From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Kees Cook <keescook@chromium.org>
Subject: [PATCH 5.4 087/109] kallsyms: Refactor kallsyms_show_value() to take cred
Date: Tue, 14 Jul 2020 20:44:30 +0200 [thread overview]
Message-ID: <20200714184109.715957926@linuxfoundation.org> (raw)
In-Reply-To: <20200714184105.507384017@linuxfoundation.org>
From: Kees Cook <keescook@chromium.org>
commit 160251842cd35a75edfb0a1d76afa3eb674ff40a upstream.
In order to perform future tests against the cred saved during open(),
switch kallsyms_show_value() to operate on a cred, and have all current
callers pass current_cred(). This makes it very obvious where callers
are checking the wrong credential in their "read" contexts. These will
be fixed in the coming patches.
Additionally switch return value to bool, since it is always used as a
direct permission check, not a 0-on-success, negative-on-error style
function return.
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/filter.h | 2 +-
include/linux/kallsyms.h | 5 +++--
kernel/kallsyms.c | 17 +++++++++++------
kernel/kprobes.c | 4 ++--
kernel/module.c | 2 +-
5 files changed, 18 insertions(+), 12 deletions(-)
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -858,7 +858,7 @@ static inline bool bpf_dump_raw_ok(void)
/* Reconstruction of call-sites is dependent on kallsyms,
* thus make dump the same restriction.
*/
- return kallsyms_show_value() == 1;
+ return kallsyms_show_value(current_cred());
}
struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
--- a/include/linux/kallsyms.h
+++ b/include/linux/kallsyms.h
@@ -18,6 +18,7 @@
#define KSYM_SYMBOL_LEN (sizeof("%s+%#lx/%#lx [%s]") + (KSYM_NAME_LEN - 1) + \
2*(BITS_PER_LONG*3/10) + (MODULE_NAME_LEN - 1) + 1)
+struct cred;
struct module;
static inline int is_kernel_inittext(unsigned long addr)
@@ -98,7 +99,7 @@ int lookup_symbol_name(unsigned long add
int lookup_symbol_attrs(unsigned long addr, unsigned long *size, unsigned long *offset, char *modname, char *name);
/* How and when do we show kallsyms values? */
-extern int kallsyms_show_value(void);
+extern bool kallsyms_show_value(const struct cred *cred);
#else /* !CONFIG_KALLSYMS */
@@ -158,7 +159,7 @@ static inline int lookup_symbol_attrs(un
return -ERANGE;
}
-static inline int kallsyms_show_value(void)
+static inline bool kallsyms_show_value(const struct cred *cred)
{
return false;
}
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -645,19 +645,20 @@ static inline int kallsyms_for_perf(void
* Otherwise, require CAP_SYSLOG (assuming kptr_restrict isn't set to
* block even that).
*/
-int kallsyms_show_value(void)
+bool kallsyms_show_value(const struct cred *cred)
{
switch (kptr_restrict) {
case 0:
if (kallsyms_for_perf())
- return 1;
+ return true;
/* fallthrough */
case 1:
- if (has_capability_noaudit(current, CAP_SYSLOG))
- return 1;
+ if (security_capable(cred, &init_user_ns, CAP_SYSLOG,
+ CAP_OPT_NOAUDIT) == 0)
+ return true;
/* fallthrough */
default:
- return 0;
+ return false;
}
}
@@ -674,7 +675,11 @@ static int kallsyms_open(struct inode *i
return -ENOMEM;
reset_iter(iter, 0);
- iter->show_value = kallsyms_show_value();
+ /*
+ * Instead of checking this on every s_show() call, cache
+ * the result here at open time.
+ */
+ iter->show_value = kallsyms_show_value(file->f_cred);
return 0;
}
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -2362,7 +2362,7 @@ static void report_probe(struct seq_file
else
kprobe_type = "k";
- if (!kallsyms_show_value())
+ if (!kallsyms_show_value(current_cred()))
addr = NULL;
if (sym)
@@ -2463,7 +2463,7 @@ static int kprobe_blacklist_seq_show(str
* If /proc/kallsyms is not showing kernel address, we won't
* show them here either.
*/
- if (!kallsyms_show_value())
+ if (!kallsyms_show_value(current_cred()))
seq_printf(m, "0x%px-0x%px\t%ps\n", NULL, NULL,
(void *)ent->start_addr);
else
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -4391,7 +4391,7 @@ static int modules_open(struct inode *in
if (!err) {
struct seq_file *m = file->private_data;
- m->private = kallsyms_show_value() ? NULL : (void *)8ul;
+ m->private = kallsyms_show_value(current_cred()) ? NULL : (void *)8ul;
}
return err;
next prev parent reply other threads:[~2020-07-14 18:52 UTC|newest]
Thread overview: 122+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-14 18:42 [PATCH 5.4 000/109] 5.4.52-rc1 review Greg Kroah-Hartman
2020-07-14 18:42 ` [PATCH 5.4 001/109] KVM: s390: reduce number of IO pins to 1 Greg Kroah-Hartman
2020-07-14 18:43 ` Greg Kroah-Hartman
2020-07-14 18:42 ` [PATCH 5.4 002/109] spi: spi-fsl-dspi: Adding shutdown hook Greg Kroah-Hartman
2020-07-14 18:43 ` Greg Kroah-Hartman
2020-07-14 18:42 ` [PATCH 5.4 003/109] spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer Greg Kroah-Hartman
2020-07-14 18:43 ` Greg Kroah-Hartman
2020-07-14 18:42 ` [PATCH 5.4 004/109] regmap: fix alignment issue Greg Kroah-Hartman
2020-07-14 18:43 ` Greg Kroah-Hartman
2020-07-14 18:42 ` [PATCH 5.4 005/109] perf/x86/rapl: Move RAPL support to common x86 code Greg Kroah-Hartman
2020-07-14 18:43 ` Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 000/109] 5.4.52-rc1 review Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 006/109] perf/x86/rapl: Fix RAPL config variable bug Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 007/109] ARM: dts: omap4-droid4: Fix spi configuration and increase rate Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 008/109] drm/ttm: Fix dma_fence refcnt leak when adding move fence Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 009/109] drm/tegra: hub: Do not enable orphaned window group Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 010/109] gpu: host1x: Detach driver on unregister Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 011/109] drm: mcde: Fix display initialization problem Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 012/109] ASoC: SOF: Intel: add PCI ID for CometLake-S Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 013/109] ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 014/109] spi: spidev: fix a race between spidev_release and spidev_remove Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 015/109] spi: spidev: fix a potential use-after-free in spidev_release() Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 016/109] net: ethernet: mvneta: Fix Serdes configuration for SoCs without comphy Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 017/109] net: ethernet: mvneta: Add 2500BaseX support " Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 018/109] ixgbe: protect ring accesses with READ- and WRITE_ONCE Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 019/109] i40e: " Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 020/109] ibmvnic: continue to init in CRQ reset returns H_CLOSED Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 021/109] powerpc/kvm/book3s64: Fix kernel crash with nested kvm & DEBUG_VIRTUAL Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 022/109] iommu/vt-d: Dont apply gfx quirks to untrusted devices Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 023/109] drm: panel-orientation-quirks: Add quirk for Asus T101HA panel Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 024/109] drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 025/109] s390/kasan: fix early pgm check handler execution Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 026/109] drm/sun4i: mixer: Call of_dma_configure if theres an IOMMU Greg Kroah-Hartman
2020-07-15 2:22 ` Chen-Yu Tsai
2020-07-15 9:24 ` Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 027/109] cifs: update ctime and mtime during truncate Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 028/109] ARM: imx6: add missing put_device() call in imx6q_suspend_init() Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 029/109] scsi: mptscsih: Fix read sense data size Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 030/109] usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 031/109] block: release bip in a right way in error path Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 032/109] nvme-rdma: assign completion vector correctly Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 033/109] x86/entry: Increase entry_stack size to a full page Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 034/109] sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 035/109] net: qrtr: Fix an out of bounds read qrtr_endpoint_post() Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 036/109] gpio: pca953x: Override IRQ for one of the expanders on Galileo Gen 2 Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 037/109] gpio: pca953x: Fix GPIO resource leak on Intel " Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 038/109] nl80211: dont return err unconditionally in nl80211_start_ap() Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 039/109] drm/mediatek: Check plane visibility in atomic_update Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 040/109] bpf, sockmap: RCU splat with redirect and strparser error or TLS Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 041/109] bpf, sockmap: RCU dereferenced psock may be used outside RCU block Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 042/109] netfilter: ipset: call ip_set_free() instead of kfree() Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 043/109] net: mvneta: fix use of state->speed Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 044/109] net: cxgb4: fix return error value in t4_prep_fw Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 045/109] IB/sa: Resolv use-after-free in ib_nl_make_request() Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 046/109] net: dsa: microchip: set the correct number of ports Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 047/109] netfilter: conntrack: refetch conntrack after nf_conntrack_update() Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 048/109] perf report TUI: Fix segmentation fault in perf_evsel__hists_browse() Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 049/109] perf intel-pt: Fix recording PEBS-via-PT with registers Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 050/109] perf intel-pt: Fix PEBS sample for XMM registers Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 051/109] smsc95xx: