From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from thejh.net ([37.221.195.125]:44690 "EHLO thejh.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751831AbcHBVtA (ORCPT ); Tue, 2 Aug 2016 17:49:00 -0400 Date: Tue, 2 Aug 2016 23:40:48 +0200 From: Jann Horn To: Joe Korty Cc: stable@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] fix mm_access bug in pagemap_read Message-ID: <20160802214048.GA9770@pc.thejh.net> References: <20160802192653.GA2953@zipoli.ccur.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline In-Reply-To: <20160802192653.GA2953@zipoli.ccur.com> Sender: stable-owner@vger.kernel.org List-ID: --fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 02, 2016 at 03:26:53PM -0400, Joe Korty wrote: > Hi Jann, > The following linux-4.1.y git commit, y > 17, >=20 > Commit caaee6234d05a58c5b4d05e7bf766131b810a657 > Author: Jann Horn > Date: Wed Jan 20 15:00:04 2016 -0800 >=20 > ptrace: use fsuid, fsgid, effective creds for fs access checks >=20 > broke linux-4.1.y with the following oops, repeated forever. > [ 81.122531] ------------[ cut here ]------------ > [ 81.127161] WARNING: CPU: 6 PID: 5553 at kernel/ptrace.c:248 __ptra= ce_may_access+0x18a/0x1a0() > [ 81.135780] denying ptrace access check without PTRACE_MODE_*CREDS (Nit: That's just a warning, not an oops - it blocks access, but doesn't kill the calling process. But still not good, of course.) > The problem is that the above git commit missed one mm_access call > that needed converting. In this patch, we convert PTRACE_MODE_READ > to PTRACE_MODE_READ_FSCREDS as that seems more correct for pagemap_read > than PTRACE_MODE_READ_REALCREDS. Yup, PTRACE_MODE_READ_FSCREDS is appropriate here. > There may be stable releases other than linux-4.1.y that need this fix. >=20 > Signed-off-by: Joe Korty >=20 > Index: b/fs/proc/task_mmu.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- a/fs/proc/task_mmu.c > +++ b/fs/proc/task_mmu.c > @@ -1257,7 +1257,7 @@ static ssize_t pagemap_read(struct file=20 > if (!pm.buffer) > goto out_task; > =20 > - mm =3D mm_access(task, PTRACE_MODE_READ); > + mm =3D mm_access(task, PTRACE_MODE_READ_FSCREDS); > ret =3D PTR_ERR(mm); > if (!mm || IS_ERR(mm)) > goto out_free; --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXoRNgAAoJED4KNFJOeCOotoUQALrW67nJTrWfopms5twg6hXw N6aI3Kc/0VuDIKaj++AghjY30M6b4rMJKx/otF24jHi6RdRJqRELNA+pNXmHqiuo MFRw5lGm5Vbfcnb2DfgCjv+pzZxQvdfe8LVfTJK55sQOKEKp8tY9w+ehqEXoCqID K7ml1lG3DOPQCHL69nn6/nDHQm3F6YkikB+ZiTjXg9I0pkI1H+ZWXMN6Dd2sCniK cK2rRpk/CMzaB74+/HZnsO++o8gNOsnD+Oa9iZfZ3hJJzgiXvCEdFtL1b7DQ6imo kv+KomCo/b+322CY8Qe/RGkmJqwj24MHYbwzmPJ9+TohDh0frxTJJgGXDKSJnF3c WoMtVA1OcM9khH6agzDvnnIUkFY2A6IXEU4k34BUTg71c8pw2hw+JnQ4AFRNMyqD yBO1dInkUMwdHG25fAJtMI5QZWj21l17iISjivNYsh2ndqqJVxli+2+Uc58/1je+ UtGGWWzkc73lSud2YAp4E3/NIACL765RoGVbSezsBIabBn/eCrxCM5wQidWxEyrf GVXWHqdSFoqlBtiQKLOeacoPJbkiGq2WsLaIy5PwdpphXiewbye5c0Jw9Nw9ETyh ashJqXgmH8389xG9A3FkHux0o4Kx7D7DkZuMSpnxVTKpJHg0bJUJyp2/X0gH74K7 QCUHnjuU6tDQQhAKh7f1 =Ww2o -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7--