Re: [PATCH 4/5] kprobes: Do not expose probe addresses to non-CAP_SYSLOG
From: Kees Cook
Date: Fri Jul 03 2020 - 11:50:40 EST
On Thu, Jul 02, 2020 at 06:00:17PM -0700, Linus Torvalds wrote:
> If somebody is interested in looking into things like that, it might
> be a good idea to have kernel threads with that counter incremented by
> default.
With 67 kthreads on a booted system, this patch does not immediately
blow up... And it likely needs some beautification. (Note that
current_cred_*() calls current_cred() under the hood, so AFAICT, only
current_cred() needs coverage.)
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 18639c069263..a624847cb0ce 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -295,7 +295,10 @@ static inline void put_cred(const struct cred *_cred)
* since nobody else can modify it.
*/
#define current_cred() \
- rcu_dereference_protected(current->cred, 1)
+({ \
+ WARN_ON_ONCE(current->warn_on_current_cred); \
+ rcu_dereference_protected(current->cred, 1); \
+})
/**
* current_real_cred - Access the current task's objective credentials
diff --git a/include/linux/sched.h b/include/linux/sched.h
index b62e6aaf28f0..21ab1b81aa40 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -652,6 +652,7 @@ struct task_struct {
/* Per task flags (PF_*), defined further below: */
unsigned int flags;
unsigned int ptrace;
+ unsigned int warn_on_current_cred;
#ifdef CONFIG_SMP
struct llist_node wake_entry;
diff --git a/kernel/fork.c b/kernel/fork.c
index 142b23645d82..2e181b9bfd3f 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2527,8 +2527,12 @@ pid_t kernel_thread(int (*fn)(void *), void *arg, unsigned long flags)
.stack = (unsigned long)fn,
.stack_size = (unsigned long)arg,
};
+ pid_t pid;
- return _do_fork(&args);
+ pid = _do_fork(&args);
+ if (pid == 0)
+ current->warn_on_current_cred = 1;
+ return pid;
}
#ifdef __ARCH_WANT_SYS_FORK
--
Kees Cook