[PATCH -tip] kprobes: Prohibit probing on BUG() and WARN() address

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH -tip] kprobes: Prohibit probing on BUG() and WARN() address
@ 2019-09-02 11:06 Masami Hiramatsu
  2019-09-02 14:45 ` kbuild test robot
  2019-09-02 15:48 ` kbuild test robot
  0 siblings, 2 replies; 4+ messages in thread
From: Masami Hiramatsu @ 2019-09-02 11:06 UTC (permalink / raw)
  To: Ingo Molnar
  Cc: Steven Rostedt, Masami Hiramatsu, Naveen N . Rao,
	Anil S Keshavamurthy, David S . Miller, linux-kernel

Since BUG() and WARN() may use a trap (e.g. UD2 on x86) to
get the address where the BUG() has occurred, kprobes can not
do single-step out-of-line that instruction. So prohibit
probing on such address.

Without this fix, if someone put a kprobe on WARN(), the
kernel will crash with invalid opcode error instead of
outputing warning message, because kernel can not find
correct bug address.

Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
---
 kernel/kprobes.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 452151e79535..771054401e35 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1514,7 +1514,8 @@ static int check_kprobe_address_safe(struct kprobe *p,
 	/* Ensure it is not in reserved area nor out of text */
 	if (!kernel_text_address((unsigned long) p->addr) ||
 	    within_kprobe_blacklist((unsigned long) p->addr) ||
-	    jump_label_text_reserved(p->addr, p->addr)) {
+	    jump_label_text_reserved(p->addr, p->addr) ||
+	    find_bug(p->addr)) {
 		ret = -EINVAL;
 		goto out;
 	}


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH -tip] kprobes: Prohibit probing on BUG() and WARN() address
  2019-09-02 11:06 [PATCH -tip] kprobes: Prohibit probing on BUG() and WARN() address Masami Hiramatsu
@ 2019-09-02 14:45 ` kbuild test robot
  2019-09-02 15:48 ` kbuild test robot
  1 sibling, 0 replies; 4+ messages in thread
From: kbuild test robot @ 2019-09-02 14:45 UTC (permalink / raw)
  To: Masami Hiramatsu
  Cc: kbuild-all, Ingo Molnar, Steven Rostedt, Masami Hiramatsu,
	Naveen N . Rao, Anil S Keshavamurthy, David S . Miller,
	linux-kernel

[-- Attachment #1: Type: text/plain, Size: 3499 bytes --]

Hi Masami,

I love your patch! Perhaps something to improve:

[auto build test WARNING on linus/master]
[cannot apply to v5.3-rc6 next-20190902]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Masami-Hiramatsu/kprobes-Prohibit-probing-on-BUG-and-WARN-address/20190902-211736
config: powerpc-defconfig (attached as .config)
compiler: powerpc64-linux-gcc (GCC) 7.4.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        GCC_VERSION=7.4.0 make.cross ARCH=powerpc 

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

   kernel/kprobes.c: In function 'check_kprobe_address_safe':
>> kernel/kprobes.c:1518:15: warning: passing argument 1 of 'find_bug' makes integer from pointer without a cast [-Wint-conversion]
         find_bug(p->addr)) {
                  ^
   In file included from arch/powerpc/include/asm/mmu.h:130:0,
                    from arch/powerpc/include/asm/lppaca.h:47,
                    from arch/powerpc/include/asm/paca.h:17,
                    from arch/powerpc/include/asm/current.h:13,
                    from include/linux/mutex.h:14,
                    from include/linux/notifier.h:14,
                    from include/linux/kprobes.h:22,
                    from kernel/kprobes.c:21:
   include/linux/bug.h:39:19: note: expected 'long unsigned int' but argument is of type 'kprobe_opcode_t * {aka unsigned int *}'
    struct bug_entry *find_bug(unsigned long bugaddr);
                      ^~~~~~~~

