* [PATCH 3.10-rc7] Fix: kernel/ptrace.c: ptrace_peek_siginfo() missing __put_user() validation
@ 2013-06-28 13:49 Mathieu Desnoyers
2013-06-28 14:52 ` Oleg Nesterov
2013-06-29 18:29 ` Linus Torvalds
0 siblings, 2 replies; 3+ messages in thread
From: Mathieu Desnoyers @ 2013-06-28 13:49 UTC (permalink / raw)
To: Andrey Vagin
Cc: Roland McGrath, Oleg Nesterov, Paul E. McKenney, David Howells,
Dave Jones, Pavel Emelyanov, Linus Torvalds, Pedro Alves,
Andrew Morton, linux-kernel
This __put_user() could be used by unprivileged processes to write into
kernel memory. The issue here is that even if copy_siginfo_to_user()
fails, the error code is not checked before __put_user() is executed.
Luckily, ptrace_peek_siginfo() has been added within the 3.10-rc cycle,
so it has not hit a stable release yet.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
CC: Andrey Vagin <avagin@openvz.org>
CC: Roland McGrath <roland@redhat.com>
CC: Oleg Nesterov <oleg@redhat.com>
CC: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
CC: David Howells <dhowells@redhat.com>
CC: Dave Jones <davej@redhat.com>
CC: Pavel Emelyanov <xemul@parallels.com>
CC: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Pedro Alves <palves@redhat.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linus Torvalds <torvalds@linux-foundation.org>
---
kernel/ptrace.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
Index: linux/kernel/ptrace.c
===================================================================
--- linux.orig/kernel/ptrace.c
+++ linux/kernel/ptrace.c
@@ -665,20 +665,22 @@ static int ptrace_peek_siginfo(struct ta
if (unlikely(is_compat_task())) {
compat_siginfo_t __user *uinfo = compat_ptr(data);
- ret = copy_siginfo_to_user32(uinfo, &info);
- ret |= __put_user(info.si_code, &uinfo->si_code);
+ if (copy_siginfo_to_user32(uinfo, &info) ||
+ __put_user(info.si_code, &uinfo->si_code)) {
+ ret = -EFAULT;
+ break;
+ }
+
} else
#endif
{
siginfo_t __user *uinfo = (siginfo_t __user *) data;
- ret = copy_siginfo_to_user(uinfo, &info);
- ret |= __put_user(info.si_code, &uinfo->si_code);
- }
-
- if (ret) {
- ret = -EFAULT;
- break;
+ if (copy_siginfo_to_user(uinfo, &info) ||
+ __put_user(info.si_code, &uinfo->si_code)) {
+ ret = -EFAULT;
+ break;
+ }
}
data += sizeof(siginfo_t);
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 3.10-rc7] Fix: kernel/ptrace.c: ptrace_peek_siginfo() missing __put_user() validation
2013-06-28 13:49 [PATCH 3.10-rc7] Fix: kernel/ptrace.c: ptrace_peek_siginfo() missing __put_user() validation Mathieu Desnoyers
@ 2013-06-28 14:52 ` Oleg Nesterov
2013-06-29 18:29 ` Linus Torvalds
1 sibling, 0 replies; 3+ messages in thread
From: Oleg Nesterov @ 2013-06-28 14:52 UTC (permalink / raw)
To: Mathieu Desnoyers
Cc: Andrey Vagin, Roland McGrath, Paul E. McKenney, David Howells,
Dave Jones, Pavel Emelyanov, Linus Torvalds, Pedro Alves,
Andrew Morton, linux-kernel
On 06/28, Mathieu Desnoyers wrote:
>
> This __put_user() could be used by unprivileged processes to write into
> kernel memory. The issue here is that even if copy_siginfo_to_user()
> fails, the error code is not checked before __put_user() is executed.
> Luckily, ptrace_peek_siginfo() has been added within the 3.10-rc cycle,
> so it has not hit a stable release yet.
Agreed, this looks like 3.10 material.
