iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Willy Tarreau 7f7ccc2ccc proc: do not access cmdline nor environ from file-backed areas 
proc_pid_cmdline_read() and environ_read() directly access the target
process' VM to retrieve the command line and environment. If this
process remaps these areas onto a file via mmap(), the requesting
process may experience various issues such as extra delays if the
underlying device is slow to respond.

Let's simply refuse to access file-backed areas in these functions.
For this we add a new FOLL_ANON gup flag that is passed to all calls
to access_remote_vm(). The code already takes care of such failures
(including unmapped areas). Accesses via /proc/pid/mem were not
changed though.

This was assigned CVE-2018-1120.

Note for stable backports: the patch may apply to kernels prior to 4.11
but silently miss one location; it must be checked that no call to
access_remote_vm() keeps zero as the last argument.

Reported-by: Qualys Security Advisory <qsa@qualys.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-05-17 09:27:47 -07:00
..
9p
fscache development
2018-04-07 09:08:24 -07:00
adfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
affs
iversion: Rename make inode_cmp_iversion{+raw} to inode_eq_iversion{+raw}
2018-02-01 08:15:25 -05:00
afs
afs: Fix the non-encryption of calls
2018-05-14 15:15:19 +01:00
autofs4
autofs: mount point create should honour passed in mode
2018-04-20 17:18:35 -07:00
befs
befs: Define usercopy region in befs_inode_cache slab cache
2018-01-15 12:07:54 -08:00
bfs
btrfs
for-4.17-rc3-tag
2018-05-04 20:32:18 -10:00
cachefiles
fscache: Pass object size in rather than calling back for it
2018-04-06 14:05:14 +01:00
ceph
ceph: fix iov_iter issues in ceph_direct_read_write()
2018-05-10 10:15:12 +02:00
cifs
smb3: directory sync should not return an error
2018-05-10 19:21:14 -05:00
coda
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
configfs
cramfs
cramfs: better MTD dependency expression
2018-02-08 11:37:31 -08:00
crypto
fscrypt: fix build with pre-4.6 gcc versions
2018-02-01 10:51:18 -05:00
debugfs
debugfs_lookup(): switch to lookup_one_len_unlocked()
2018-03-29 15:07:47 -04:00
devpts
devpts: comment devpts_mntget()
2018-03-14 13:31:23 +01:00
dlm
net: make getname() functions return length rather than use int* parameter
2018-02-12 14:15:04 -05:00
ecryptfs
eCryptfs: don't pass up plaintext names when using filename encryption
2018-04-16 18:51:22 +00:00
efivarfs
efivarfs: Limit the rate for non-root to read files
2018-02-22 10:21:02 -08:00
efs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
exofs
iversion.h related cleanup for v4.16
2018-02-07 14:25:22 -08:00
exportfs
ovl: do not try to reconnect a disconnected origin dentry
2018-04-12 12:04:49 +02:00
ext2
\n
2018-04-20 09:01:26 -07:00
ext4
Fix misc. bugs and a regression for ext4.
2018-04-28 20:07:21 -07:00
f2fs
page cache: use xa_lock
2018-04-11 10:28:39 -07:00
fat
iversion: Rename make inode_cmp_iversion{+raw} to inode_eq_iversion{+raw}
2018-02-01 08:15:25 -05:00
freevxfs
vxfs: Define usercopy region in vxfs_inode slab cache
2018-01-15 12:07:57 -08:00
fscache
fscache: use appropriate radix tree accessors
2018-04-11 10:28:39 -07:00
fuse
fuse: define the filesystem as untrusted
2018-03-23 06:31:37 -04:00
gfs2
GFS2: Minor improvements to comments and documentation
2018-04-12 10:07:51 -07:00
hfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
hfsplus
hfsplus: honor setgid flag on directories
2018-02-06 18:32:45 -08:00
hostfs
hostfs: rename do_rmdir() to hostfs_do_rmdir()
2018-04-02 20:15:53 +02:00
hpfs
hpfs: don't bother with the i_version counter or f_version
2017-12-10 12:58:18 -08:00
hugetlbfs
hugetlbfs: fix bug in pgoff overflow checking
2018-04-05 21:36:21 -07:00
isofs
isofs: fix potential memory leak in mount option parsing
