releases/5.4.52/module-do-not-expose-section-addresses-to-non-cap_syslog.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From b25a7c5af9051850d4f3d93ca500056ab6ec724b Mon Sep 17 00:00:00 2001
 From: Kees Cook <keescook@chromium.org>
 Date: Thu, 2 Jul 2020 14:43:59 -0700
 Subject: module: Do not expose section addresses to non-CAP_SYSLOG

 From: Kees Cook <keescook@chromium.org>

 commit b25a7c5af9051850d4f3d93ca500056ab6ec724b upstream.

 The printing of section addresses in /sys/module/*/sections/* was not
 using the correct credentials to evaluate visibility.

 Before:

  # cat /sys/module/*/sections/.*text
  0xffffffffc0458000
  ...
  # capsh --drop=CAP_SYSLOG -- -c "cat /sys/module/*/sections/.*text"
  0xffffffffc0458000
  ...

 After:

  # cat /sys/module/*/sections/*.text
  0xffffffffc0458000
  ...
  # capsh --drop=CAP_SYSLOG -- -c "cat /sys/module/*/sections/.*text"
  0x0000000000000000
  ...

 Additionally replaces the existing (safe) /proc/modules check with
 file->f_cred for consistency.

 Reported-by: Dominik Czarnota <dominik.czarnota@trailofbits.com>
 Fixes: be71eda5383f ("module: Fix display of wrong module .text address")
 Cc: stable@vger.kernel.org
 Tested-by: Jessica Yu <jeyu@kernel.org>
 Acked-by: Jessica Yu <jeyu@kernel.org>
 Signed-off-by: Kees Cook <keescook@chromium.org>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  kernel/module.c |    6 +++---
  1 file changed, 3 insertions(+), 3 deletions(-)

 --- a/kernel/module.c
 +++ b/kernel/module.c
 @@ -1527,8 +1527,8 @@ static ssize_t module_sect_read(struct f
  	if (pos != 0)
  		return -EINVAL;

 -	return sprintf(buf, "0x%px\n", kptr_restrict < 2 ?
 -		       (void *)sattr->address : NULL);
 +	return sprintf(buf, "0x%px\n",
 +		       kallsyms_show_value(file->f_cred) ? (void *)sattr->address : NULL);
  }

  static void free_sect_attrs(struct module_sect_attrs *sect_attrs)
 @@ -4394,7 +4394,7 @@ static int modules_open(struct inode *in

  	if (!err) {
  		struct seq_file *m = file->private_data;
 -		m->private = kallsyms_show_value(current_cred()) ? NULL : (void *)8ul;
 +		m->private = kallsyms_show_value(file->f_cred) ? NULL : (void *)8ul;
  	}

  	return err;
	From b25a7c5af9051850d4f3d93ca500056ab6ec724b Mon Sep 17 00:00:00 2001
	From: Kees Cook <keescook@chromium.org>
	Date: Thu, 2 Jul 2020 14:43:59 -0700
	Subject: module: Do not expose section addresses to non-CAP_SYSLOG

	From: Kees Cook <keescook@chromium.org>

	commit b25a7c5af9051850d4f3d93ca500056ab6ec724b upstream.

	The printing of section addresses in /sys/module//sections/ was not
	using the correct credentials to evaluate visibility.

	Before:

	# cat /sys/module//sections/.text
	0xffffffffc0458000
	...
	# capsh --drop=CAP_SYSLOG -- -c "cat /sys/module//sections/.text"
	0xffffffffc0458000
	...

	After:

	# cat /sys/module//sections/.text
	0xffffffffc0458000
	...
	# capsh --drop=CAP_SYSLOG -- -c "cat /sys/module//sections/.text"
	0x0000000000000000
	...

	Additionally replaces the existing (safe) /proc/modules check with
	file->f_cred for consistency.

	Reported-by: Dominik Czarnota <dominik.czarnota@trailofbits.com>
	Fixes: be71eda5383f ("module: Fix display of wrong module .text address")
	Cc: stable@vger.kernel.org
	Tested-by: Jessica Yu <jeyu@kernel.org>
	Acked-by: Jessica Yu <jeyu@kernel.org>
	Signed-off-by: Kees Cook <keescook@chromium.org>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	kernel/module.c \| 6 +++---
	1 file changed, 3 insertions(+), 3 deletions(-)

	--- a/kernel/module.c
	+++ b/kernel/module.c
	@@ -1527,8 +1527,8 @@ static ssize_t module_sect_read(struct f
	if (pos != 0)
	return -EINVAL;

	- return sprintf(buf, "0x%px\n", kptr_restrict < 2 ?
	- (void *)sattr->address : NULL);
	+ return sprintf(buf, "0x%px\n",
	+ kallsyms_show_value(file->f_cred) ? (void *)sattr->address : NULL);
	}

	static void free_sect_attrs(struct module_sect_attrs *sect_attrs)
	@@ -4394,7 +4394,7 @@ static int modules_open(struct inode *in

	if (!err) {
	struct seq_file *m = file->private_data;
	- m->private = kallsyms_show_value(current_cred()) ? NULL : (void *)8ul;
	+ m->private = kallsyms_show_value(file->f_cred) ? NULL : (void *)8ul;
	}

	return err;