| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Mar 2016 10:47:43 +0530 From: Pratyush Anand <panand@...hat.com> To: James Morse <james.morse@....com> Cc: David Long <dave.long@...aro.org>, Will Deacon <will.deacon@....com>, Catalin Marinas <catalin.marinas@....com>, Sandeepa Prabhu <sandeepa.s.prabhu@...il.com>, William Cohen <wcohen@...hat.com>, Steve Capper <steve.capper@...aro.org>, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, Marc Zyngier <marc.zyngier@....com>, Dave P Martin <Dave.Martin@....com>, Mark Rutland <mark.rutland@....com>, Robin Murphy <Robin.Murphy@....com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, Jens Wiklander <jens.wiklander@...aro.org>, Christoffer Dall <christoffer.dall@...aro.org>, Alex Bennée <alex.bennee@...aro.org>, Yang Shi <yang.shi@...aro.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Viresh Kumar <viresh.kumar@...aro.org>, "Suzuki K. Poulose" <suzuki.poulose@....com>, Kees Cook <keescook@...omium.org>, Zi Shen Lim <zlim.lnx@...il.com>, John Blackwood <john.blackwood@...r.com>, Feng Kan <fkan@....com>, Balamurugan Shanmugam <bshanmugam@....com>, Vladimir Murzin <Vladimir.Murzin@....com>, Mark Salyzyn <salyzyn@...roid.com>, Petr Mladek <pmladek@...e.com>, Andrew Morton <akpm@...ux-foundation.org>, Mark Brown <broonie@...nel.org> Subject: Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist Hi James, On 18/03/2016:06:12:20 PM, James Morse wrote: > Hi Pratyush, > > On 18/03/16 14:43, Pratyush Anand wrote: > > On 18/03/2016:02:02:49 PM, James Morse wrote: > >> In kernel/entry.S when entered from EL0 we test for TIF_SINGLESTEP in the > >> thread_info flags, and use disable_step_tsk/enable_step_tsk to save/restore the > >> single-step state. > >> > >> Could we do this regardless of which EL we came from? > > > > Thanks for another idea. I think, we can not do this as it is, because > > TIF_SINGLESTEP will not be set for kprobe events. > > Hmmm, I see kernel_enable_single_step() doesn't set it, but setup_singlestep() > in patch 5 could... > > There is probably a good reason its never set for a kernel thread, I will have a > look at where else it is used. > > > > But, we can introduce a > > variant disable_step_kernel and enable_step_kernel, which can be called in > > el1_da. > > What about sp/pc misalignment, or undefined instructions? > Or worse... an irq occurs during your el1_da call (el1_da may re-enable irqs). > el1_irq doesn't know you were careful not to unmask debug exceptions, it blindly > turns them back on. > > The problem is the 'single step me' bit is still set, save/restoring it will > save us having to consider every interaction, (and then missing some!). > > It would also mean you don't have to disable interrupts while single stepping in > patch 5 (comment above kprobes_save_local_irqflag()). I see. kernel_enable_single_step() is called from watchpoint and kgdb handler. It seems to me that, similar issue may arise there as well. So, it would be a good idea to set TIF_SINGLESTEP in kernel_enable_single_step() and clear in kernel_disable_single_step(). Meanwhile, I prepared a test case to reproduce the issue without this patch. Instrumented a kprobe at an instruction of __copy_to_user() which stores in user space memory. I can see a sea of messages "Unexpected kernel single-step exception at EL1" within few seconds. While with patch[1] applied, I do not see any such messages. May be I can send [1] as RFC and seek feedback. ~Pratyush [1] https://github.com/pratyushanand/linux/commit/7623c8099ac22eaa00e7e0f52430f7a4bd154652
Powered by blists - more mailing lists