Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 25 Feb 2022 07:06:48 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 262186] cpu_procctl() should check target process debug permission for some commands?
Message-ID:  <bug-262186-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262186

            Bug ID: 262186
           Summary: cpu_procctl() should check target process debug
                    permission for some commands?
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: sigsys@gmail.com

kern_procctl() generally checks it for commands that change something, but =
when
it passes the command to cpu_procctl() there's no check.

diff --git a/sys/amd64/amd64/vm_machdep.c b/sys/amd64/amd64/vm_machdep.c
index 232e53c63952..8a336ad70fcb 100644
--- a/sys/amd64/amd64/vm_machdep.c
+++ b/sys/amd64/amd64/vm_machdep.c
@@ -490,6 +490,7 @@ cpu_procctl(struct thread *td, int idtype, id_t id, int
com, void *data)
 {
        struct proc *p;
        int error, val;
+       bool need_candebug;

        switch (com) {
        case PROC_KPTI_CTL:
@@ -507,10 +508,12 @@ cpu_procctl(struct thread *td, int idtype, id_t id, i=
nt
com, void *data)
                                break;
                }
                if (com =3D=3D PROC_KPTI_CTL || com =3D=3D PROC_LA_CTL) {
+                       need_candebug =3D true;
                        error =3D copyin(data, &val, sizeof(val));
                        if (error !=3D 0)
                                break;
-               }
+               } else
+                       need_candebug =3D false;
                if (com =3D=3D PROC_KPTI_CTL &&
                    val !=3D PROC_KPTI_CTL_ENABLE_ON_EXEC &&
                    val !=3D PROC_KPTI_CTL_DISABLE_ON_EXEC) {
@@ -524,7 +527,8 @@ cpu_procctl(struct thread *td, int idtype, id_t id, int
com, void *data)
                        error =3D EINVAL;
                        break;
                }
-               error =3D pget(id, PGET_CANSEE | PGET_NOTWEXIT | PGET_NOTID=
, &p);
+               error =3D pget(id, (need_candebug ? PGET_CANDEBUG : PGET_CA=
NSEE)
|
+                   PGET_NOTWEXIT | PGET_NOTID, &p);
                if (error !=3D 0)
                        break;
                switch (com) {

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-262186-227>