Re: [PATCH v2] ARM: kprobes: Avoid fortify_panic() when copying optprobe template - Russell King

From: Russell King - ARM Linux admin <linux@armlinux.org.uk>
To: Joel Stanley <joel@jms.id.au>
Cc: Kees Cook <keescook@chromium.org>,
	Andrew Jeffery <andrew@aj.id.au>,
	Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	mhiramat@kernel.org, Luka Oreskovic <luka.oreskovic@sartura.hr>,
	labbott@redhat.com,
	Linux ARM <linux-arm-kernel@lists.infradead.org>
Subject: Re: [PATCH v2] ARM: kprobes: Avoid fortify_panic() when copying optprobe template
Date: Tue, 20 Oct 2020 11:13:24 +0100	[thread overview]
Message-ID: <20201020101324.GA1551@shell.armlinux.org.uk> (raw)
In-Reply-To: <CACPK8XeJzHOH-ErWB8ZZS1rMVcPJx0exjnB-va-vhuvGvwFWCQ@mail.gmail.com>

On Tue, Oct 20, 2020 at 05:32:26AM +0000, Joel Stanley wrote:
> On Fri, 9 Oct 2020 at 05:20, Joel Stanley <joel@jms.id.au> wrote:
> >
> > On Thu, 1 Oct 2020 at 04:30, Andrew Jeffery <andrew@aj.id.au> wrote:
> > >
> > > Setting both CONFIG_KPROBES=y and CONFIG_FORTIFY_SOURCE=y on ARM leads
> > > to a panic in memcpy() when injecting a kprobe despite the fixes found
> > > in commit e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with
> > > FORTIFY_SOURCE") and commit 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes:
> > > optimized kprobes illegal instruction").
> > >
> > > arch/arm/include/asm/kprobes.h effectively declares
> > > the target type of the optprobe_template_entry assembly label as a u32
> > > which leads memcpy()'s __builtin_object_size() call to determine that
> > > the pointed-to object is of size four. However, the symbol is used as a handle
> > > for the optimised probe assembly template that is at least 96 bytes in size.
> > > The symbol's use despite its type blows up the memcpy() in ARM's
> > > arch_prepare_optimized_kprobe() with a false-positive fortify_panic() when it
> > > should instead copy the optimised probe template into place:
> > >
> > > ```
> > > $ sudo perf probe -a aspeed_g6_pinctrl_probe
> > > [  158.457252] detected buffer overflow in memcpy
> > >
> > > Fixes: e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE")
> > > Fixes: 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes: optimized kprobes illegal instruction")
> > > Cc: Luka Oreskovic <luka.oreskovic@sartura.hr>
> > > Cc: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
> > > Suggested-by: Kees Cook <keescook@chromium.org>
> > > Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
> >
> > Tested-by: Joel Stanley <joel@jms.id.au>
> > Reviewed-by: Joel Stanley <joel@jms.id.au>
> >
> > Thanks Andrew.
> >
> > > ---
> > > v1 was sent some time back, in May:
> > >
> > > https://lore.kernel.org/linux-arm-kernel/20200517153959.293224-1-andrew@aj.id.au/
> 
> Russell, are you picking this fix up?

Sorry, but I don't "pick" patches off the mailing list. See my
signature.

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel