arm64: fix crash reading /proc/kcore
Bug #1702749 reported by
dann frazier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
dann frazier | ||
Zesty |
Fix Released
|
High
|
dann frazier |
Bug Description
[Impact]
Reading /proc/kcore can lead to a crash on arm64 systems.
This was found to cause crashes when, e.g. annotating symbols in a perf top session.
[Test Case]
# cat /proc/kcore > /dev/null
[Regression Risk]
2 upstream patches need to be cherry-picked to fix this.
The 1st patch is a simplification to the kcore driver that impacts all architectures. Instead of re-checking at read time for vmalloc/module addresses, it just checks for a flag that was set during kcore driver init. This looks correct to me but could of course have an unnoticed bug.
The second patch is arm64-specific, and regression risk has been mitigated by testing on arm64 hardware.
CVE References
Changed in linux (Ubuntu): | |
assignee: | nobody → dann frazier (dannf) |
status: | New → Confirmed |
description: | updated |
Changed in linux (Ubuntu Zesty): | |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in linux (Ubuntu Zesty): | |
assignee: | nobody → dann frazier (dannf) |
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Zesty): | |
importance: | Undecided → High |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Zesty): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-zesty removed: verification-needed-zesty |
To post a comment you must log in.
Preemptive verification:
root@d05-3:~# cat /proc/version bos01-arm64- 012) (gcc version 6.3.0 20170406 (Ubuntu/Linaro 6.3.0-12ubuntu2) ) #33-Ubuntu SMP Wed Jul 19 13:37:12 UTC 2017
Linux version 4.10.0-29-generic (buildd@
root@d05-3:~# cat /proc/kcore > /dev/null&
[1] 9206
root@d05-3:~#
(/proc/kcore is 133T on this system, so it won't complete in any reasonable time - but normally would've crashed by now).