Re: [PATCH] usb: mon: make mmapped memory read only

From: Tadeusz Struk
Date: Sat Sep 17 2022 - 00:14:23 EST

Next message: Ben Wolsieffer: "[PATCH RESEND 0/2] ARM: v7m: handle faults and enable debugging"
Previous message: Bagas Sanjaya: "Re: [PATCH 5.15 00/35] 5.15.69-rc1 review"
In reply to: Tadeusz Struk: "[PATCH] usb: mon: make mmapped memory read only"
Next in thread: Dmitry Vyukov: "Re: [PATCH] usb: mon: make mmapped memory read only"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/16/22 15:47, Tadeusz Struk wrote:

Syzbot found an issue in usbmon where it can corrupt monitor
internal memory causing the usbmon to crash with segfault,
UAF, etc. The reproducer mmaps the /dev/usbmon memory to userspace
and overwrites it with arbitrary data, which causes the issues.
To prevent that explicitly clear the VM_WRITE flag in mon_bin_mmap().

Cc:linux-usb@xxxxxxxxxxxxxxx
Cc:linux-kernel@xxxxxxxxxxxxxxx
Cc:stable@xxxxxxxxxxxxxxx
Fixes: 6f23ee1fefdc ("USB: add binary API to usbmon")
Link:https://syzkaller.appspot.com/bug?id=2eb1f35d6525fa4a74d75b4244971e5b1411c95a
Signed-off-by: Tadeusz Struk<tadeusz.struk@xxxxxxxxxx>

I forgot to add:
Reported-by: syzbot+23f57c5ae902429285d7@xxxxxxxxxxxxxxxxxxxxxxxxx

--
Thanks,
Tadeusz

Next message: Ben Wolsieffer: "[PATCH RESEND 0/2] ARM: v7m: handle faults and enable debugging"
Previous message: Bagas Sanjaya: "Re: [PATCH 5.15 00/35] 5.15.69-rc1 review"
In reply to: Tadeusz Struk: "[PATCH] usb: mon: make mmapped memory read only"
Next in thread: Dmitry Vyukov: "Re: [PATCH] usb: mon: make mmapped memory read only"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]