From: Geert Uytterhoeven <geert@linux-m68k.org>
To: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>, Linux MM <linux-mm@kvack.org>,
"open list:NFS, SUNRPC, AND..." <linux-nfs@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Rik van Riel <riel@redhat.com>
Subject: Re: usercopy: kernel memory exposure attempt detected
Date: Wed, 17 Aug 2016 17:14:53 +0200 [thread overview]
Message-ID: <CAMuHMdURgo0UB6961bZXkb-HV5P3wDT8hgHy=TcPRhA10GT2iw@mail.gmail.com> (raw)
In-Reply-To: <CAGXu5jJ0OCR995Xu41SQvw2YQX-JUO5BhVyOuy0=wJ3Su07puw@mail.gmail.com>
Hi Kees,
On Wed, Aug 17, 2016 at 4:52 PM, Kees Cook <keescook@chromium.org> wrote:
> On Wed, Aug 17, 2016 at 5:13 AM, Geert Uytterhoeven
> <geert@linux-m68k.org> wrote:
>> Saw this when using NFS root on r8a7791/koelsch, using a tree based on
>> renesas-drivers-2016-08-16-v4.8-rc2:
>>
>> usercopy: kernel memory exposure attempt detected from c01ff000
>> (<kernel text>) (4096 bytes)
>
> Hmmm, the kernel text exposure on ARM usually means the hardened
> usercopy patchset was applied to an ARM tree without the _etext patch:
> http://git.kernel.org/linus/14c4a533e0996f95a0a64dfd0b6252d788cebc74
>
> If you _do_ have this patch already (and based on the comment below, I
> suspect you do: usually the missing _etext makes the system entirely
> unbootable), then we need to dig further.
Yes, I do have that patch.
>> Despite the BUG(), the system continues working.
>
> I assume exim4 got killed, though?
Possibly. I don't really use email on the development boards.
Just a debootstrapped Debian NFS root.
> If you can figure out what bytes are present at c01ff000, that may
> give us a clue.
I've added a print_hex_dump(), so we'll find out when it happens again...
Thanks!
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-08-17 15:14 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-17 12:13 Geert Uytterhoeven
2016-08-17 14:52 ` Kees Cook
2016-08-17 15:14 ` Geert Uytterhoeven [this message]
2016-08-19 21:03 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMuHMdURgo0UB6961bZXkb-HV5P3wDT8hgHy=TcPRhA10GT2iw@mail.gmail.com' \
--to=geert@linux-m68k.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-nfs@vger.kernel.org \
--cc=riel@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox