ACK: [PATCH][Focal:linux-oem-5.6, Groovy:linux] misc: fastrpc: restrict user apps from sending kernel RPC messages
Kleber Souza
kleber.souza at canonical.com
Fri Apr 9 16:13:34 UTC 2021
On 08.04.21 22:32, Tim Gardner wrote:
> From: Dmitry Baryshkov <dmitry.baryshkov at linaro.org>
>
> CVE-2021-28375
>
> Verify that user applications are not using the kernel RPC message
> handle to restrict them from directly attaching to guest OS on the
> remote subsystem. This is a port of CVE-2019-2308 fix.
>
> Fixes: c68cfb718c8f ("misc: fastrpc: Add support for context Invoke method")
> Cc: Srinivas Kandagatla <srinivas.kandagatla at linaro.org>
> Cc: Jonathan Marek <jonathan at marek.ca>
> Cc: stable at vger.kernel.org
> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov at linaro.org>
> Link: https://lore.kernel.org/r/20210212192658.3476137-1-dmitry.baryshkov@linaro.org
> Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
> (cherry picked from commit 20c40794eb85ea29852d7bc37c55713802a543d6)
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Thanks
> ---
> drivers/misc/fastrpc.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c
> index e3e085e33d46..547d4ae57f26 100644
> --- a/drivers/misc/fastrpc.c
> +++ b/drivers/misc/fastrpc.c
> @@ -935,6 +935,11 @@ static int fastrpc_internal_invoke(struct fastrpc_user *fl, u32 kernel,
> if (!fl->cctx->rpdev)
> return -EPIPE;
>
> + if (handle == FASTRPC_INIT_HANDLE && !kernel) {
> + dev_warn_ratelimited(fl->sctx->dev, "user app trying to send a kernel RPC message (%d)\n", handle);
> + return -EPERM;
> + }
> +
> ctx = fastrpc_context_alloc(fl, kernel, sc, args);
> if (IS_ERR(ctx))
> return PTR_ERR(ctx);
>
More information about the kernel-team
mailing list