98a23609b1
Except for historical confusion in the kprobes/uprobes and bpf tracers, which has been fixed now, there is no good reason to ever allow user memory accesses from probe_kernel_read. Switch probe_kernel_read to only read from kernel memory. [akpm@linux-foundation.org: update it for "mm, dump_page(): do not crash with invalid mapping pointer"] Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/20200521152301.2587579-17-hch@lst.de Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
30 lines
834 B
C
30 lines
834 B
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
#include <linux/uaccess.h>
|
|
#include <linux/kernel.h>
|
|
|
|
#ifdef CONFIG_X86_64
|
|
static __always_inline u64 canonical_address(u64 vaddr, u8 vaddr_bits)
|
|
{
|
|
return ((s64)vaddr << (64 - vaddr_bits)) >> (64 - vaddr_bits);
|
|
}
|
|
|
|
bool probe_kernel_read_allowed(const void *unsafe_src, size_t size)
|
|
{
|
|
unsigned long vaddr = (unsigned long)unsafe_src;
|
|
|
|
/*
|
|
* Range covering the highest possible canonical userspace address
|
|
* as well as non-canonical address range. For the canonical range
|
|
* we also need to include the userspace guard page.
|
|
*/
|
|
return vaddr >= TASK_SIZE_MAX + PAGE_SIZE &&
|
|
canonical_address(vaddr, boot_cpu_data.x86_virt_bits) == vaddr;
|
|
}
|
|
#else
|
|
bool probe_kernel_read_allowed(const void *unsafe_src, size_t size)
|
|
{
|
|
return (unsigned long)unsafe_src >= TASK_SIZE_MAX;
|
|
}
|
|
#endif
|