fs/proc/kcore.c: Add bounce buffer for ktext data
We hit hardened usercopy feature check for kernel text access by reading
kcore file:
usercopy: kernel memory exposure attempt detected from ffffffff8179a01f (<kernel text>) (4065 bytes)
kernel BUG at mm/usercopy.c:75!
Bypassing this check for kcore by adding bounce buffer for ktext data.
Reported-by: Steve Best <sbest@redhat.com>
Fixes: f5509cc18d
("mm: Hardened usercopy")
Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
f5beeb1851
commit
df04abfd18
|
@ -509,7 +509,12 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
|
||||||
if (kern_addr_valid(start)) {
|
if (kern_addr_valid(start)) {
|
||||||
unsigned long n;
|
unsigned long n;
|
||||||
|
|
||||||
n = copy_to_user(buffer, (char *)start, tsz);
|
/*
|
||||||
|
* Using bounce buffer to bypass the
|
||||||
|
* hardened user copy kernel text checks.
|
||||||
|
*/
|
||||||
|
memcpy(buf, (char *) start, tsz);
|
||||||
|
n = copy_to_user(buffer, buf, tsz);
|
||||||
/*
|
/*
|
||||||
* We cannot distinguish between fault on source
|
* We cannot distinguish between fault on source
|
||||||
* and fault on destination. When this happens
|
* and fault on destination. When this happens
|
||||||
|
|
Loading…
Reference in New Issue