lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 12 May 2016 15:49:30 +0100
From:	James Morse <james.morse@....com>
To:	David Long <dave.long@...aro.org>,
	Pratyush Anand <panand@...hat.com>
CC:	Catalin Marinas <catalin.marinas@....com>,
	Will Deacon <will.deacon@....com>,
	Sandeepa Prabhu <sandeepa.s.prabhu@...il.com>,
	William Cohen <wcohen@...hat.com>,
	Steve Capper <steve.capper@...aro.org>,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	Marc Zyngier <marc.zyngier@....com>,
	Dave P Martin <Dave.Martin@....com>,
	Mark Rutland <mark.rutland@....com>,
	Robin Murphy <Robin.Murphy@....com>,
	Ard Biesheuvel <ard.biesheuvel@...aro.org>,
	Jens Wiklander <jens.wiklander@...aro.org>,
	Christoffer Dall <christoffer.dall@...aro.org>,
	Alex Bennée 
	<alex.bennee@...aro.org>, Yang Shi <yang.shi@...aro.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Viresh Kumar <viresh.kumar@...aro.org>,
	"Suzuki K. Poulose" <suzuki.poulose@....com>,
	Kees Cook <keescook@...omium.org>,
	Zi Shen Lim <zlim.lnx@...il.com>,
	John Blackwood <john.blackwood@...r.com>,
	Feng Kan <fkan@....com>,
	Balamurugan Shanmugam <bshanmugam@....com>,
	Vladimir Murzin <Vladimir.Murzin@....com>,
	Mark Salyzyn <salyzyn@...roid.com>,
	Petr Mladek <pmladek@...e.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Mark Brown <broonie@...nel.org>
Subject: Re: [PATCH v12 06/10] arm64: Treat all entry code as non-kprobe-able

Hi David, Pratyush

On 27/04/16 19:53, David Long wrote:
> From: Pratyush Anand <panand@...hat.com>
> 
> Entry symbols are not kprobe safe. So blacklist them for kprobing.
> 
> Signed-off-by: Pratyush Anand <panand@...hat.com>

> diff --git a/arch/arm64/kernel/kprobes.c b/arch/arm64/kernel/kprobes.c
> index dfa1b1f..6a1292b 100644
> --- a/arch/arm64/kernel/kprobes.c
> +++ b/arch/arm64/kernel/kprobes.c
> @@ -29,6 +29,7 @@
>  #include <asm/system_misc.h>
>  #include <asm/insn.h>
>  #include <asm/uaccess.h>
> +#include <asm-generic/sections.h>
>  
>  #include "kprobes-arm64.h"
>  
> @@ -514,6 +515,15 @@ int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
>  	return 1;
>  }
>  
> +bool arch_within_kprobe_blacklist(unsigned long addr)
> +{
> +	return  (addr >= (unsigned long)__kprobes_text_start &&
> +		 addr < (unsigned long)__kprobes_text_end) ||
> +		(addr >= (unsigned long)__entry_text_start &&
> +		 addr < (unsigned long)__entry_text_end) ||
> +		 !!search_exception_tables(addr);
> +}
> +

Looking at __kvm_hyp_vector, we don't have support for handling breakpoints at
EL2, so we should forbid kprobing these address ranges too:
__hyp_text_start -> __hyp_text_end
__hyp_idmap_text_start -> __hyp_idmap_text_end

These can probably be guarded with is_kernel_in_hyp_mode(), if this is true then
we are running with VHE where this code runs at the same exception level as the
rest of the kernel, so we can probe them. (In this case you may want to add
'eret' to aarch64_insn_is_branch() in patch 2)


Probing things in the kernel idmap sounds dangerous! Lets blacklist that too:
__idmap_text_start -> __idmap_text_end



Thanks,

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