proc: check permissions earlier for /proc/*/wchan

get_wchan() accesses stack page before permissions are checked, let's
not play this game.

Link: http://lkml.kernel.org/r/20180217071923.GA16074@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/fs/proc/base.c b/fs/proc/base.c
index d53246863cfbdea26fecae460d44192b67bbd61e..d8b5a16534446028919ff55c1c99f31b880c6866 100644 (file)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -388,14 +388,17 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns,
        unsigned long wchan;
        char symname[KSYM_NAME_LEN];
 
-       wchan = get_wchan(task);
+       if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS))
+               goto print0;
 
-       if (wchan && ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)
-                       && !lookup_symbol_name(wchan, symname))
+       wchan = get_wchan(task);
+       if (wchan && !lookup_symbol_name(wchan, symname)) {
                seq_printf(m, "%s", symname);
-       else
-               seq_putc(m, '0');
+               return 0;
+       }
 
+print0:
+       seq_putc(m, '0');
        return 0;
 }
 #endif /* CONFIG_KALLSYMS */