UPSTREAM: fs/proc/kcore.c: Add bounce buffer for ktext data · 816619eef3 - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

UPSTREAM: fs/proc/kcore.c: Add bounce buffer for ktext data

We hit hardened usercopy feature check for kernel text access by reading
kcore file:

  usercopy: kernel memory exposure attempt detected from ffffffff8179a01f (<kernel text>) (4065 bytes)
  kernel BUG at mm/usercopy.c:75!

Bypassing this check for kcore by adding bounce buffer for ktext data.

Reported-by: Steve Best <sbest@redhat.com>
Fixes: f5509cc18daa ("mm: Hardened usercopy")
Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Bug: 31374226
Change-Id: Ic93e6041b67d804a994518bf4950811f828b406e
(cherry picked from commit df04abfd181acc276ba6762c8206891ae10ae00d)
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>

This commit is contained in:

Jiri Olsa

2016-09-08 09:57:08 +02:00

• committed by

Amit Pundir

parent ac8c3e0150

commit 816619eef3

1 changed files with 6 additions and 1 deletions

									
										7

fs/proc/kcore.c
									
										View file
										
				@ -509,7 +509,12 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)

							if (kern_addr_valid(start)) {

								unsigned long n;

								n = copy_to_user(buffer, (char *)start, tsz);

								/*

								 * Using bounce buffer to bypass the

								 * hardened user copy kernel text checks.

								 */

								memcpy(buf, (char *) start, tsz);

								n = copy_to_user(buffer, buf, tsz);

								/*

								 * We cannot distinguish between fault on source

								 * and fault on destination. When this happens