One of the bullets for hardened usercopy feature is:
- object must not overlap with kernel text
which is what we expose via /proc/kcore. We can hit
this check and crash the system very easily just by
reading the text area in kcore file:
usercopy: kernel memory exposure attempt detected from ffffffff8179a01f
(<kernel text>) (4065 bytes)
kernel BUG at mm/usercopy.c:75!
Omitting kernel text area from kcore when there's
hardened usercopy feature is enabled.
Fixes: f5509cc18daa ("mm: Hardened usercopy")
Reported-by: Steve Best <sb...@redhat.com>
Cc: Kees Cook <keesc...@chromium.org>
Signed-off-by: Jiri Olsa <jo...@kernel.org>
---
fs/proc/kcore.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index a939f5ed7f89..e322d4e0be4d 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -629,8 +629,12 @@ static int __init proc_kcore_init(void)
pr_err("couldn't create /proc/kcore\n");
return 0; /* Always returns 0. */
}
+
+#ifndef CONFIG_HARDENED_USERCOPY
/* Store text area if it's special */
proc_kcore_text_init();
+#endif
+
/* Store vmalloc area */
kclist_add(&kcore_vmalloc, (void *)VMALLOC_START,
VMALLOC_END - VMALLOC_START, KCORE_VMALLOC);
--
2.7.4
