From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753367AbcIUD6C (ORCPT ); Tue, 20 Sep 2016 23:58:02 -0400 Received: from szxga01-in.huawei.com ([58.251.152.64]:46100 "EHLO szxga01-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751635AbcIUD6A (ORCPT ); Tue, 20 Sep 2016 23:58:00 -0400 Subject: Re: [PATCH] perf record: Fix segfault when running with suid and kptr_restrict is 1 To: References: <1474429700-130812-1-git-send-email-wangnan0@huawei.com> CC: , , , Arnaldo Carvalho de Melo From: "Wangnan (F)" Message-ID: <57E204C1.6020409@huawei.com> Date: Wed, 21 Sep 2016 11:55:45 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: <1474429700-130812-1-git-send-email-wangnan0@huawei.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.111.66.109] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020203.57E204CE.0177,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 8728b52527245ea38b7965071a70daa1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2016/9/21 11:48, Wang Nan wrote: > Before this patch perf panic if kptr_restrict set to 1 and perf is owned > by root with suid set: > > $ whoami > wangnan > $ ls -l ./perf > -rwsr-xr-x 1 root root 19781908 Sep 21 19:29 /home/wangnan/perf > $ cat /proc/sys/kernel/kptr_restrict > 1 > $ cat /proc/sys/kernel/perf_event_paranoid > -1 > $ ./perf record -a > Segmentation fault (core dumped) > > The reason is perf assumes it is allowed to read kptr from /proc/kallsyms > when euid is root, but in fact kernel doesn't allow it reading kptr when > euid and uid are not match with each other: > > $ cp /bin/cat . > $ sudo chown root:root ./cat > $ sudo chmod u+s ./cat > $ cat /proc/kallsyms | grep do_fork > 0000000000000000 T _do_fork <--- kptr is hidden even euid is root > $ sudo cat /proc/kallsyms | grep do_fork > ffffffff81080230 T _do_fork > > See lib/vsprintf.c for kernel side code. > > This patch fixes this problem by checking both uid and euid. > > Signed-off-by: Wang Nan > Cc: Arnaldo Carvalho de Melo > --- > tools/perf/util/symbol.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/tools/perf/util/symbol.c b/tools/perf/util/symbol.c > index 19c9c55..9528702 100644 > --- a/tools/perf/util/symbol.c > +++ b/tools/perf/util/symbol.c > @@ -1946,8 +1946,9 @@ static bool symbol__read_kptr_restrict(void) > if (fp != NULL) { > char line[8]; > > + Sorry for this blank line. Will fix it. > if (fgets(line, sizeof(line), fp) != NULL) > - value = (geteuid() != 0) ? > + value = ((geteuid() != 0) || (getuid() != 0)) ? > (atoi(line) != 0) : > (atoi(line) == 2); >