Thread (28 messages) 28 messages, 7 authors, 2020-07-16

Re: [PATCH 2/4] fs: Remove FIRMWARE_PREALLOC_BUFFER from kernel_read_file() enums

From: Kees Cook <hidden>
Date: 2020-07-10 22:44:14
Also in: linux-fsdevel, linux-integrity, lkml 

On Fri, Jul 10, 2020 at 03:10:25PM -0700, Scott Branden wrote:
quoted hunk ↗ jump to hunk

On 2020-07-10 3:04 p.m., Matthew Wilcox wrote:
quoted
On Fri, Jul 10, 2020 at 02:00:32PM -0700, Scott Branden wrote:
quoted
quoted
@@ -950,8 +951,8 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size,
   		goto out;
   	}
-	if (id != READING_FIRMWARE_PREALLOC_BUFFER)
-		*buf = vmalloc(i_size);
+	if (!*buf)
The assumption that *buf is always NULL when id !=
READING_FIRMWARE_PREALLOC_BUFFER doesn't appear to be correct.
I get unhandled page faults due to this change on boot.
Did it give you a stack backtrace?
Yes, but there's no requirement that *buf need to be NULL when calling this
function.
To fix my particular crash I added the following locally:

--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3989,7 +3989,7 @@ SYSCALL_DEFINE3(finit_module, int, fd, const char
__user *, uargs, int, flags)
 {
     struct load_info info = { };
     loff_t size;
-    void *hdr;
+    void *hdr = NULL;
     int err;

     err = may_init_module();
quoted
Thanks for the diagnosis and fix! I haven't had time to cycle back
around to this series yet. Hopefully soon. :)

-- 
Kees Cook
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help