Usercopy WARNs about copying ve.core_pattern to user space: vzctl exec e2783e5e-840e-4c9a-9ef2-7ead73afb81c cat /proc/sys/kernel/core_pattern ------------[ cut here ]------------ Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 've_struct' (offset 704, size 4)! WARNING: CPU: 2 PID: 2169 at mm/usercopy.c:78 usercopy_warn+0x7d/0xa0 CPU: 2 PID: 2169 Comm: cat ve: e2783e5e-840e-4c9a-9ef2-7ead73afb81c Not tainted 4.18.0.ovz.custom #93 custom
Call Trace: __check_object_size+0x134/0x160 proc_dostring+0x164/0x200 proc_dostring_coredump_virtual+0xb2/0xd0 proc_dostring+0x200/0x200 proc_sys_call_handler+0xa7/0xf0 vfs_read+0x9d/0x150 ksys_read+0x4f/0xb0 do_syscall_64+0x5b/0x1c0 entry_SYSCALL_64_after_hwframe+0x65/0xca Whitelist core_pattern in ve_struct kmem_cache since copying core_pattern is allowed by design. https://jira.sw.ru/browse/PSBM-106216 Signed-off-by: Andrey Ryabinin <aryabi...@virtuozzo.com> --- kernel/ve/ve.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c index befc5163cfe6..1688407562d4 100644 --- a/kernel/ve/ve.c +++ b/kernel/ve/ve.c @@ -1016,7 +1016,7 @@ EXPORT_SYMBOL_GPL(ve_cgrp_subsys); static int __init ve_subsys_init(void) { - ve_cachep = KMEM_CACHE(ve_struct, SLAB_PANIC); + ve_cachep = KMEM_CACHE_USERCOPY(ve_struct, SLAB_PANIC, core_pattern); list_add(&ve0.ve_list, &ve_list_head); return 0; } -- 2.26.2 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel