From: Russell King - ARM Linux admin <linux@armlinux.org.uk>
To: Joel Stanley <joel@jms.id.au>
Cc: Kees Cook <keescook@chromium.org>,
Andrew Jeffery <andrew@aj.id.au>,
Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
mhiramat@kernel.org, Luka Oreskovic <luka.oreskovic@sartura.hr>,
labbott@redhat.com,
Linux ARM <linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH v2] ARM: kprobes: Avoid fortify_panic() when copying optprobe template
Date: Tue, 20 Oct 2020 11:13:24 +0100 [thread overview]
Message-ID: <20201020101324.GA1551@shell.armlinux.org.uk> (raw)
In-Reply-To: <CACPK8XeJzHOH-ErWB8ZZS1rMVcPJx0exjnB-va-vhuvGvwFWCQ@mail.gmail.com>
On Tue, Oct 20, 2020 at 05:32:26AM +0000, Joel Stanley wrote:
> On Fri, 9 Oct 2020 at 05:20, Joel Stanley <joel@jms.id.au> wrote:
> >
> > On Thu, 1 Oct 2020 at 04:30, Andrew Jeffery <andrew@aj.id.au> wrote:
> > >
> > > Setting both CONFIG_KPROBES=y and CONFIG_FORTIFY_SOURCE=y on ARM leads
> > > to a panic in memcpy() when injecting a kprobe despite the fixes found
> > > in commit e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with
> > > FORTIFY_SOURCE") and commit 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes:
> > > optimized kprobes illegal instruction").
> > >
> > > arch/arm/include/asm/kprobes.h effectively declares
> > > the target type of the optprobe_template_entry assembly label as a u32
> > > which leads memcpy()'s __builtin_object_size() call to determine that
> > > the pointed-to object is of size four. However, the symbol is used as a handle
> > > for the optimised probe assembly template that is at least 96 bytes in size.
> > > The symbol's use despite its type blows up the memcpy() in ARM's
> > > arch_prepare_optimized_kprobe() with a false-positive fortify_panic() when it
> > > should instead copy the optimised probe template into place:
> > >
> > > ```
> > > $ sudo perf probe -a aspeed_g6_pinctrl_probe
> > > [ 158.457252] detected buffer overflow in memcpy
> > >
> > > Fixes: e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE")
> > > Fixes: 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes: optimized kprobes illegal instruction")
> > > Cc: Luka Oreskovic <luka.oreskovic@sartura.hr>
> > > Cc: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
> > > Suggested-by: Kees Cook <keescook@chromium.org>
> > > Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
> >
> > Tested-by: Joel Stanley <joel@jms.id.au>
> > Reviewed-by: Joel Stanley <joel@jms.id.au>
> >
> > Thanks Andrew.
> >
> > > ---
> > > v1 was sent some time back, in May:
> > >
> > > https://lore.kernel.org/linux-arm-kernel/20200517153959.293224-1-andrew@aj.id.au/
>
> Russell, are you picking this fix up?
Sorry, but I don't "pick" patches off the mailing list. See my
signature.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Russell King - ARM Linux admin <linux@armlinux.org.uk>
To: Joel Stanley <joel@jms.id.au>
Cc: Andrew Jeffery <andrew@aj.id.au>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
mhiramat@kernel.org, labbott@redhat.com,
Kees Cook <keescook@chromium.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Luka Oreskovic <luka.oreskovic@sartura.hr>,
Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Subject: Re: [PATCH v2] ARM: kprobes: Avoid fortify_panic() when copying optprobe template
Date: Tue, 20 Oct 2020 11:13:24 +0100 [thread overview]
Message-ID: <20201020101324.GA1551@shell.armlinux.org.uk> (raw)
In-Reply-To: <CACPK8XeJzHOH-ErWB8ZZS1rMVcPJx0exjnB-va-vhuvGvwFWCQ@mail.gmail.com>
On Tue, Oct 20, 2020 at 05:32:26AM +0000, Joel Stanley wrote:
> On Fri, 9 Oct 2020 at 05:20, Joel Stanley <joel@jms.id.au> wrote:
> >
> > On Thu, 1 Oct 2020 at 04:30, Andrew Jeffery <andrew@aj.id.au> wrote:
> > >
> > > Setting both CONFIG_KPROBES=y and CONFIG_FORTIFY_SOURCE=y on ARM leads
> > > to a panic in memcpy() when injecting a kprobe despite the fixes found
> > > in commit e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with
> > > FORTIFY_SOURCE") and commit 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes:
> > > optimized kprobes illegal instruction").
> > >
> > > arch/arm/include/asm/kprobes.h effectively declares
> > > the target type of the optprobe_template_entry assembly label as a u32
> > > which leads memcpy()'s __builtin_object_size() call to determine that
> > > the pointed-to object is of size four. However, the symbol is used as a handle
> > > for the optimised probe assembly template that is at least 96 bytes in size.
> > > The symbol's use despite its type blows up the memcpy() in ARM's
> > > arch_prepare_optimized_kprobe() with a false-positive fortify_panic() when it
> > > should instead copy the optimised probe template into place:
> > >
> > > ```
> > > $ sudo perf probe -a aspeed_g6_pinctrl_probe
> > > [ 158.457252] detected buffer overflow in memcpy
> > >
> > > Fixes: e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE")
> > > Fixes: 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes: optimized kprobes illegal instruction")
> > > Cc: Luka Oreskovic <luka.oreskovic@sartura.hr>
> > > Cc: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
> > > Suggested-by: Kees Cook <keescook@chromium.org>
> > > Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
> >
> > Tested-by: Joel Stanley <joel@jms.id.au>
> > Reviewed-by: Joel Stanley <joel@jms.id.au>
> >
> > Thanks Andrew.
> >
> > > ---
> > > v1 was sent some time back, in May:
> > >
> > > https://lore.kernel.org/linux-arm-kernel/20200517153959.293224-1-andrew@aj.id.au/
>
> Russell, are you picking this fix up?
Sorry, but I don't "pick" patches off the mailing list. See my
signature.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
next prev parent reply other threads:[~2020-10-20 10:18 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-01 4:29 [PATCH v2] ARM: kprobes: Avoid fortify_panic() when copying optprobe template Andrew Jeffery
2020-10-01 4:29 ` Andrew Jeffery
2020-10-01 5:23 ` Masami Hiramatsu
2020-10-01 5:23 ` Masami Hiramatsu
2020-10-08 15:38 ` Luka Oreskovic
2020-10-08 15:38 ` Luka Oreskovic
2020-10-08 19:13 ` Juraj Vijtiuk
2020-10-08 19:13 ` Juraj Vijtiuk
2020-10-09 5:20 ` Joel Stanley
2020-10-09 5:20 ` Joel Stanley
2020-10-20 5:32 ` Joel Stanley
2020-10-20 5:32 ` Joel Stanley
2020-10-20 10:13 ` Russell King - ARM Linux admin [this message]
2020-10-20 10:13 ` Russell King - ARM Linux admin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201020101324.GA1551@shell.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=andrew@aj.id.au \
--cc=joel@jms.id.au \
--cc=juraj.vijtiuk@sartura.hr \
--cc=keescook@chromium.org \
--cc=labbott@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luka.oreskovic@sartura.hr \
--cc=mathieu.desnoyers@efficios.com \
--cc=mhiramat@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.