adc143b97d
commit 7f7ccc2ccc2e70c6054685f5e3522efa81556830 upstream. proc_pid_cmdline_read() and environ_read() directly access the target process' VM to retrieve the command line and environment. If this process remaps these areas onto a file via mmap(), the requesting process may experience various issues such as extra delays if the underlying device is slow to respond. Let's simply refuse to access file-backed areas in these functions. For this we add a new FOLL_ANON gup flag that is passed to all calls to access_remote_vm(). The code already takes care of such failures (including unmapped areas). Accesses via /proc/pid/mem were not changed though. This was assigned CVE-2018-1120. Note for stable backports: the patch may apply to kernels prior to 4.11 but silently miss one location; it must be checked that no call to access_remote_vm() keeps zero as the last argument. Reported-by: Qualys Security Advisory <qsa@qualys.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Willy Tarreau <w@1wt.eu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [bwh: Backported to 4.4: - Update the extra call to access_remote_vm() from proc_pid_cmdline_read() - Adjust context] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| array.c | ||
| base.c | ||
| cmdline.c | ||
| consoles.c | ||
| cpuinfo.c | ||
| devices.c | ||
| fd.c | ||
| fd.h | ||
| generic.c | ||
| inode.c | ||
| internal.h | ||
| interrupts.c | ||
| Kconfig | ||
| kcore.c | ||
| kmsg.c | ||
| loadavg.c | ||
| Makefile | ||
| meminfo.c | ||
| namespaces.c | ||
| nommu.c | ||
| page.c | ||
| proc_net.c | ||
| proc_sysctl.c | ||
| proc_tty.c | ||
| root.c | ||
| self.c | ||
| softirqs.c | ||
| stat.c | ||
| task_mmu.c | ||
| task_nommu.c | ||
| thread_self.c | ||
| uptime.c | ||
| version.c | ||
| vmcore.c | ||