[Devel] [PATCH RH8] Improve vps_dumpable check in __ptrace_may_access()
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Thu May 6 17:21:55 MSK 2021
From: Vasily Averin <vvs at virtuozzo.com>
__ptrace_may_access() is used when someone tries to
readlink /proc/$PID/ns/$SOMENS and gets -EPERM for kthreads
because they lack task->mm and thus "vps_dumpable" field.
Let's return error only for non-kernel threads and follow usual
restrictions for kernel threads.
https://jira.sw.ru/browse/PSBM-92107
Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
Rebase to vz8:
- Lets remove excess vps_dumpable variable.
- Also do the same mm precheck for vps_dumpable use in ptrace_attach(),
with also replacing EACCES with more suitable EPERM.
- Note that we don't have mm for zombies too, but it looks like there is
no point to prohibit access to them via proc, and we can't ptrace dead
tasks anyway.
(cherry-picked from vz7 commit 5f24adbea6383301757a9d7b10479faa837046ca)
Fixes: 8e582a4301dfc ("ve/mm/trace: introduce vps_dumpable flag")
https://jira.sw.ru/browse/PSBM-127780
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
kernel/ptrace.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index ad3878fb48ba2..c55b0326cf83e 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -272,7 +272,6 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
struct mm_struct *mm;
kuid_t caller_uid;
kgid_t caller_gid;
- int vps_dumpable = 0;
if (!(mode & PTRACE_MODE_FSCREDS) == !(mode & PTRACE_MODE_REALCREDS)) {
WARN(1, "denying ptrace access check without PTRACE_MODE_*CREDS\n");
@@ -337,8 +336,8 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode)
!ptrace_has_cap(mm->user_ns, mode)))
return -EPERM;
- vps_dumpable = (mm ? mm->vps_dumpable == VD_PTRACE_COREDUMP : 0);
- if (!vps_dumpable && !ve_is_super(get_exec_env()))
+ if (mm && (mm->vps_dumpable != VD_PTRACE_COREDUMP) &&
+ !ve_is_super(get_exec_env()))
return -EPERM;
return security_ptrace_access_check(task, mode);
@@ -391,8 +390,8 @@ static int ptrace_attach(struct task_struct *task, long request,
task_lock(task);
retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS);
if (!retval) {
- if (!task->mm || task->mm->vps_dumpable == VD_LICDATA_ACCESS)
- retval = -EACCES;
+ if (task->mm && task->mm->vps_dumpable == VD_LICDATA_ACCESS)
+ retval = -EPERM;
}
task_unlock(task);
if (retval)
--
2.30.2
More information about the Devel
mailing list