On Mon, Jul 31, 2023 at 10:50:21PM +0100, Lorenzo Stoakes wrote:
Some architectures do not populate the entire range categorised by KCORE_TEXT, so we must ensure that the kernel address we read from is valid.
Unfortunately there is no solution currently available to do so with a purely iterator solution so reinstate the bounce buffer in this instance so we can use copy_from_kernel_nofault() in order to avoid page faults when regions are unmapped.
This change partly reverts commit 2e1c0170771e ("fs/proc/kcore: avoid bounce buffer for ktext data"), reinstating the bounce buffer, but adapts the code to continue to use an iterator.
Fixes: 2e1c0170771e ("fs/proc/kcore: avoid bounce buffer for ktext data") Reported-by: Jiri Olsa olsajiri@gmail.com
it fixed my issue, thanks
Tested-by: Jiri Olsa jolsa@kernel.org
jirka
Closes: https://lore.kernel.org/all/ZHc2fm+9daF6cgCE@krava Cc: stable@vger.kernel.org Signed-off-by: Lorenzo Stoakes lstoakes@gmail.com
fs/proc/kcore.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c index 9cb32e1a78a0..3bc689038232 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c @@ -309,6 +309,8 @@ static void append_kcore_note(char *notes, size_t *i, const char *name, static ssize_t read_kcore_iter(struct kiocb *iocb, struct iov_iter *iter) {
- struct file *file = iocb->ki_filp;
- char *buf = file->private_data; loff_t *fpos = &iocb->ki_pos; size_t phdrs_offset, notes_offset, data_offset; size_t page_offline_frozen = 1;
@@ -554,11 +556,22 @@ static ssize_t read_kcore_iter(struct kiocb *iocb, struct iov_iter *iter) fallthrough; case KCORE_VMEMMAP: case KCORE_TEXT:
/** Sadly we must use a bounce buffer here to be able to* make use of copy_from_kernel_nofault(), as these* memory regions might not always be mapped on all* architectures.*/if (copy_from_kernel_nofault(buf, (void *)start, tsz)) {if (iov_iter_zero(tsz, iter) != tsz) {ret = -EFAULT;goto out;} /* * We use _copy_to_iter() to bypass usermode hardening * which would otherwise prevent this operation. */
if (_copy_to_iter((char *)start, tsz, iter) != tsz) {
} else if (_copy_to_iter(buf, tsz, iter) != tsz) { ret = -EFAULT; goto out; }@@ -595,6 +608,10 @@ static int open_kcore(struct inode *inode, struct file *filp) if (ret) return ret;
- filp->private_data = kmalloc(PAGE_SIZE, GFP_KERNEL);
- if (!filp->private_data)
return -ENOMEM;- if (kcore_need_update) kcore_update_ram(); if (i_size_read(inode) != proc_root_kcore->size) {
@@ -605,9 +622,16 @@ static int open_kcore(struct inode *inode, struct file *filp) return 0; } +static int release_kcore(struct inode *inode, struct file *file) +{
- kfree(file->private_data);
- return 0;
+}
static const struct proc_ops kcore_proc_ops = { .proc_read_iter = read_kcore_iter, .proc_open = open_kcore,
- .proc_release = release_kcore, .proc_lseek = default_llseek,
}; -- 2.41.0