lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 16 Feb 2017 11:06:12 +0000
From:   Mark Rutland <mark.rutland@....com>
To:     Stephen Boyd <stephen.boyd@...aro.org>
CC:     Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will.deacon@....com>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-kernel@...r.kernel.org>, Laura Abbott <labbott@...hat.com>,
        <james.morse@....com>
Subject: Re: [PATCH] arm64: print a fault message when attempting to write RO
 memory

Hi,

On Wed, Feb 15, 2017 at 05:54:08PM -0800, Stephen Boyd wrote:
> If a page is marked read only we should print out that fact,
> instead of printing out that there was a page fault. Right now we
> get a cryptic error message that something went wrong with an
> unhandled fault, but we don't evaluate the esr to figure out that
> it was a read/write permission fault.
>
> Instead of seeing:
>
>   Unable to handle kernel paging request at virtual address ffff000008e460d8
>   pgd = ffff800003504000
>   [ffff000008e460d8] *pgd=0000000083473003, *pud=0000000083503003, *pmd=0000000000000000
>   Internal error: Oops: 9600004f [#1] PREEMPT SMP
>
> we'll see:
>
>   Internal error: Attempting to write read-only memory: 9600004f [#1] PREEMPT SMP

It's less than ideal to lose the fault address here. Arguably we should
also log that for the userspace cases.

It would also be nice to keep the table dump for the kernel fault case,
since dodgy page tables are a likely case there.

> @@ -331,6 +331,11 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr,
>
>               if (!search_exception_tables(regs->pc))
>                       die("Accessing user space memory outside uaccess.h routines", regs, esr);
> +     } else if (is_permission_fault(esr, regs)) {
> +             if (esr & ESR_ELx_WNR)
> +                     die("Attempting to write read-only memory", regs, esr);
> +             else
> +                     die("Attempting to read unreadable memory", regs, esr);
>       }

We won't have looked at the exception tables yet, so won't this make
probe_kernel_{read,write}(), or any other extable users unsafe?

Could we update __do_kernel_fault() to report faults more thoroughly
instead?

Thanks,
Mark.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