Actually prevent the loading of unknown kernel headers

The previous fix didn't actually do anything but print a warning.
Actually fix the issue this time.

Resolves: RHEL-28768
CVE CVE-2024-2314

Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
This commit is contained in:
Jerome Marchand 2024-05-28 14:46:58 +02:00
parent 9c7c1e46ec
commit ecc2250aa4
3 changed files with 115 additions and 1 deletions

View File

@ -0,0 +1,33 @@
From 509b05f2790fd1f9e725e353521a5a555ca57aaf Mon Sep 17 00:00:00 2001
From: Chunsheng Luo <48231204+luochenglcs@users.noreply.github.com>
Date: Mon, 18 Mar 2024 00:09:21 +0800
Subject: [PATCH] clang: Fix file_exists_and_ownedby return value (#4935)
commit 008ea09 (clang: check header ownership) updates file_exists()
to file_exists_and_ownedby(), add verifies onwer, but the return value
is different from before, causing problems with the original code.
Signed-off-by: Chunsheng Luo <luochunsheng@ustc.edu>
Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
---
src/cc/frontends/clang/kbuild_helper.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/cc/frontends/clang/kbuild_helper.cc b/src/cc/frontends/clang/kbuild_helper.cc
index 1b291469..0387f872 100644
--- a/src/cc/frontends/clang/kbuild_helper.cc
+++ b/src/cc/frontends/clang/kbuild_helper.cc
@@ -143,8 +143,8 @@ int KBuildHelper::get_flags(const char *uname_machine, vector<string> *cflags) {
static inline int file_exists_and_ownedby(const char *f, uid_t uid)
{
struct stat buffer;
- int ret;
- if ((ret = stat(f, &buffer)) == 0) {
+ int ret = stat(f, &buffer) == 0;
+ if (ret) {
if (buffer.st_uid != uid) {
std::cout << "ERROR: header file ownership unexpected: " << std::string(f) << "\n";
return -1;
--
2.44.0

View File

@ -0,0 +1,76 @@
From 1d504ac46d2a0210813147b6a57d657b6c2a5d2e Mon Sep 17 00:00:00 2001
From: Jerome Marchand <jmarchan@redhat.com>
Date: Fri, 17 May 2024 15:36:07 +0200
Subject: [PATCH] clang: fail when the kheaders ownership is wrong (#4928)
(#4985)
file_exists_and_ownedby() returns -1 when the file exists but its
ownership is unexpected, which is very misleading since anything non
zero is interpreted as true and a function with such a name is
expected to return a boolean. So currently all this does, is write a
warning message, and continues as if nothing is wrong.
Make file_exists_and_ownedby() returns false when the ownership is
wrong and have get_proc_kheaders() fails when this happen. Also have
all the *exists* functions return bool to avoid such issues in the
future.
Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
---
src/cc/frontends/clang/kbuild_helper.cc | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/cc/frontends/clang/kbuild_helper.cc b/src/cc/frontends/clang/kbuild_helper.cc
index 0387f872..9dd3c3c8 100644
--- a/src/cc/frontends/clang/kbuild_helper.cc
+++ b/src/cc/frontends/clang/kbuild_helper.cc
@@ -140,20 +140,26 @@ int KBuildHelper::get_flags(const char *uname_machine, vector<string> *cflags) {
return 0;
}
-static inline int file_exists_and_ownedby(const char *f, uid_t uid)
+static inline bool file_exists(const char *f)
+{
+ struct stat buffer;
+ return (stat(f, &buffer) == 0);
+}
+
+static inline bool file_exists_and_ownedby(const char *f, uid_t uid)
{
struct stat buffer;
int ret = stat(f, &buffer) == 0;
if (ret) {
if (buffer.st_uid != uid) {
std::cout << "ERROR: header file ownership unexpected: " << std::string(f) << "\n";
- return -1;
+ return false;
}
}
return ret;
}
-static inline int proc_kheaders_exists(void)
+static inline bool proc_kheaders_exists(void)
{
return file_exists_and_ownedby(PROC_KHEADERS_PATH, 0);
}
@@ -221,8 +227,14 @@ int get_proc_kheaders(std::string &dirpath)
snprintf(dirpath_tmp, 256, "/tmp/kheaders-%s", uname_data.release);
dirpath = std::string(dirpath_tmp);
- if (file_exists_and_ownedby(dirpath_tmp, 0))
- return 0;
+ if (file_exists(dirpath_tmp)) {
+ if (file_exists_and_ownedby(dirpath_tmp, 0))
+ return 0;
+ else
+ // The path exists, but is owned by a non-root user
+ // Something fishy is going on
+ return -EEXIST;
+ }
// First time so extract it
return extract_kheaders(dirpath, uname_data);
--
2.44.0

View File

@ -9,7 +9,7 @@
Name: bcc Name: bcc
Version: 0.25.0 Version: 0.25.0
Release: 8%{?dist} Release: 9%{?dist}
Summary: BPF Compiler Collection (BCC) Summary: BPF Compiler Collection (BCC)
License: ASL 2.0 License: ASL 2.0
URL: https://github.com/iovisor/bcc URL: https://github.com/iovisor/bcc
@ -30,6 +30,8 @@ Patch12: %{name}-%{version}-Fix-compilation-error-when-built-with-llvm17.
Patch13: %{name}-%{version}-tools-tcpstates-fix-context-ptr-modified-error.patch Patch13: %{name}-%{version}-tools-tcpstates-fix-context-ptr-modified-error.patch
Patch14: %{name}-%{version}-tools-tcpstates-fix-IPv6-journal.patch Patch14: %{name}-%{version}-tools-tcpstates-fix-IPv6-journal.patch
Patch15: %{name}-%{version}-clang-check-header-ownership-4928.patch Patch15: %{name}-%{version}-clang-check-header-ownership-4928.patch
Patch16: %{name}-%{version}-clang-Fix-file_exists_and_ownedby-return-value-4935.patch
Patch17: %{name}-%{version}-clang-fail-when-the-kheaders-ownership-is-wrong-4928.patch
# Arches will be included as upstream support is added and dependencies are # Arches will be included as upstream support is added and dependencies are
# satisfied in the respective arches # satisfied in the respective arches
@ -227,6 +229,9 @@ done
%changelog %changelog
* Tue May 28 2024 Jerome Marchand <jmarchan@redhat.com> - 0.25.0-9
- Really prevent the loading of compromised headers (RHEL-28768, CVE-2024-2314)
* Tue Mar 12 2024 Jerome Marchand <jmarchan@redhat.com> - 0.25.0-8 * Tue Mar 12 2024 Jerome Marchand <jmarchan@redhat.com> - 0.25.0-8
- Check header ownership (RHEL-28768) - Check header ownership (RHEL-28768)