vim +/find_bug +1518 kernel/kprobes.c

  1502	
  1503	static int check_kprobe_address_safe(struct kprobe *p,
  1504					     struct module **probed_mod)
  1505	{
  1506		int ret;
  1507	
  1508		ret = arch_check_ftrace_location(p);
  1509		if (ret)
  1510			return ret;
  1511		jump_label_lock();
  1512		preempt_disable();
  1513	
  1514		/* Ensure it is not in reserved area nor out of text */
  1515		if (!kernel_text_address((unsigned long) p->addr) ||
  1516		    within_kprobe_blacklist((unsigned long) p->addr) ||
  1517		    jump_label_text_reserved(p->addr, p->addr) ||
> 1518		    find_bug(p->addr)) {
  1519			ret = -EINVAL;
  1520			goto out;
  1521		}
  1522	
  1523		/* Check if are we probing a module */
  1524		*probed_mod = __module_text_address((unsigned long) p->addr);
  1525		if (*probed_mod) {
  1526			/*
  1527			 * We must hold a refcount of the probed module while updating
  1528			 * its code to prohibit unexpected unloading.
  1529			 */
  1530			if (unlikely(!try_module_get(*probed_mod))) {
  1531				ret = -ENOENT;
  1532				goto out;
  1533			}
  1534	
  1535			/*
  1536			 * If the module freed .init.text, we couldn't insert
  1537			 * kprobes in there.
  1538			 */
  1539			if (within_module_init((unsigned long)p->addr, *probed_mod) &&
  1540			    (*probed_mod)->state != MODULE_STATE_COMING) {
  1541				module_put(*probed_mod);
  1542				*probed_mod = NULL;
  1543				ret = -ENOENT;
  1544			}
  1545		}
  1546	out:
  1547		preempt_enable();
  1548		jump_label_unlock();
  1549	
  1550		return ret;
  1551	}
  1552	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 25304 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH -tip] kprobes: Prohibit probing on BUG() and WARN() address
  2019-09-02 11:06 [PATCH -tip] kprobes: Prohibit probing on BUG() and WARN() address Masami Hiramatsu
  2019-09-02 14:45 ` kbuild test robot
@ 2019-09-02 15:48 ` kbuild test robot
  2019-09-03  9:31   ` Masami Hiramatsu
  1 sibling, 1 reply; 4+ messages in thread
From: kbuild test robot @ 2019-09-02 15:48 UTC (permalink / raw)
  To: Masami Hiramatsu
  Cc: kbuild-all, Ingo Molnar, Steven Rostedt, Masami Hiramatsu,
	Naveen N . Rao, Anil S Keshavamurthy, David S . Miller,
	linux-kernel

[-- Attachment #1: Type: text/plain, Size: 2885 bytes --]

Hi Masami,

I love your patch! Yet something to improve:

[auto build test ERROR on linus/master]
[cannot apply to v5.3-rc6 next-20190902]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Masami-Hiramatsu/kprobes-Prohibit-probing-on-BUG-and-WARN-address/20190902-211736
config: sparc64-allmodconfig (attached as .config)
compiler: sparc64-linux-gcc (GCC) 7.4.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        GCC_VERSION=7.4.0 make.cross ARCH=sparc64 

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   kernel/kprobes.c: In function 'check_kprobe_address_safe':
>> kernel/kprobes.c:1518:6: error: implicit declaration of function 'find_bug'; did you mean 'find_vma'? [-Werror=implicit-function-declaration]
         find_bug(p->addr)) {
         ^~~~~~~~
         find_vma
   cc1: some warnings being treated as errors

vim +1518 kernel/kprobes.c

  1502	
  1503	static int check_kprobe_address_safe(struct kprobe *p,
  1504					     struct module **probed_mod)
  1505	{
  1506		int ret;
  1507	
  1508		ret = arch_check_ftrace_location(p);
  1509		if (ret)
  1510			return ret;
  1511		jump_label_lock();
  1512		preempt_disable();
  1513	
  1514		/* Ensure it is not in reserved area nor out of text */
  1515		if (!kernel_text_address((unsigned long) p->addr) ||
  1516		    within_kprobe_blacklist((unsigned long) p->addr) ||
  1517		    jump_label_text_reserved(p->addr, p->addr) ||
> 1518		    find_bug(p->addr)) {
  1519			ret = -EINVAL;
  1520			goto out;
  1521		}
  1522	
  1523		/* Check if are we probing a module */
  1524		*probed_mod = __module_text_address((unsigned long) p->addr);
  1525		if (*probed_mod) {
  1526			/*
  1527			 * We must hold a refcount of the probed module while updating
  1528			 * its code to prohibit unexpected unloading.
  1529			 */
  1530			if (unlikely(!try_module_get(*probed_mod))) {
  1531				ret = -ENOENT;
  1532				goto out;
  1533			}
  1534	
  1535			/*
  1536			 * If the module freed .init.text, we couldn't insert
  1537			 * kprobes in there.
  1538			 */
  1539			if (within_module_init((unsigned long)p->addr, *probed_mod) &&
  1540			    (*probed_mod)->state != MODULE_STATE_COMING) {
  1541				module_put(*probed_mod);
  1542				*probed_mod = NULL;
  1543				ret = -ENOENT;
  1544			}
  1545		}
  1546	out:
  1547		preempt_enable();
  1548		jump_label_unlock();
  1549	
  1550		return ret;
  1551	}
  1552	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 58667 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH -tip] kprobes: Prohibit probing on BUG() and WARN() address
  2019-09-02 15:48 ` kbuild test robot
@ 2019-09-03  9:31   ` Masami Hiramatsu
  0 siblings, 0 replies; 4+ messages in thread
From: Masami Hiramatsu @ 2019-09-03  9:31 UTC (permalink / raw)
  To: kbuild test robot
  Cc: kbuild-all, Ingo Molnar, Steven Rostedt, Naveen N . Rao,
	Anil S Keshavamurthy, David S . Miller, linux-kernel