Acked-by: Oleg Nesterov <oleg@redhat.com>
> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
> CC: Andrey Vagin <avagin@openvz.org>
> CC: Roland McGrath <roland@redhat.com>
> CC: Oleg Nesterov <oleg@redhat.com>
> CC: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
> CC: David Howells <dhowells@redhat.com>
> CC: Dave Jones <davej@redhat.com>
> CC: Pavel Emelyanov <xemul@parallels.com>
> CC: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Pedro Alves <palves@redhat.com>
> CC: Andrew Morton <akpm@linux-foundation.org>
> CC: Linus Torvalds <torvalds@linux-foundation.org>
> ---
> kernel/ptrace.c | 20 +++++++++++---------
> 1 file changed, 11 insertions(+), 9 deletions(-)
>
> Index: linux/kernel/ptrace.c
> ===================================================================
> --- linux.orig/kernel/ptrace.c
> +++ linux/kernel/ptrace.c
> @@ -665,20 +665,22 @@ static int ptrace_peek_siginfo(struct ta
> if (unlikely(is_compat_task())) {
> compat_siginfo_t __user *uinfo = compat_ptr(data);
>
> - ret = copy_siginfo_to_user32(uinfo, &info);
> - ret |= __put_user(info.si_code, &uinfo->si_code);
> + if (copy_siginfo_to_user32(uinfo, &info) ||
> + __put_user(info.si_code, &uinfo->si_code)) {
> + ret = -EFAULT;
> + break;
> + }
> +
> } else
> #endif
> {
> siginfo_t __user *uinfo = (siginfo_t __user *) data;
>
> - ret = copy_siginfo_to_user(uinfo, &info);
> - ret |= __put_user(info.si_code, &uinfo->si_code);
> - }
> -
> - if (ret) {
> - ret = -EFAULT;
> - break;
> + if (copy_siginfo_to_user(uinfo, &info) ||
> + __put_user(info.si_code, &uinfo->si_code)) {
> + ret = -EFAULT;
> + break;
> + }
> }
>
> data += sizeof(siginfo_t);
>
> --
> Mathieu Desnoyers
> EfficiOS Inc.
> http://www.efficios.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 3.10-rc7] Fix: kernel/ptrace.c: ptrace_peek_siginfo() missing __put_user() validation
2013-06-28 13:49 [PATCH 3.10-rc7] Fix: kernel/ptrace.c: ptrace_peek_siginfo() missing __put_user() validation Mathieu Desnoyers
2013-06-28 14:52 ` Oleg Nesterov
@ 2013-06-29 18:29 ` Linus Torvalds
1 sibling, 0 replies; 3+ messages in thread
From: Linus Torvalds @ 2013-06-29 18:29 UTC (permalink / raw)
To: Mathieu Desnoyers
Cc: Andrey Vagin, Roland McGrath, Oleg Nesterov, Paul E. McKenney,
David Howells, Dave Jones, Pavel Emelyanov, Pedro Alves,
Andrew Morton, Linux Kernel Mailing List
On Fri, Jun 28, 2013 at 6:49 AM, Mathieu Desnoyers
<mathieu.desnoyers@efficios.com> wrote:
> This __put_user() could be used by unprivileged processes to write into
> kernel memory. The issue here is that even if copy_siginfo_to_user()
> fails, the error code is not checked before __put_user() is executed.
> Luckily, ptrace_peek_siginfo() has been added within the 3.10-rc cycle,
> so it has not hit a stable release yet.
Why do those stupid
__put_user(info.si_code, &uinfo->si_code))
things exist at all?
As far as I can tell, copy_siginfo_to_user[32]() already copies
si_code. Is the field really so important that it has to be copied
twice, just to make sure the write makes it?
Ok, ok, I see the explanation in the commit message that introduced
this, but it sure as hell isn't obvious from actually looking at the
code. I'm applying the patch, but I think this should have been a
comment in the code as well.
Linus
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-06-29 18:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-06-28 13:49 [PATCH 3.10-rc7] Fix: kernel/ptrace.c: ptrace_peek_siginfo() missing __put_user() validation Mathieu Desnoyers
2013-06-28 14:52 ` Oleg Nesterov
2013-06-29 18:29 ` Linus Torvalds
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).