From: Nick Alcock <nick.alcock@oracle.com>
Date: Tue, 6 Oct 2015 21:06:28 +0000 (+0100)
Subject: dtrace: add missing dtrace_*canload() for copyout() and copyoutstr().
X-Git-Tag: v4.1.12-111.0.20170907_2225~3^2~3^2~59
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=cea402192274d90729e0b9befd3d735bf518b0e7;p=users%2Fjedix%2Flinux-maple.git

dtrace: add missing dtrace_*canload() for copyout() and copyoutstr().

On Solaris, where unprivileged tracing is permitted and zone tracing is
implemented, this is a security hole since it allows breaking through
both zone and unprivileged-dtrace boundaries.  Linux does not implement
either of these, so this fix is currently unobservable here.

Originally reported as a Solaris DTrace bug, it seems worth fixing here
too, against the day when we implement unprivileged tracing.

Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
Acked-by: Kris Van Hees <kris.van.hees@oracle.com>
---

diff --git a/dtrace/dtrace_dif.c b/dtrace/dtrace_dif.c
index d09e17d8b78d4..9f830e15a06a7 100644
--- a/dtrace/dtrace_dif.c
+++ b/dtrace/dtrace_dif.c
@@ -2679,7 +2679,8 @@ static void dtrace_dif_subr(uint_t subr, uint_t rd, uint64_t *regs,
 
 		if (!dtrace_destructive_disallow &&
 		    dtrace_priv_proc_control(state) &&
-		    !dtrace_istoxic(kaddr, size)) {
+		    !dtrace_istoxic(kaddr, size) &&
+		    dtrace_canload(kaddr, size, mstate, vstate)) {
 			DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
 			dtrace_copyout(kaddr, uaddr, size, flags);
 			DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);
@@ -2694,7 +2695,8 @@ static void dtrace_dif_subr(uint_t subr, uint_t rd, uint64_t *regs,
 
 		if (!dtrace_destructive_disallow &&
 		    dtrace_priv_proc_control(state) &&
-		    !dtrace_istoxic(kaddr, size)) {
+		    !dtrace_istoxic(kaddr, size) &&
+		    dtrace_strcanload(kaddr, size, mstate, vstate)) {
 			DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
 			dtrace_copyoutstr(kaddr, uaddr, size, flags);
 			DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT);