diff options
| author | Willy Tarreau <[email protected]> | 2018-05-11 06:11:44 +0000 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2018-05-17 16:27:47 +0000 |
| commit | 7f7ccc2ccc2e70c6054685f5e3522efa81556830 (patch) | |
| tree | 7309cb80e03910053c21d5b003ed1d6b2dcacc16 /drivers/gpu/drm/omapdrm/omap_fbdev.c | |
| parent | Merge tag 'trace-v4.17-rc4-2' of git://git.kernel.org/pub/scm/linux/kernel/gi... (diff) | |
| download | kernel-7f7ccc2ccc2e70c6054685f5e3522efa81556830.tar.gz kernel-7f7ccc2ccc2e70c6054685f5e3522efa81556830.zip | |
proc: do not access cmdline nor environ from file-backed areas
proc_pid_cmdline_read() and environ_read() directly access the target
process' VM to retrieve the command line and environment. If this
process remaps these areas onto a file via mmap(), the requesting
process may experience various issues such as extra delays if the
underlying device is slow to respond.
Let's simply refuse to access file-backed areas in these functions.
For this we add a new FOLL_ANON gup flag that is passed to all calls
to access_remote_vm(). The code already takes care of such failures
(including unmapped areas). Accesses via /proc/pid/mem were not
changed though.
This was assigned CVE-2018-1120.
Note for stable backports: the patch may apply to kernels prior to 4.11
but silently miss one location; it must be checked that no call to
access_remote_vm() keeps zero as the last argument.
Reported-by: Qualys Security Advisory <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Oleg Nesterov <[email protected]>
Cc: [email protected]
Signed-off-by: Willy Tarreau <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'drivers/gpu/drm/omapdrm/omap_fbdev.c')
0 files changed, 0 insertions, 0 deletions