit df04abfd authored Sep 08, 2016 by Jiri Olsa Committed by Linus Torvalds Sep 20, 2016

fs/proc/kcore.c: Add bounce buffer for ktext data



We hit hardened usercopy feature check for kernel text access by reading
kcore file:

  usercopy: kernel memory exposure attempt detected from ffffffff8179a01f (<kernel text>) (4065 bytes)
  kernel BUG at mm/usercopy.c:75!

Bypassing this check for kcore by adding bounce buffer for ktext data.

Reported-by: Steve Best <sbest@redhat.com>
Fixes: f5509cc1 ("mm: Hardened usercopy")
Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent f5beeb18

fs/proc/kcore.c

+6 −1

Original line number	Diff line number	Diff line
		@@ -509,7 +509,12 @@ read_kcore(struct file file, char __user buffer, size_t buflen, loff_t *fpos)
		if (kern_addr_valid(start)) {
		unsigned long n;

		n = copy_to_user(buffer, (char *)start, tsz);
		/*
		* Using bounce buffer to bypass the
		* hardened user copy kernel text checks.
		*/
		memcpy(buf, (char *) start, tsz);
		n = copy_to_user(buffer, buf, tsz);
		/*
		* We cannot distinguish between fault on source
		* and fault on destination. When this happens

Admin message