Re: [PATCH 7/7] x86/uaccess: OOPS or warn on a fault with KERNEL_DS and !pagefault_disabled()
From: Borislav Petkov
Date: Wed May 25 2016 - 11:33:14 EST
On Tue, May 24, 2016 at 03:48:44PM -0700, Andy Lutomirski wrote:
> + if (unlikely(!is_user_ds && !pagefault_disabled())) {
> + if (extra < TASK_SIZE_MAX) {
> + /*
> + * Accessing user address under KERNEL_DS. This is a
> + * bug and should be fixed, but OOPSing is not helpful
> + * for exploit mitigation.
> + */
> + WARN_ONCE(1, "BUG: uaccess fault at 0x%lx with KERNEL_DS\n",
WARN and BUG?
Also, let's have this string and the one below differ for finding out
where we are during debugging.
> + extra);
> + } else {
> + /*
> + * If a bug that allows user-controlled KERNEL_DS
> + * access exists, this will prevent it from being used
> + * to trivially bypass kASLR.
> + */
> + pr_crit("BUG: uaccess fault at 0x%lx with KERNEL_DS\n",
> + extra);
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply.