fix: don't allow userspace copy to read kernel memory

[lttng-modules.git] / probes / lttng-probe-user.c

diff --git a/probes/lttng-probe-user.c b/probes/lttng-probe-user.c
index 4162a7e42d2d94942fa4d5927afff8f95660d807..c11e1e0f3b920779fa3466fa801219937e8e0ecf 100644 (file)
--- a/probes/lttng-probe-user.c
+++ b/probes/lttng-probe-user.c
@@ -7,8 +7,11 @@
 
 #include <linux/uaccess.h>
 #include <linux/module.h>
+#include <wrapper/uaccess.h>
 #include <probes/lttng-probe-user.h>
 
+#define LTTNG_MAX_USER_STRING_LEN 1048576 /* 1MB */
+
 /*
  * Calculate string length. Include final null terminating character if there is
  * one, or ends at first fault. Disabling page faults ensures that we can safely
@@ -18,19 +21,16 @@
 long lttng_strlen_user_inatomic(const char *addr)
 {
        long count = 0;
-       mm_segment_t old_fs;
 
        if (!addr)
                return 0;
 
-       old_fs = get_fs();
-       set_fs(KERNEL_DS);
        pagefault_disable();
        for (;;) {
                char v;
                unsigned long ret;
 
-               if (unlikely(!access_ok(VERIFY_READ,
+               if (unlikely(!lttng_access_ok(VERIFY_READ,
                                (__force const char __user *) addr,
                                sizeof(v))))
                        break;
@@ -40,12 +40,13 @@ long lttng_strlen_user_inatomic(const char *addr)
                if (unlikely(ret > 0))
                        break;
                count++;
+               if (unlikely(count > LTTNG_MAX_USER_STRING_LEN))
+                       break;
                if (unlikely(!v))
                        break;
                addr++;
        }
        pagefault_enable();
-       set_fs(old_fs);
        return count;
 }
 EXPORT_SYMBOL_GPL(lttng_strlen_user_inatomic);