Re: [PATCH 7/7] x86/uaccess: OOPS or warn on a fault with KERNEL_DS and !pagefault_disabled()

From: Borislav Petkov
Date: Wed May 25 2016 - 11:33:14 EST


On Tue, May 24, 2016 at 03:48:44PM -0700, Andy Lutomirski wrote:
> + if (unlikely(!is_user_ds && !pagefault_disabled())) {
> + if (extra < TASK_SIZE_MAX) {
> + /*
> + * Accessing user address under KERNEL_DS. This is a
> + * bug and should be fixed, but OOPSing is not helpful
> + * for exploit mitigation.
> + */
> + WARN_ONCE(1, "BUG: uaccess fault at 0x%lx with KERNEL_DS\n",

WARN and BUG?

Also, let's have this string and the one below differ for finding out
where we are during debugging.

> + extra);
> + } else {
> + /*
> + * If a bug that allows user-controlled KERNEL_DS
> + * access exists, this will prevent it from being used
> + * to trivially bypass kASLR.
> + */
> + pr_crit("BUG: uaccess fault at 0x%lx with KERNEL_DS\n",
> + extra);

--
Regards/Gruss,
Boris.

ECO tip #101: Trim your mails when you reply.