2018-04-16 09:47:41 +02:00
jbd2
ext4: set h_journal if there is a failure starting a reserved handle
2018-04-18 11:49:31 -04:00
jffs2
jffs2_kill_sb(): deal with failed allocations
2018-04-15 23:49:05 -04:00
jfs
Currently, hardened usercopy performs dynamic bounds checking on slab
2018-02-03 16:25:42 -08:00
kernfs
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
lockd
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
minix
treewide: simplify Kconfig dependencies for removed archs
2018-03-26 15:55:57 +02:00
nfs
NFS client updates for Linux 4.17
2018-04-12 12:55:50 -07:00
nfs_common
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
nfsd
nfsd: fix incorrect umasks
2018-04-03 16:27:08 -04:00
nilfs2
page cache: use xa_lock
2018-04-11 10:28:39 -07:00
nls
notify
fsnotify: fix ignore mask logic in send_to_group()
2018-04-13 15:52:49 +02:00
ntfs
ntfs: fix bogus __mark_inode_dirty(I_DIRTY_SYNC | I_DIRTY_DATASYNC) call
2018-03-28 01:39:02 -04:00
ocfs2
ocfs2: take inode cluster lock before moving reflinked inode from orphan dir
2018-05-11 17:28:45 -07:00
omfs
openpromfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
orangefs
orangefs_kill_sb(): deal with allocation failures
2018-04-15 23:49:12 -04:00
overlayfs
ovl: add support for "xino" mount and config options
2018-04-12 12:04:50 +02:00
proc
proc: do not access cmdline nor environ from file-backed areas
2018-05-17 09:27:47 -07:00
pstore
pstore: fix crypto dependencies without compression
2018-04-06 15:45:33 -07:00
qnx4
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
qnx6
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
quota
fs: quota: Replace GFP_ATOMIC with GFP_KERNEL in dquot_init
2018-04-09 17:48:54 +02:00
ramfs
reiserfs
fs/reiserfs/journal.c: add missing resierfs_warning() arg
2018-04-11 10:28:36 -07:00
romfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
squashfs
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
sysfs
sysfs: symlink: export sysfs_create_link_nowarn()
2018-03-19 21:14:26 -04:00
sysv
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
tracefs
ubifs
This pull request contains updates for both UBI and UBIFS:
2018-04-11 16:39:34 -07:00
udf
udf: Fix leak of UTF-16 surrogates into encoded strings
2018-04-18 16:34:55 +02:00
ufs
iversion.h related cleanup for v4.16
2018-02-07 14:25:22 -08:00
xfs
xfs: cap the length of deduplication requests
2018-05-02 09:21:33 -07:00
aio.c
fs/aio: Use rcu_work instead of explicit rcu and work item
2018-03-19 10:12:03 -07:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
exec: introduce finalize_exec() before start_thread()
2018-04-11 10:28:37 -07:00
binfmt_elf_fdpic.c
exec: introduce finalize_exec() before start_thread()
2018-04-11 10:28:37 -07:00
binfmt_elf.c
fs, elf: don't complain MAP_FIXED_NOREPLACE unless -EEXIST error
2018-04-20 17:18:36 -07:00
binfmt_em86.c
binfmt_flat.c
exec: introduce finalize_exec() before start_thread()
2018-04-11 10:28:37 -07:00
binfmt_misc.c
fs: add ksys_close() wrapper; remove in-kernel calls to sys_close()
2018-04-02 20:16:00 +02:00
binfmt_script.c
block_dev.c
libnvdimm for 4.17
2018-04-10 10:25:57 -07:00
buffer.c
Merge branch 'work.thaw' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-04-12 12:28:32 -07:00
char_dev.c
block, char_dev: Use correct format specifier for unsigned ints
2018-03-15 17:59:24 +01:00
compat_binfmt_elf.c
compat_ioctl.c
fs: compat_ioctl: add new DVB demux ioctls
2017-12-28 11:17:29 -05:00
compat.c
coredump.c
Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-11-17 11:54:55 -08:00
d_path.c
split d_path() and friends into a separate file
2018-03-29 15:07:46 -04:00
dax.c
page cache: use xa_lock
2018-04-11 10:28:39 -07:00
dcache.c
fs/dcache.c: add cond_resched() in shrink_dentry_list()
2018-04-11 10:28:38 -07:00
