Received: by 10.192.165.148 with SMTP id m20csp5338264imm; Tue, 1 May 2018 13:12:19 -0700 (PDT) X-Google-Smtp-Source: AB8JxZppVNRHxx++pvpAjehPKKBx4Xupo2zbOi0hKLJitg54nvmKg8jCIdtJneHBwAut4Fj6PpiS X-Received: by 10.98.155.141 with SMTP id e13mr17026030pfk.157.1525205539542; Tue, 01 May 2018 13:12:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525205539; cv=none; d=google.com; s=arc-20160816; b=PzSNU1bhAlio/1ZViv5J70as3qpdQ2w7zuCLlAV2pYGAr4xihvXtKp9zba8IAJI0OW EJPUpSzCfwy5zTYfPy0R1DhR+zKqVsuTa9LQ2Wg0bEXAVc0X3kyNjSTmefWb6RGP0OdP paVInCqfkbKqhRhcPNcleZa9Jgcj9l/FamGaSp/0ZcUnB/3rO2a80q3c1/lCDvskU6i+ sAQ8Pi/FYW0kzrYro903lDavdTetLAG5HR5IkyHtw6GF5v8N9lNAuoqqLCwqwk1YtDLP 8IskloLVoukAbenfQ+oHqZSOGvQ5dBPmAEb21BuOyCdTRGFaJIw64P7Y4OMrPtgn8kPK uYnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:message-id:date:subject:cc:to :from:arc-authentication-results; bh=1jpndx3lyBvZ4U5s8bcVCYLyrPiARIZLbZdvg9XPZeY=; b=zeSMgO/IIzty66SOflT6o99jgfqWysUWSROlrtKRxjsMyPcss1uAzSCnQV4w55RqtZ 0keQc9TVFIOJKBKnI1Wttbjxhw0SFZt1+89qC13tOokN07O3RPXOgUlfKnertjbDX2CH 74dBqdxB1rOJlMKsF2xDIblpZAyQmMZ6phx704lejjW8zVfg95fG6Iif3UHHs8GyNjVX IcE5HqQ2U1CcmC6pfyKofOhNnsoY3RHzKPZCrolvGA4fuHnAAoH6cdXTu5/xSu4C+pRh gNbj1jZ29IzVvwfBZ7cd8PgvNjQXE9uDEIWVCJsmBli0ni2BWEnyK+qEO4EBjco/J8Wo QhYw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r144si3452397pfr.286.2018.05.01.13.12.02; Tue, 01 May 2018 13:12:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751116AbeEAULx (ORCPT + 99 others); Tue, 1 May 2018 16:11:53 -0400 Received: from mail-oi0-f68.google.com ([209.85.218.68]:39392 "EHLO mail-oi0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750797AbeEAULw (ORCPT ); Tue, 1 May 2018 16:11:52 -0400 Received: by mail-oi0-f68.google.com with SMTP id n65-v6so11010506oig.6 for ; Tue, 01 May 2018 13:11:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to; bh=1jpndx3lyBvZ4U5s8bcVCYLyrPiARIZLbZdvg9XPZeY=; b=T5N50HcGpWeTPAKfk7wh61euBXHwSTFFbqEc6FyNWpcteGfORnDQi5K452jzkroq3o RnE17rDgxbq8eLqCYGAPqL4FQ/yhPzEDRmUCpt23VxZRr+v94atYowPZLlBv9BVYFfWa KW1yVewH5m4JwQuBpJtvQC7o+1HyooUMgXEcoB11pby67HOwpVW9snm4PicqYFsYPJea OsYWPKZk2g171I9ypVCOIjkxayL+4lqOUUTTNS15kLq7DDrOFhBX1i0lwjx/bfPT2/CZ U8VjFSTlrO4sDdMDIs5B59R4OMpWoaMH9v+pcGTlspt+/Z7z4EuNkxVMrRasDIgeAHYP t2aA== X-Gm-Message-State: ALQs6tBs0eLwPpN9LkDK8SmlWosx2eSKpDUrEDEBHjXjd51LLmZmfUw9 IjL1ciEtHSCzIpcG5W4pED/OVXINf7U= X-Received: by 2002:aca:fdc9:: with SMTP id b192-v6mr10014185oii.16.1525205512059; Tue, 01 May 2018 13:11:52 -0700 (PDT) Received: from labbott-redhat.redhat.com ([2601:602:9802:a8dc::d2dd]) by smtp.gmail.com with ESMTPSA id n14-v6sm5129002otf.8.2018.05.01.13.11.50 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 01 May 2018 13:11:51 -0700 (PDT) From: Laura Abbott To: Dave Anderson , Kees Cook , akpm@linux-foundation.org Cc: Laura Abbott , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, Ard Biesheuvel , Ingo Molnar , Andi Kleen Subject: [PATCH] proc/kcore: Don't bounds check against address 0 Date: Tue, 1 May 2018 13:11:43 -0700 Message-Id: <20180501201143.15121-1-labbott@redhat.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <1039518799.26129578.1525185916272.JavaMail.zimbra@redhat.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The existing kcore code checks for bad addresses against __va(0) with the assumption that this is the lowest address on the system. This may not hold true on some systems (e.g. arm64) and produce overflows and crashes. Switch to using other functions to validate the address range. Tested-by: Dave Anderson Signed-off-by: Laura Abbott --- I took your previous comments as a tested by, please let me know if that was wrong. This should probably just go through -mm. I don't think this is necessary for stable but I can request it later if necessary. --- fs/proc/kcore.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c index d1e82761de81..e64ecb9f2720 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c @@ -209,25 +209,34 @@ kclist_add_private(unsigned long pfn, unsigned long nr_pages, void *arg) { struct list_head *head = (struct list_head *)arg; struct kcore_list *ent; + struct page *p; + + if (!pfn_valid(pfn)) + return 1; + + p = pfn_to_page(pfn); + if (!memmap_valid_within(pfn, p, page_zone(p))) + return 1; ent = kmalloc(sizeof(*ent), GFP_KERNEL); if (!ent) return -ENOMEM; - ent->addr = (unsigned long)__va((pfn << PAGE_SHIFT)); + ent->addr = (unsigned long)page_to_virt(p); ent->size = nr_pages << PAGE_SHIFT; - /* Sanity check: Can happen in 32bit arch...maybe */ - if (ent->addr < (unsigned long) __va(0)) + if (!virt_addr_valid(ent->addr)) goto free_out; /* cut not-mapped area. ....from ppc-32 code. */ if (ULONG_MAX - ent->addr < ent->size) ent->size = ULONG_MAX - ent->addr; - /* cut when vmalloc() area is higher than direct-map area */ - if (VMALLOC_START > (unsigned long)__va(0)) { - if (ent->addr > VMALLOC_START) - goto free_out; + /* + * We've already checked virt_addr_valid so we know this address + * is a valid pointer, therefore we can check against it to determine + * if we need to trim + */ + if (VMALLOC_START > ent->addr) { if (VMALLOC_START - ent->addr < ent->size) ent->size = VMALLOC_START - ent->addr; } -- 2.14.3