fs/proc/kcore.c: Add bounce buffer for ktext data We hit hardened usercopy feature check for kernel text access by reading kcore file: usercopy: kernel memory exposure attempt detected from ffffffff8179a01f (<kernel text>) (4065 bytes) kernel BUG at mm/usercopy.c:75! Bypassing this check for kcore by adding bounce buffer for ktext data. Reported-by: Steve Best <sbest@redhat.com> Fixes: f5509cc18daa ("mm: Hardened usercopy") Suggested-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jiri Olsa <jolsa@kernel.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: df04abfd181acc276ba6762c8206891ae10ae00d [log] [tgz]
author: Jiri Olsa <jolsa@kernel.org> Thu Sep 08 09:57:08 2016 +0200
committer: Linus Torvalds <torvalds@linux-foundation.org> Tue Sep 20 13:32:49 2016 -0700
tree: 03afe92ae5ef3e51035ab871e0b29742d11eb0d1
parent: f5beeb1851ea6f8cfcf2657f26cb24c0582b4945 [diff]
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index bd3ac9d..5c89a07 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c

@@ -509,7 +509,12 @@
 			if (kern_addr_valid(start)) {
 				unsigned long n;
 
-				n = copy_to_user(buffer, (char *)start, tsz);
+				/*
+				 * Using bounce buffer to bypass the
+				 * hardened user copy kernel text checks.
+				 */
+				memcpy(buf, (char *) start, tsz);
+				n = copy_to_user(buffer, buf, tsz);
 				/*
 				 * We cannot distinguish between fault on source
 				 * and fault on destination. When this happens
commit	df04abfd181acc276ba6762c8206891ae10ae00d	[log] [tgz]
author	Jiri Olsa <jolsa@kernel.org>	Thu Sep 08 09:57:08 2016 +0200
committer	Linus Torvalds <torvalds@linux-foundation.org>	Tue Sep 20 13:32:49 2016 -0700
tree	03afe92ae5ef3e51035ab871e0b29742d11eb0d1
parent	f5beeb1851ea6f8cfcf2657f26cb24c0582b4945 [diff]