| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Oct 2014 12:00:05 +0000 From: "Jon Medhurst (Tixy)" <tixy@...aro.org> To: Wang Nan <wangnan0@...wei.com> Cc: masami.hiramatsu.pt@...achi.com, linux@....linux.org.uk, will.deacon@....com, dave.long@...aro.org, taras.kondratiuk@...aro.org, ben.dooks@...ethink.co.uk, cl@...ux.com, rabin@....in, davem@...emloft.net, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, lizefan@...wei.com Subject: Re: [PATCH 4/4] ARM: kprobes: disallow probing stack consuming instructions On Sat, 2014-10-25 at 14:42 +0800, Wang Nan wrote: > This patch prohibit probing instructions for which the stack > requirement are unable to be determined statically. Some test cases > are found not work again after the modification, this patch also > removes them. > > Signed-off-by: Wang Nan <wangnan0@...wei.com> [...] > diff --git a/arch/arm/kernel/kprobes.c b/arch/arm/kernel/kprobes.c > index 618531d..59f5e64 100644 > --- a/arch/arm/kernel/kprobes.c > +++ b/arch/arm/kernel/kprobes.c > @@ -124,6 +124,14 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) > break; > } > > + /* > + * Unable to instrument insn like 'str r0, [sp, +/-r1]'. > + * __und_svc protects 64 bytes stack, so instrumenting insn > + * likes 'str r0, [sp, #-68]' should be prohibited. > + */ > + if ((p->ainsn.stack_space < 0) || (p->ainsn.stack_space > 64)) Rather than using the hard coded value 64 it would be safest to create a #define for the value (in arch/arm/include/asm/kprobes.h) and use that define in __und_svc too. Actually, there is already a define there for MAX_STACK_SIZE which is used as the size of the stack for jprobes and the amount copied by setjmp_pre_handler and longjmp_break_handler, which looks like it has the same purpose as we want i.e. allowing space for probed instructions to push things onto the stack. So we should probably use that define in this patch and update __und_svc too. Also, jprobe_return has this comment * We allocate some slack between the original SP and start of * our fabricated regs. To be precise we want to have worst case * covered which is STMFD with all 16 regs so we allocate 2 * * sizeof(struct_pt_regs)). * * This is to prevent any simulated instruction from writing * over the regs when they are accessing the stack. which looking at the code should probably more accurately specified as sizeof(struct_pt_regs)+MAX_STACK_SIZE rather than 2*sizeof(struct_pt_regs) I've not looked at the jprobes specific code before, so it would be good to have someone else's option on what I save above about how MAX_STACK_SIZE is and should be used. -- Tixy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists