* [PATCH v2 1/6] Revert "proc/wchan: use printk format instead of lookup_symbol_name()"
[not found] <20210929220218.691419-1-keescook@chromium.org>
@ 2021-09-29 22:02 ` Kees Cook
0 siblings, 0 replies; only message in thread
From: Kees Cook @ 2021-09-29 22:02 UTC (permalink / raw)
To: Peter Zijlstra
Cc: Kees Cook, kernel test robot, Vito Caputo, Jann Horn, stable,
Ingo Molnar, Juri Lelli, Vincent Guittot, Dietmar Eggemann,
Steven Rostedt, Ben Segall, Mel Gorman,
Daniel Bristot de Oliveira, Andrew Morton, Christian Brauner,
Anand K Mistry, Kenta.Tada, Alexey Gladkov, Michael Weiß,
Michal Hocko, Helge Deller, Qi Zheng, Tobin C. Harding,
Tycho Andersen, Thomas Gleixner, Borislav Petkov, H. Peter Anvin,
Mark Rutland, Jens Axboe, Stefan Metzmacher, Lai Jiangshan,
Andy Lutomirski, Dave Hansen, Eric W. Biederman, Ohhoon Kwon,
Kalesh Singh, YiFei Zhu, Josh Poimboeuf, linux-kernel,
linux-fsdevel, linux-hardening, x86
This reverts commit 152c432b128cb043fc107e8f211195fe94b2159c.
When a kernel address couldn't be symbolized for /proc/$pid/wchan, it
would leak the raw value, a potential information exposure. This is a
regression compared to the safer pre-v5.12 behavior.
Reported-by: kernel test robot <oliver.sang@intel.com>
Link: https://lore.kernel.org/all/20210103142726.GC30643@xsang-OptiPlex-9020/
Reported-by: Vito Caputo <vcaputo@pengaru.com>
Link: https://lore.kernel.org/lkml/20210921193249.el476vlhg5k6lfcq@shells.gnugeneration.com/
Reported-by: Jann Horn <jannh@google.com>
Link: https://lore.kernel.org/lkml/CAG48ez2zC=+PuNgezH53HBPZ8CXU5H=vkWx7nJs60G8RXt3w0Q@mail.gmail.com/
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
---
fs/proc/base.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 533d5836eb9a..1f394095eb88 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -67,6 +67,7 @@
#include <linux/mm.h>
#include <linux/swap.h>
#include <linux/rcupdate.h>
+#include <linux/kallsyms.h>
#include <linux/stacktrace.h>
#include <linux/resource.h>
#include <linux/module.h>
@@ -386,17 +387,19 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task)
{
unsigned long wchan;
+ char symname[KSYM_NAME_LEN];
- if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
- wchan = get_wchan(task);
- else
- wchan = 0;
+ if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
+ goto print0;
- if (wchan)
- seq_printf(m, "%ps", (void *) wchan);
- else
- seq_putc(m, '0');
+ wchan = get_wchan(task);
+ if (wchan && !lookup_symbol_name(wchan, symname)) {
+ seq_puts(m, symname);
+ return 0;
+ }
+print0:
+ seq_putc(m, '0');
return 0;
}
#endif /* CONFIG_KALLSYMS */
--
2.30.2
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-29 22:02 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20210929220218.691419-1-keescook@chromium.org>
2021-09-29 22:02 ` [PATCH v2 1/6] Revert "proc/wchan: use printk format instead of lookup_symbol_name()" Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).