• Stephen Smalley's avatar
    lkdtm: fix ACCESS_USERSPACE test · 2cb202c1
    Stephen Smalley authored
    Add a copy_to_user() call to the ACCESS_USERSPACE test
    prior to attempting direct dereferencing of the user
    address to ensure the page is present.  Otherwise,
    a fault occurs on arm kernels even prior to the introduction
    of CONFIG_CPU_SW_DOMAIN_PAN, and there is no difference in
    behavior for CONFIG_CPU_SW_DOMAIN_PAN=n vs CONFIG_CPU_SW_DOMAIN_PAN=y.
    
    Before this change, for any value of CONFIG_CPU_SW_DOMAIN_PAN:
    lkdtm: Performing direct entry ACCESS_USERSPACE
    lkdtm: attempting bad read at b6fe8000
    Unable to handle kernel paging request at virtual address b6fe8000
    
    After this change, for CONFIG_CPU_SW_DOMAIN_PAN=n:
    lkdtm: Performing direct entry ACCESS_USERSPACE
    lkdtm: attempting bad read at b6efc000
    lkdtm: attempting bad write at b6efc000
    
    After this change, for CONFIG_CPU_SW_DOMAIN_PAN=y:
    lkdtm: Performing direct entry ACCESS_USERSPACE
    lkdtm: attempting bad read at b6f7d000
    Unhandled fault: page domain fault (0x01b) at 0xb6f7d000
    ...
    Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Acked-by: default avatarKees Cook <keescook@chromium.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    2cb202c1
lkdtm.c 19.7 KB