From: Peter Zijlstra <peterz@infradead.org>
To: keescook@chromium.org, jannh@google.com
Cc: linux-kernel@vger.kernel.org, peterz@infradead.org,
vcaputo@pengaru.com, mingo@redhat.com, juri.lelli@redhat.com,
vincent.guittot@linaro.org, dietmar.eggemann@arm.com,
rostedt@goodmis.org, bsegall@google.com, mgorman@suse.de,
bristot@redhat.com, akpm@linux-foundation.org,
christian.brauner@ubuntu.com, amistry@google.com,
Kenta.Tada@sony.com, legion@kernel.org,
michael.weiss@aisec.fraunhofer.de, mhocko@suse.com,
deller@gmx.de, zhengqi.arch@bytedance.com, me@tobin.cc,
tycho@tycho.pizza, tglx@linutronix.de, bp@alien8.de,
hpa@zytor.com, mark.rutland@arm.com, axboe@kernel.dk,
metze@samba.org, laijs@linux.alibaba.com, luto@kernel.org,
dave.hansen@linux.intel.com, ebiederm@xmission.com,
ohoono.kwon@samsung.com, kaleshsingh@google.com,
yifeifz2@illinois.edu, jpoimboe@redhat.com,
linux-hardening@vger.kernel.org, linux-arch@vger.kernel.org,
vgupta@kernel.org, linux@armlinux.org.uk, will@kernel.org,
guoren@kernel.org, bcain@codeaurora.org, monstr@monstr.eu,
tsbogend@alpha.franken.de, nickhu@andestech.com,
jonas@southpole.se, mpe@ellerman.id.au, paul.walmsley@sifive.com,
hca@linux.ibm.com, ysato@users.sourceforge.jp,
davem@davemloft.net, chris@zankel.net,
kernel test robot <oliver.sang@intel.com>,
stable@vger.kernel.org
Subject: [PATCH 1/7] Revert "proc/wchan: use printk format instead of lookup_symbol_name()"
Date: Fri, 08 Oct 2021 13:15:28 +0200 [thread overview]
Message-ID: <20211008111626.090829198@infradead.org> (raw)
In-Reply-To: 20211008111527.438276127@infradead.org
From: Kees Cook <keescook@chromium.org>
This reverts commit 152c432b128cb043fc107e8f211195fe94b2159c.
When a kernel address couldn't be symbolized for /proc/$pid/wchan, it
would leak the raw value, a potential information exposure. This is a
regression compared to the safer pre-v5.12 behavior.
Reported-by: kernel test robot <oliver.sang@intel.com>
Reported-by: Vito Caputo <vcaputo@pengaru.com>
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org
---
fs/proc/base.c | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -67,6 +67,7 @@
#include <linux/mm.h>
#include <linux/swap.h>
#include <linux/rcupdate.h>
+#include <linux/kallsyms.h>
#include <linux/stacktrace.h>
#include <linux/resource.h>
#include <linux/module.h>
@@ -386,17 +387,19 @@ static int proc_pid_wchan(struct seq_fil
struct pid *pid, struct task_struct *task)
{
unsigned long wchan;
+ char symname[KSYM_NAME_LEN];
- if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
- wchan = get_wchan(task);
- else
- wchan = 0;
-
- if (wchan)
- seq_printf(m, "%ps", (void *) wchan);
- else
- seq_putc(m, '0');
+ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
+ goto print0;
+ wchan = get_wchan(task);
+ if (wchan && !lookup_symbol_name(wchan, symname)) {
+ seq_puts(m, symname);
+ return 0;
+ }
+
+print0:
+ seq_putc(m, '0');
return 0;
}
#endif /* CONFIG_KALLSYMS */
next prev parent reply other threads:[~2021-10-08 11:17 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-08 11:15 [PATCH 0/7] wchan: Fix wchan support Peter Zijlstra
2021-10-08 11:15 ` Peter Zijlstra [this message]
2021-10-08 11:15 ` [PATCH 2/7] leaking_addresses: Always print a trailing newline Peter Zijlstra
2021-10-08 11:15 ` [PATCH 3/7] proc: Use task_is_running() for wchan in /proc/$pid/stat Peter Zijlstra
2021-10-08 11:15 ` [PATCH 4/7] x86: Fix get_wchan() to support the ORC unwinder Peter Zijlstra
2021-10-08 11:15 ` [PATCH 5/7] sched: Add wrapper for get_wchan() to keep task blocked Peter Zijlstra
2021-10-08 11:26 ` Geert Uytterhoeven
2021-10-08 12:45 ` Mark Rutland
2021-10-14 10:46 ` Russell King (Oracle)
2021-10-08 11:15 ` [PATCH 6/7] arch: __get_wchan || STACKTRACE_SUPPORT Peter Zijlstra
2021-10-08 12:40 ` Mark Rutland
2021-10-08 13:45 ` Peter Zijlstra
2021-10-08 16:17 ` Josh Poimboeuf
2021-10-14 18:07 ` Mark Rutland
2021-10-14 18:41 ` Josh Poimboeuf
2021-10-14 18:03 ` Mark Rutland
2021-10-14 18:48 ` Josh Poimboeuf
2021-10-14 11:07 ` Russell King (Oracle)
2021-10-08 11:15 ` [PATCH 7/7] arch: Fix STACKTRACE_SUPPORT Peter Zijlstra
2021-10-08 12:52 ` Mark Rutland
2021-10-09 9:36 ` Guo Ren
2021-10-14 12:02 ` [PATCH 0/7] wchan: Fix wchan support Russell King (Oracle)
2021-10-14 13:38 ` Russell King (Oracle)
2021-10-14 19:51 ` Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211008111626.090829198@infradead.org \
--to=peterz@infradead.org \
--cc=Kenta.Tada@sony.com \
--cc=akpm@linux-foundation.org \
--cc=amistry@google.com \
--cc=axboe@kernel.dk \
--cc=bcain@codeaurora.org \
--cc=bp@alien8.de \
--cc=bristot@redhat.com \
--cc=bsegall@google.com \
--cc=chris@zankel.net \
--cc=christian.brauner@ubuntu.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=deller@gmx.de \
--cc=dietmar.eggemann@arm.com \
--cc=ebiederm@xmission.com \
--cc=guoren@kernel.org \
--cc=hca@linux.ibm.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=jonas@southpole.se \
--cc=jpoimboe@redhat.com \
--cc=juri.lelli@redhat.com \
--cc=kaleshsingh@google.com \
--cc=keescook@chromium.org \
--cc=laijs@linux.alibaba.com \
--cc=legion@kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=me@tobin.cc \
--cc=metze@samba.org \
--cc=mgorman@suse.de \
--cc=mhocko@suse.com \
--cc=michael.weiss@aisec.fraunhofer.de \
--cc=mingo@redhat.com \
--cc=monstr@monstr.eu \
--cc=mpe@ellerman.id.au \
--cc=nickhu@andestech.com \
--cc=ohoono.kwon@samsung.com \
--cc=oliver.sang@intel.com \
--cc=paul.walmsley@sifive.com \
--cc=rostedt@goodmis.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tsbogend@alpha.franken.de \
--cc=tycho@tycho.pizza \
--cc=vcaputo@pengaru.com \
--cc=vgupta@kernel.org \
--cc=vincent.guittot@linaro.org \
--cc=will@kernel.org \
--cc=yifeifz2@illinois.edu \
--cc=ysato@users.sourceforge.jp \
--cc=zhengqi.arch@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).