check return value of smsc95xx_reset Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 052/109] smsc95xx: avoid memory leak in smsc95xx_bind Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 053/109] net: hns3: add a missing uninit debugfs when unload driver Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 054/109] net: hns3: fix use-after-free when doing self test Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 055/109] ALSA: compress: fix partial_drain completion state Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 5.4 056/109] RDMA/siw: Fix reporting vendor_part_id Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 057/109] arm64: kgdb: Fix single-step exception handling oops Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 058/109] nbd: Fix memory leak in nbd_add_socket Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 059/109] cxgb4: fix all-mask IP address comparison Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 060/109] IB/mlx5: Fix 50G per lane indication Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 061/109] qed: Populate nvm-file attributes while reading nvm config partition Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 062/109] net/mlx5: Fix eeprom support for SFP module Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 063/109] net/mlx5e: Fix 50G per lane indication Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 064/109] bnxt_en: fix NULL dereference in case SR-IOV configuration fails Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 065/109] net: macb: fix wakeup test in runtime suspend/resume routines Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 066/109] net: macb: mark device wake capable when "magic-packet" property present Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 067/109] net: macb: fix call to pm_runtime in the suspend/resume functions Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 068/109] mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 069/109] mlxsw: pci: Fix use-after-free in case of failed devlink reload Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 070/109] IB/hfi1: Do not destroy hfi1_wq when the device is shut down Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 071/109] IB/hfi1: Do not destroy link_wq " Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 072/109] ALSA: opl3: fix infoleak in opl3 Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 073/109] ALSA: hda - let hs_mic be picked ahead of hp_mic Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 074/109] ALSA: usb-audio: add quirk for MacroSilicon MS2109 Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 075/109] ALSA: usb-audio: Add implicit feedback quirk for RTX6001 Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 076/109] ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 077/109] ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 078/109] ALSA: hda/realtek: Enable headset mic of Acer C20-820 " Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 079/109] ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G " Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 080/109] KVM: arm64: Fix definition of PAGE_HYP_DEVICE Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 081/109] KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 082/109] KVM: arm64: Annotate hyp NMI-related functions as __always_inline Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 083/109] KVM: x86: bit 8 of non-leaf PDPEs is not reserved Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 084/109] KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 085/109] KVM: x86: Mark CR4.TSD as being possibly owned by the guest Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 086/109] KVM: arm64: Fix kvm_reset_vcpu() return code being incorrect with SVE Greg Kroah-Hartman
2020-07-14 18:44 ` Greg Kroah-Hartman [this message]
2020-07-14 18:44 ` [PATCH 5.4 088/109] module: Refactor section attr into bin attribute Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 089/109] module: Do not expose section addresses to non-CAP_SYSLOG Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 090/109] kprobes: Do not expose probe " Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 091/109] bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 092/109] Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb" Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 093/109] btrfs: fix fatal extent_buffer readahead vs releasepage race Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 094/109] btrfs: fix double put of block group with nocow Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 095/109] drm/radeon: fix double free Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 096/109] drm/amdgpu: dont do soft recovery if gpu_recovery=0 Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 097/109] dm: use noio when sending kobject event Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 098/109] mmc: meson-gx: limit segments to 1 when dram-access-quirk is needed Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 099/109] ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 100/109] ARC: elf: use right ELF_ARCH Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 101/109] s390/setup: init jump labels before command line parsing Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 102/109] s390/mm: fix huge pte soft dirty copying Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 103/109] blk-mq: consider non-idle request as "inflight" in blk_mq_rq_inflight() Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 104/109] dm writecache: reject asynchronous pmem devices Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 105/109] perf scripts python: export-to-postgresql.py: Fix struct.pack() int argument Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 106/109] perf scripts python: exported-sql-viewer.py: Fix zero id in call graph Find result Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 107/109] perf scripts python: exported-sql-viewer.py: Fix zero id in call tree " Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 108/109] perf scripts python: exported-sql-viewer.py: Fix unexpanded " Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 5.4 109/109] pwm: jz4740: Fix build failure Greg Kroah-Hartman
2020-07-15 6:21 ` [PATCH 5.4 000/109] 5.4.52-rc1 review Naresh Kamboju
2020-07-15 10:50 ` Jon Hunter
2020-07-15 15:18 ` Shuah Khan
2020-07-15 16:43 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200714184109.715957926@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).