• Willy Tarreau's avatar
    proc: do not access cmdline nor environ from file-backed areas · 7f7ccc2c
    Willy Tarreau authored
    proc_pid_cmdline_read() and environ_read() directly access the target
    process' VM to retrieve the command line and environment. If this
    process remaps these areas onto a file via mmap(), the requesting
    process may experience various issues such as extra delays if the
    underlying device is slow to respond.
    Let's simply refuse to access file-backed areas in these functions.
    For this we add a new FOLL_ANON gup flag that is passed to all calls
    to access_remote_vm(). The code already takes care of such failures
    (including unmapped areas). Accesses via /proc/pid/mem were not
    changed though.
    This was assigned CVE-2018-1120.
    Note for stable backports: the patch may apply to kernels prior to 4.11
    but silently miss one location; it must be checked that no call to
    access_remote_vm() keeps zero as the last argument.
    Reported-by: default avatarQualys Security Advisory <qsa@qualys.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Oleg Nesterov <oleg@redhat.com>
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>