Revert "proc/wchan: use printk format instead of lookup_symbol_name()"
authorKees Cook <keescook@chromium.org>
Wed, 29 Sep 2021 22:02:13 +0000 (15:02 -0700)
committerPeter Zijlstra <peterz@infradead.org>
Fri, 15 Oct 2021 09:25:13 +0000 (11:25 +0200)
This reverts commit 152c432b128cb043fc107e8f211195fe94b2159c.

When a kernel address couldn't be symbolized for /proc/$pid/wchan, it
would leak the raw value, a potential information exposure. This is a
regression compared to the safer pre-v5.12 behavior.

Reported-by: kernel test robot <oliver.sang@intel.com>
Reported-by: Vito Caputo <vcaputo@pengaru.com>
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20211008111626.090829198@infradead.org
fs/proc/base.c

index 533d5836eb9a4a9817e555dd5a885ec4bb18f3df..1f394095eb8800de45b7a93e79b998ebf7737bef 100644 (file)
@@ -67,6 +67,7 @@
 #include <linux/mm.h>
 #include <linux/swap.h>
 #include <linux/rcupdate.h>
+#include <linux/kallsyms.h>
 #include <linux/stacktrace.h>
 #include <linux/resource.h>
 #include <linux/module.h>
@@ -386,17 +387,19 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns,
                          struct pid *pid, struct task_struct *task)
 {
        unsigned long wchan;
+       char symname[KSYM_NAME_LEN];
 
-       if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
-               wchan = get_wchan(task);
-       else
-               wchan = 0;
+       if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
+               goto print0;
 
-       if (wchan)
-               seq_printf(m, "%ps", (void *) wchan);
-       else
-               seq_putc(m, '0');
+       wchan = get_wchan(task);
+       if (wchan && !lookup_symbol_name(wchan, symname)) {
+               seq_puts(m, symname);
+               return 0;
+       }
 
+print0:
+       seq_putc(m, '0');
        return 0;
 }
 #endif /* CONFIG_KALLSYMS */