Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit860aaab

Browse files
KAGA-KOKOsuryasaimadhu
authored andcommitted
x86/dumpstack: Do not try to access user space code of other tasks
sysrq-t ends up invoking show_opcodes() for each task which tries to accessthe user space code of other processes, which is obviously bogus.It either manages to dump where the foreign task's regs->ip points to in avalid mapping of the current task or triggers a pagefault and prints "Code:Bad RIP value.". Both is just wrong.Add a safeguard in copy_code() and check whether the@regs pointer matchescurrents pt_regs. If not, do not even try to access it.While at it, add commentary why using copy_from_user_nmi() is safe incopy_code() even if the function name suggests otherwise.Reported-by: Oleg Nesterov <oleg@redhat.com>Signed-off-by: Thomas Gleixner <tglx@linutronix.de>Signed-off-by: Borislav Petkov <bp@suse.de>Reviewed-by: Borislav Petkov <bp@suse.de>Acked-by: Oleg Nesterov <oleg@redhat.com>Tested-by: Borislav Petkov <bp@suse.de>Link:https://lkml.kernel.org/r/20201117202753.667274723@linutronix.de
1 parent1a371e6 commit860aaab

File tree

1 file changed

+19
-4
lines changed

1 file changed

+19
-4
lines changed

‎arch/x86/kernel/dumpstack.c‎

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -78,13 +78,22 @@ static int copy_code(struct pt_regs *regs, u8 *buf, unsigned long src,
7878
if (!user_mode(regs))
7979
returncopy_from_kernel_nofault(buf, (u8*)src,nbytes);
8080

81+
/* The user space code from other tasks cannot be accessed. */
82+
if (regs!=task_pt_regs(current))
83+
return-EPERM;
8184
/*
8285
* Make sure userspace isn't trying to trick us into dumping kernel
8386
* memory by pointing the userspace instruction pointer at it.
8487
*/
8588
if (__chk_range_not_ok(src,nbytes,TASK_SIZE_MAX))
8689
return-EINVAL;
8790

91+
/*
92+
* Even if named copy_from_user_nmi() this can be invoked from
93+
* other contexts and will not try to resolve a pagefault, which is
94+
* the correct thing to do here as this code can be called from any
95+
* context.
96+
*/
8897
returncopy_from_user_nmi(buf, (void__user*)src,nbytes);
8998
}
9099

@@ -115,13 +124,19 @@ void show_opcodes(struct pt_regs *regs, const char *loglvl)
115124
u8opcodes[OPCODE_BUFSIZE];
116125
unsigned longprologue=regs->ip-PROLOGUE_SIZE;
117126

118-
if (copy_code(regs,opcodes,prologue,sizeof(opcodes))) {
119-
printk("%sCode: Unable to access opcode bytes at RIP 0x%lx.\n",
120-
loglvl,prologue);
121-
}else {
127+
switch (copy_code(regs,opcodes,prologue,sizeof(opcodes))) {
128+
case0:
122129
printk("%sCode: %"__stringify(PROLOGUE_SIZE)"ph <%02x> %"
123130
__stringify(EPILOGUE_SIZE)"ph\n",loglvl,opcodes,
124131
opcodes[PROLOGUE_SIZE],opcodes+PROLOGUE_SIZE+1);
132+
break;
133+
case-EPERM:
134+
/* No access to the user space stack of other tasks. Ignore. */
135+
break;
136+
default:
137+
printk("%sCode: Unable to access opcode bytes at RIP 0x%lx.\n",
138+
loglvl,prologue);
139+
break;
125140
}
126141
}
127142

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp