[PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums
Scott Branden
scott.branden at broadcom.com
Fri Jul 10 22:58:59 UTC 2020
Hi Kees,
On 2020-07-10 3:44 p.m., Kees Cook wrote:
> On Fri, Jul 10, 2020 at 03:10:25PM -0700, Scott Branden wrote:
>>
>> On 2020-07-10 3:04 p.m., Matthew Wilcox wrote:
>>> On Fri, Jul 10, 2020 at 02:00:32PM -0700, Scott Branden wrote:
>>>>> @@ -950,8 +951,8 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size,
>>>>> goto out;
>>>>> }
>>>>> - if (id != READING_FIRMWARE_PREALLOC_BUFFER)
>>>>> - *buf = vmalloc(i_size);
>>>>> + if (!*buf)
>>>> The assumption that *buf is always NULL when id !=
>>>> READING_FIRMWARE_PREALLOC_BUFFER doesn't appear to be correct.
>>>> I get unhandled page faults due to this change on boot.
>>> Did it give you a stack backtrace?
>> Yes, but there's no requirement that *buf need to be NULL when calling this
>> function.
>> To fix my particular crash I added the following locally:
>>
>> --- a/kernel/module.c
>> +++ b/kernel/module.c
>> @@ -3989,7 +3989,7 @@ SYSCALL_DEFINE3(finit_module, int, fd, const char
>> __user *, uargs, int, flags)
>> {
>> struct load_info info = { };
>> loff_t size;
>> - void *hdr;
>> + void *hdr = NULL;
>> int err;
>>
>> err = may_init_module();
> Thanks for the diagnosis and fix! I haven't had time to cycle back
> around to this series yet. Hopefully soon. :)
I don't consider this a complete fix as there may be other callers which
do not initialize
the *buf param to NULL before calling kernel_read_file.
But, it does boot my system. Also, I was able to make modifications for my
pread changes that pass (and the IMA works with IMA patch in my series
is dropped completely with your changes in place).
So your changes work for me other than the hack needed above.
>
More information about the Linux-security-module-archive
mailing list