fs/proc/task_mmu.c: fix mm_access() mode parameter in pagemap_read()

kfktwo · Sasha Levin · commit 5c576457aca8 · 2016-08-12T13:27:29.000-04:00
Backport of caaee62 ("ptrace: use fsuid, fsgid, effective creds for fs access checks") to v4.1 failed to update the mode parameter in the mm_access() call in pagemap_read() to have one of the new PTRACE_MODE_*CREDS flags. Attempting to read any other process' pagemap results in a WARN() WARNING: CPU: 0 PID: 883 at kernel/ptrace.c:229 __ptrace_may_access+0x14a/0x160() denying ptrace access check without PTRACE_MODE_*CREDS Modules linked in: loop sg e1000 i2c_piix4 ppdev virtio_balloon virtio_pci parport_pc i2c_core virtio_ring ata_generic serio_raw pata_acpi virtio parport pcspkr floppy acpi_cpufreq ip_tables ext3 mbcache jbd sd_mod ata_piix crc32c_intel libata CPU: 0 PID: 883 Comm: cat Tainted: G W 4.1.12-51.el7uek.x86_64 #2 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 0000000000000286 00000000619f225a ffff88003b6fbc18 ffffffff81717021 ffff88003b6fbc70 ffffffff819be870 ffff88003b6fbc58 ffffffff8108477a 000000003b6fbc58 0000000000000001 ffff88003d287000 0000000000000001 Call Trace: [<ffffffff81717021>] dump_stack+0x63/0x81 [<ffffffff8108477a>] warn_slowpath_common+0x8a/0xc0 [<ffffffff81084805>] warn_slowpath_fmt+0x55/0x70 [<ffffffff8108e57a>] __ptrace_may_access+0x14a/0x160 [<ffffffff8108f372>] ptrace_may_access+0x32/0x50 [<ffffffff81081bad>] mm_access+0x6d/0xb0 [<ffffffff81278c81>] pagemap_read+0xe1/0x360 [<ffffffff811a046b>] ? lru_cache_add_active_or_unevictable+0x2b/0xa0 [<ffffffff8120d2e7>] __vfs_read+0x37/0x100 [<ffffffff812b9ab4>] ? security_file_permission+0x84/0xa0 [<ffffffff8120d8b6>] ? rw_verify_area+0x56/0xe0 [<ffffffff8120d9c6>] vfs_read+0x86/0x140 [<ffffffff8120e945>] SyS_read+0x55/0xd0 [<ffffffff8171eb6e>] system_call_fastpath+0x12/0x71 Fixes: ab88ce5 (ptrace: use fsuid, fsgid, effective creds for fs access checks) Signed-off-by: Kenny Keslar <kenny.keslar@oracle.com> Cc: Roland McGrath <roland@hack.frob.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
@@ -1257,7 +1257,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
 	if (!pm.buffer)
 		goto out_task;
 
-	mm = mm_access(task, PTRACE_MODE_READ);
+	mm = mm_access(task, PTRACE_MODE_READ_FSCREDS);
 	ret = PTR_ERR(mm);
 	if (!mm || IS_ERR(mm))
 		goto out_free;
