Merge tag 'v4.18.14' into kernel-4.18

[android-x86/kernel.git] / fs / proc / base.c

diff --git a/fs/proc/base.c b/fs/proc/base.c
index de62175..988c66e 100644 (file)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -408,6 +408,20 @@ static int proc_pid_stack(struct seq_file *m, struct pid_namespace *ns,
        unsigned long *entries;
        int err;
 
+       /*
+        * The ability to racily run the kernel stack unwinder on a running task
+        * and then observe the unwinder output is scary; while it is useful for
+        * debugging kernel issues, it can also allow an attacker to leak kernel
+        * stack contents.
+        * Doing this in a manner that is at least safe from races would require
+        * some work to ensure that the remote task can not be scheduled; and
+        * even then, this would still expose the unwinder as local attack
+        * surface.
+        * Therefore, this interface is restricted to root.
+        */
+       if (!file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN))
+               return -EACCES;
+
        entries = kmalloc_array(MAX_STACK_TRACE_DEPTH, sizeof(*entries),
                                GFP_KERNEL);
        if (!entries)