Skip to content

Commit

Permalink
fs/proc/kcore.c: Add bounce buffer for ktext data
Browse files Browse the repository at this point in the history
We hit hardened usercopy feature check for kernel text access by reading
kcore file:

  usercopy: kernel memory exposure attempt detected from ffffffff8179a01f (<kernel text>) (4065 bytes)
  kernel BUG at mm/usercopy.c:75!

Bypassing this check for kcore by adding bounce buffer for ktext data.

Reported-by: Steve Best <sbest@redhat.com>
Fixes: f5509cc ("mm: Hardened usercopy")
Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Jiri Olsa authored and Linus Torvalds committed Sep 20, 2016
1 parent f5beeb1 commit df04abf
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion fs/proc/kcore.c
Original file line number Diff line number Diff line change
Expand Up @@ -509,7 +509,12 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
if (kern_addr_valid(start)) {
unsigned long n;

n = copy_to_user(buffer, (char *)start, tsz);
/*
* Using bounce buffer to bypass the
* hardened user copy kernel text checks.
*/
memcpy(buf, (char *) start, tsz);
n = copy_to_user(buffer, buf, tsz);
/*
* We cannot distinguish between fault on source
* and fault on destination. When this happens
Expand Down

0 comments on commit df04abf

Please sign in to comment.