Oops, for sparc64 and ppc64, we have to check the CONFIG_GENERIC_BUG...

On Mon, 2 Sep 2019 23:48:41 +0800
kbuild test robot <lkp@intel.com> wrote:

> Hi Masami,
> 
> I love your patch! Yet something to improve:
> 
> [auto build test ERROR on linus/master]
> [cannot apply to v5.3-rc6 next-20190902]
> [if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
> 
> url:    https://github.com/0day-ci/linux/commits/Masami-Hiramatsu/kprobes-Prohibit-probing-on-BUG-and-WARN-address/20190902-211736
> config: sparc64-allmodconfig (attached as .config)
> compiler: sparc64-linux-gcc (GCC) 7.4.0
> reproduce:
>         wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
>         chmod +x ~/bin/make.cross
>         # save the attached .config to linux build tree
>         GCC_VERSION=7.4.0 make.cross ARCH=sparc64 
> 
> If you fix the issue, kindly add following tag
> Reported-by: kbuild test robot <lkp@intel.com>
> 
> All errors (new ones prefixed by >>):
> 
>    kernel/kprobes.c: In function 'check_kprobe_address_safe':
> >> kernel/kprobes.c:1518:6: error: implicit declaration of function 'find_bug'; did you mean 'find_vma'? [-Werror=implicit-function-declaration]
>          find_bug(p->addr)) {
>          ^~~~~~~~
>          find_vma
>    cc1: some warnings being treated as errors
> 
> vim +1518 kernel/kprobes.c
> 
>   1502	
>   1503	static int check_kprobe_address_safe(struct kprobe *p,
>   1504					     struct module **probed_mod)
>   1505	{
>   1506		int ret;
>   1507	
>   1508		ret = arch_check_ftrace_location(p);
>   1509		if (ret)
>   1510			return ret;
>   1511		jump_label_lock();
>   1512		preempt_disable();
>   1513	
>   1514		/* Ensure it is not in reserved area nor out of text */
>   1515		if (!kernel_text_address((unsigned long) p->addr) ||
>   1516		    within_kprobe_blacklist((unsigned long) p->addr) ||
>   1517		    jump_label_text_reserved(p->addr, p->addr) ||
> > 1518		    find_bug(p->addr)) {
>   1519			ret = -EINVAL;
>   1520			goto out;
>   1521		}
>   1522	
>   1523		/* Check if are we probing a module */
>   1524		*probed_mod = __module_text_address((unsigned long) p->addr);
>   1525		if (*probed_mod) {
>   1526			/*
>   1527			 * We must hold a refcount of the probed module while updating
>   1528			 * its code to prohibit unexpected unloading.
>   1529			 */
>   1530			if (unlikely(!try_module_get(*probed_mod))) {
>   1531				ret = -ENOENT;
>   1532				goto out;
>   1533			}
>   1534	
>   1535			/*
>   1536			 * If the module freed .init.text, we couldn't insert
>   1537			 * kprobes in there.
>   1538			 */
>   1539			if (within_module_init((unsigned long)p->addr, *probed_mod) &&
>   1540			    (*probed_mod)->state != MODULE_STATE_COMING) {
>   1541				module_put(*probed_mod);
>   1542				*probed_mod = NULL;
>   1543				ret = -ENOENT;
>   1544			}
>   1545		}
>   1546	out:
>   1547		preempt_enable();
>   1548		jump_label_unlock();
>   1549	
>   1550		return ret;
>   1551	}
>   1552	
> 
> ---
> 0-DAY kernel test infrastructure                Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all                   Intel Corporation


-- 
Masami Hiramatsu <mhiramat@kernel.org>

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-09-03  9:31 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-02 11:06 [PATCH -tip] kprobes: Prohibit probing on BUG() and WARN() address Masami Hiramatsu
2019-09-02 14:45 ` kbuild test robot
2019-09-02 15:48 ` kbuild test robot
2019-09-03  9:31   ` Masami Hiramatsu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox