linux/fs/proc
Willy Tarreau 7f7ccc2ccc proc: do not access cmdline nor environ from file-backed areas
proc_pid_cmdline_read() and environ_read() directly access the target
process' VM to retrieve the command line and environment. If this
process remaps these areas onto a file via mmap(), the requesting
process may experience various issues such as extra delays if the
underlying device is slow to respond.

Let's simply refuse to access file-backed areas in these functions.
For this we add a new FOLL_ANON gup flag that is passed to all calls
to access_remote_vm(). The code already takes care of such failures
(including unmapped areas). Accesses via /proc/pid/mem were not
changed though.

This was assigned CVE-2018-1120.

Note for stable backports: the patch may apply to kernels prior to 4.11
but silently miss one location; it must be checked that no call to
access_remote_vm() keeps zero as the last argument.

Reported-by: Qualys Security Advisory <qsa@qualys.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-05-17 09:27:47 -07:00
..
array.c proc: replace seq_printf by seq_put_smth to speed up /proc/pid/status 2018-04-11 10:28:33 -07:00
base.c proc: do not access cmdline nor environ from file-backed areas 2018-05-17 09:27:47 -07:00
cmdline.c proc: faster /proc/cmdline 2018-04-11 10:28:34 -07:00
consoles.c fs/proc/consoles.c: use seq_putc() in show_console_dev() 2018-02-06 18:32:44 -08:00
cpuinfo.c x86 / CPU: Always show current CPU frequency in /proc/cpuinfo 2017-11-15 19:46:50 +01:00
devices.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fd.c proc: use %u for pid printing and slightly less stack 2018-02-06 18:32:43 -08:00
fd.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
generic.c proc: revalidate misc dentries 2018-04-13 17:10:27 -07:00
inode.c proc: move "struct proc_dir_entry" into kmem cache 2018-04-11 10:28:34 -07:00
internal.h proc: use slower rb_first() 2018-04-11 10:28:34 -07:00
interrupts.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig
kcore.c proc/kcore: don't bounds check against address 0 2018-05-11 17:28:45 -07:00
kmsg.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
loadavg.c proc: fix /proc/loadavg regression 2018-04-20 17:18:36 -07:00
Makefile proc: : uninline name_to_int() 2017-11-17 16:10:00 -08:00
meminfo.c proc: add seq_put_decimal_ull_width to speed up /proc/pid/smaps 2018-04-11 10:28:33 -07:00
namespaces.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nommu.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
page.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
proc_net.c proc: use slower rb_first() 2018-04-11 10:28:34 -07:00
proc_sysctl.c fs/proc/proc_sysctl.c: fix typo in sysctl_check_table_array() 2018-04-11 10:28:38 -07:00
proc_tty.c TTY/Serial patches for 4.15-rc1 2017-11-13 21:05:31 -08:00
root.c proc: use slower rb_first() 2018-04-11 10:28:34 -07:00
self.c fs/proc: use __ro_after_init 2018-02-06 18:32:43 -08:00
softirqs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
task_mmu.c mm, pagemap: fix swap offset value for PMD migration entry 2018-04-20 17:18:35 -07:00
task_nommu.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
thread_self.c fs/proc: use __ro_after_init 2018-02-06 18:32:43 -08:00
uptime.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
util.c proc: use do-while in name_to_int() 2017-11-17 16:10:00 -08:00
version.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vmcore.c fs/proc/vmcore.c: simpler /proc/vmcore cleanup 2018-02-06 18:32:43 -08:00