dcookies.c
fs: add do_lookup_dcookie() helper; remove in-kernel call to syscall
2018-04-02 20:15:39 +02:00
direct-io.c
Merge branch 'akpm' (patches from Andrew)
2018-04-06 14:19:26 -07:00
drop_caches.c
eventfd.c
fs: add do_eventfd() helper; remove internal call to sys_eventfd()
2018-04-02 20:15:39 +02:00
eventpoll.c
fs: add do_epoll_*() helpers; remove internal calls to sys_epoll_*()
2018-04-02 20:15:37 +02:00
exec.c
exec: pin stack limit during exec
2018-04-11 10:28:37 -07:00
fcntl.c
fs: add do_compat_fcntl64() helper; remove in-kernel call to compat syscall
2018-04-02 20:15:42 +02:00
fhandle.c
vfs: Copy struct mount.mnt_id to userspace using put_user()
2018-01-15 12:07:51 -08:00
file_table.c
vfs: remove unused hardirq.h
2017-12-07 14:23:30 -05:00
file.c
fs: add ksys_close() wrapper; remove in-kernel calls to sys_close()
2018-04-02 20:16:00 +02:00
filesystems.c
fs_pin.c
Merge branch 'linus' into locking/core, to resolve conflicts
2017-11-07 10:32:44 +01:00
fs_struct.c
fs-writeback.c
bdi: Fix oops in wb_workfn()
2018-05-03 16:11:37 -06:00
inode.c
page cache: use xa_lock
2018-04-11 10:28:39 -07:00
internal.h
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-04-06 11:07:08 -07:00
ioctl.c
fs: add ksys_ioctl() helper; remove in-kernel calls to sys_ioctl()
2018-04-02 20:16:03 +02:00
iomap.c
iomap: warn on zero-length mappings
2018-01-29 07:27:24 -08:00
Kconfig
libnvdimm for 4.16
2018-02-06 10:41:33 -08:00
Kconfig.binfmt
treewide: simplify Kconfig dependencies for removed archs
2018-03-26 15:55:57 +02:00
libfs.c
fs, dax: prepare for dax-specific address_space_operations
2018-03-30 11:34:55 -07:00
locks.c
treewide: Align function definition open/close braces
2018-03-26 11:13:09 +02:00
Makefile
split d_path() and friends into a separate file
2018-03-29 15:07:46 -04:00
mbcache.c
mbcache: make sure c_entry_count is not decremented past zero
2018-01-09 23:57:52 -05:00
mount.h
mpage.c
namei.c
Merge branch 'work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-04-09 12:48:05 -07:00
namespace.c
vfs: Undo an overly zealous MS_RDONLY -> SB_RDONLY conversion
2018-04-20 09:59:33 -07:00
no-block.c
nsfs.c
net: Export open_related_ns()
2018-02-15 15:34:42 -05:00
open.c
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2018-04-06 11:07:08 -07:00
pipe.c
fs: add do_pipe2() helper; remove internal call to sys_pipe2()
2018-04-02 20:15:35 +02:00
pnode.c
pnode.h
posix_acl.c
posix_acl: convert posix_acl.a_refcount from atomic_t to refcount_t
2018-01-02 19:27:28 -08:00
proc_namespace.c
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
read_write.c
fs: add ksys_p{read,write}64() helpers; remove in-kernel calls to syscalls
2018-04-02 20:16:09 +02:00
readdir.c
fs: add ksys_getdents64() helper; remove in-kernel calls to sys_getdents64()
2018-04-02 20:16:02 +02:00
select.c
fs: add do_compat_select() helper; remove in-kernel call to compat syscall
2018-04-02 20:15:42 +02:00
seq_file.c
seq_file: account everything to kmemcg
2018-04-11 10:28:36 -07:00
signalfd.c
fs: add do_compat_signalfd4() helper; remove in-kernel call to compat syscall
2018-04-02 20:15:43 +02:00
splice.c
fs: add do_vmsplice() helper; remove in-kernel call to syscall
2018-04-02 20:15:40 +02:00
stack.c
stat.c
fs: add do_readlinkat() helper; remove internal call to sys_readlinkat()
2018-04-02 20:15:34 +02:00
statfs.c
Rename superblock flags (MS_xyz -> SB_xyz)
2017-11-27 13:05:09 -08:00
super.c
mm,vmscan: Allow preallocating memory for register_shrinker().
2018-04-16 02:06:47 -04:00
sync.c
Changes for this release:
2018-04-04 12:44:02 -07:00
timerfd.c
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
userfaultfd.c
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
utimes.c
fs: add do_compat_futimesat() helper; remove in-kernel call to compat syscall
2018-04-02 20:15:44 +02:00
xattr.c