| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Jun 2016 10:48:10 +0100 From: Mark Rutland <mark.rutland@....com> To: Laura Abbott <labbott@...hat.com> Cc: Ard Biesheuvel <ard.biesheuvel@...aro.org>, Will Deacon <will.deacon@....com>, Catalin Marinas <catalin.marinas@....com>, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] arm64: Handle el1 synchronous instruction aborts cleanly On Thu, Jun 09, 2016 at 06:42:08PM -0700, Laura Abbott wrote: > Executing from a non-executable area gives an ugly message: > > lkdtm: Performing direct entry EXEC_RODATA > lkdtm: attempting ok execution at ffff0000084c0e08 > lkdtm: attempting bad execution at ffff000008880700 > Bad mode in Synchronous Abort handler detected on CPU2, code 0x8400000e -- IABT (current EL) > CPU: 2 PID: 998 Comm: sh Not tainted 4.7.0-rc2+ #13 > > The 'IABT (current EL)' indicates the error but isn't as obvious as a > regular fault message. The increase in kernel page permissions makes > hitting this case more likely and bad mode should not be a common > ocurrence. Handle this case in the vectors to give a better message. Could you add something about why the new message will be better? e.g. do we get more info, is it more consistent with the behaviour of other architectures? Bad mode is still a rare occurrence, even if triggered deliberately by a test, but anything that makes debugging easier is good! > Signed-off-by: Laura Abbott <labbott@...hat.com> > --- > Came up during some lkdtm testing > http://article.gmane.org/gmane.linux.kernel.hardened.devel/2524 > --- > arch/arm64/kernel/entry.S | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > > diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S > index 12e8d2b..37f3694 100644 > --- a/arch/arm64/kernel/entry.S > +++ b/arch/arm64/kernel/entry.S > @@ -336,6 +336,8 @@ el1_sync: > lsr x24, x1, #ESR_ELx_EC_SHIFT // exception class > cmp x24, #ESR_ELx_EC_DABT_CUR // data abort in EL1 > b.eq el1_da > + cmp x24, #ESR_ELx_EC_IABT_CUR // instruction abort in EL1 > + b.eq el1_ia > cmp x24, #ESR_ELx_EC_SYS64 // configurable trap > b.eq el1_undef > cmp x24, #ESR_ELx_EC_SP_ALIGN // stack alignment exception > @@ -347,6 +349,23 @@ el1_sync: > cmp x24, #ESR_ELx_EC_BREAKPT_CUR // debug exception in EL1 > b.ge el1_dbg > b el1_inv > +el1_ia: > + /* > + * Instruction abort handling > + */ > + mrs x0, far_el1 > + enable_dbg > + // re-enable interrupts if they were enabled in the aborted context > + tbnz x23, #7, 1f // PSR_I_BIT > + enable_irq > + orr x1, x1, #1 << 24 // use reserved ISS bit for instruction aborts I'm planning to kill ESR_LNX_EXEC (the reserved ISS bit here), for v4.8 [1,2], so we'll need to figure out how to avoid problems when merging. My patch only handles the ESR_ELx_EC_IABT_LOW case, but it should be simple to add ESR_ELx_EC_IABT_CUR. If you're happy for me to do so, I could take this into my ESR_LNX_EXEC series. > +1: > + mov x2, sp // struct pt_regs > + bl do_mem_abort > + > + // disable interrupts before pulling preserved data off the stack > + disable_irq > + kernel_exit 1 > el1_da: > /* > * Data abort handling > -- > 2.5.5 > Otherwise this looks good to me. Modulo the above: Acked-by: Mark Rutland <mark.rutland@....com> Thanks, Mark. [1] http://lists.infradead.org/pipermail/linux-arm-kernel/2016-May/432107.html [2] http://lists.infradead.org/pipermail/linux-arm-kernel/2016-June/433682.html
Powered by blists - more mailing lists