| From foo@baz Sun May 27 17:33:38 CEST 2018 |
| From: Jia Zhang <zhang.jia@linux.alibaba.com> |
| Date: Mon, 12 Feb 2018 22:44:53 +0800 |
| Subject: vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page |
| |
| From: Jia Zhang <zhang.jia@linux.alibaba.com> |
| |
| [ Upstream commit 595dd46ebfc10be041a365d0a3fa99df50b6ba73 ] |
| |
| Commit: |
| |
| df04abfd181a ("fs/proc/kcore.c: Add bounce buffer for ktext data") |
| |
| ... introduced a bounce buffer to work around CONFIG_HARDENED_USERCOPY=y. |
| However, accessing the vsyscall user page will cause an SMAP fault. |
| |
| Replace memcpy() with copy_from_user() to fix this bug works, but adding |
| a common way to handle this sort of user page may be useful for future. |
| |
| Currently, only vsyscall page requires KCORE_USER. |
| |
| Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com> |
| Reviewed-by: Jiri Olsa <jolsa@kernel.org> |
| Cc: Al Viro <viro@zeniv.linux.org.uk> |
| Cc: Linus Torvalds <torvalds@linux-foundation.org> |
| Cc: Peter Zijlstra <peterz@infradead.org> |
| Cc: Thomas Gleixner <tglx@linutronix.de> |
| Cc: jolsa@redhat.com |
| Link: http://lkml.kernel.org/r/1518446694-21124-2-git-send-email-zhang.jia@linux.alibaba.com |
| Signed-off-by: Ingo Molnar <mingo@kernel.org> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| arch/x86/mm/init_64.c | 3 +-- |
| fs/proc/kcore.c | 4 ++++ |
| include/linux/kcore.h | 1 + |
| 3 files changed, 6 insertions(+), 2 deletions(-) |
| |
| --- a/arch/x86/mm/init_64.c |
| +++ b/arch/x86/mm/init_64.c |
| @@ -1014,8 +1014,7 @@ void __init mem_init(void) |
| after_bootmem = 1; |
| |
| /* Register memory areas for /proc/kcore */ |
| - kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR, |
| - PAGE_SIZE, KCORE_OTHER); |
| + kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR, PAGE_SIZE, KCORE_USER); |
| |
| mem_init_print_info(NULL); |
| } |
| --- a/fs/proc/kcore.c |
| +++ b/fs/proc/kcore.c |
| @@ -505,6 +505,10 @@ read_kcore(struct file *file, char __use |
| /* we have to zero-fill user buffer even if no read */ |
| if (copy_to_user(buffer, buf, tsz)) |
| return -EFAULT; |
| + } else if (m->type == KCORE_USER) { |
| + /* User page is handled prior to normal kernel page: */ |
| + if (copy_to_user(buffer, (char *)start, tsz)) |
| + return -EFAULT; |
| } else { |
| if (kern_addr_valid(start)) { |
| /* |
| --- a/include/linux/kcore.h |
| +++ b/include/linux/kcore.h |
| @@ -9,6 +9,7 @@ enum kcore_type { |
| KCORE_VMALLOC, |
| KCORE_RAM, |
| KCORE_VMEMMAP, |
| + KCORE_USER, |
| KCORE_OTHER, |
| }; |
| |