From: kenny.keslar@oracle.com
To: sasha.levin@oracle.com
Cc: Kenny Keslar <kenny.keslar@oracle.com>, stable@vger.kernel.org
Subject: [PATCH 4.1] fs/proc/task_mmu.c: fix mm_access() mode parameter in pagemap_read()
Date: Mon, 27 Jun 2016 18:46:09 -0500 [thread overview]
Message-ID: <1467071169-26351-1-git-send-email-kenny.keslar@oracle.com> (raw)
From: Kenny Keslar <kenny.keslar@oracle.com>
Backport of caaee6234d05a58c5b4d05e7bf766131b810a657 ("ptrace: use fsuid,
fsgid, effective creds for fs access checks") failed to update the mode
parameter in the mm_access() call in pagemap_read() to have one of the
new PTRACE_MODE_*CREDS flags.
Attempting to read any other process' pagemap results in a WARN()
WARNING: CPU: 0 PID: 883 at kernel/ptrace.c:229 __ptrace_may_access+0x14a/0x160()
denying ptrace access check without PTRACE_MODE_*CREDS
Modules linked in: loop sg e1000 i2c_piix4 ppdev virtio_balloon virtio_pci parport_pc i2c_core virtio_ring ata_generic serio_raw pata_acpi virtio parport pcspkr floppy acpi_cpufreq ip_tables ext3 mbcache jbd sd_mod ata_piix crc32c_intel libata
CPU: 0 PID: 883 Comm: cat Tainted: G W 4.1.12-51.el7uek.x86_64 #2
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
0000000000000286 00000000619f225a ffff88003b6fbc18 ffffffff81717021
ffff88003b6fbc70 ffffffff819be870 ffff88003b6fbc58 ffffffff8108477a
000000003b6fbc58 0000000000000001 ffff88003d287000 0000000000000001
Call Trace:
[<ffffffff81717021>] dump_stack+0x63/0x81
[<ffffffff8108477a>] warn_slowpath_common+0x8a/0xc0
[<ffffffff81084805>] warn_slowpath_fmt+0x55/0x70
[<ffffffff8108e57a>] __ptrace_may_access+0x14a/0x160
[<ffffffff8108f372>] ptrace_may_access+0x32/0x50
[<ffffffff81081bad>] mm_access+0x6d/0xb0
[<ffffffff81278c81>] pagemap_read+0xe1/0x360
[<ffffffff811a046b>] ? lru_cache_add_active_or_unevictable+0x2b/0xa0
[<ffffffff8120d2e7>] __vfs_read+0x37/0x100
[<ffffffff812b9ab4>] ? security_file_permission+0x84/0xa0
[<ffffffff8120d8b6>] ? rw_verify_area+0x56/0xe0
[<ffffffff8120d9c6>] vfs_read+0x86/0x140
[<ffffffff8120e945>] SyS_read+0x55/0xd0
[<ffffffff8171eb6e>] system_call_fastpath+0x12/0x71
Fixes: ab88ce5feca4 (ptrace: use fsuid, fsgid, effective creds for fs access checks)
Signed-off-by: Kenny Keslar <kenny.keslar@oracle.com>
Cc: stable@vger.kernel.org
Cc: sasha.levin@oracle.com
---
fs/proc/task_mmu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 6dee68d013ff..32287fb146db 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -1257,7 +1257,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
if (!pm.buffer)
goto out_task;
- mm = mm_access(task, PTRACE_MODE_READ);
+ mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
ret = PTR_ERR(mm);
if (!mm || IS_ERR(mm))
goto out_free;
--
2.5.0
reply other threads:[~2016-06-27 23:46 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1467071169-26351-1-git-send-email-kenny.keslar@oracle.com \
--to=kenny.keslar@oracle.com \
--cc=sasha.levin@oracle.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).