4461 – usb: mon: make mmapped memory read only

Bug 4461 - usb: mon: make mmapped memory read only

Summary: usb: mon: make mmapped memory read only

Status:	NEW

Alias:	None

Product:	ANCK 4.19 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	4.19-023.x
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	GuixinLiu
QA Contact:	shuming

URL:
Whiteboard:
Keywords:	Bugfix

Depends on:
Blocks:

Reported:	2023-03-09 15:40 UTC by WeiFeng
Modified:	2023-10-30 10:42 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description WeiFeng 2023-03-09 15:40:27 UTC

Description of problem:
Syzbot found an issue in usbmon module, where the user space client can
corrupt the monitor's internal memory, causing the usbmon module to
crash the kernel with segfault, UAF, etc.

The reproducer mmaps the /dev/usbmon memory to user space, and
overwrites it with arbitrary data, which causes all kinds of issues.

Version-Release number of selected component (if applicable):


How reproducible:
Return an -EPERM error from mon_bin_mmap() if the flag VM_WRTIE is set.
Also clear VM_MAYWRITE to make it impossible to change it to writable
later.

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info: