lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 5 Feb 2019 15:06:10 +0000
From:   Kees Cook <keescook@...omium.org>
To:     Mathieu Desnoyers <mathieu.desnoyers@...icios.com>
Cc:     William Cohen <wcohen@...hat.com>,
        "# 3.4.x" <stable@...r.kernel.org>,
        Laura Abbott <labbott@...hat.com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Russell King <rmk+kernel@...linux.org.uk>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        lttng@...iableembeddedsystems.com,
        lttng-dev <lttng-dev@...ts.lttng.org>
Subject: Re: BUG: optimized kprobes illegal instructions in v4.19 stable kernels

On Mon, Feb 4, 2019 at 7:15 PM Mathieu Desnoyers
<mathieu.desnoyers@...icios.com> wrote:
>
> Hi,
>
> I notice this commit as a possible culprit of the illegal instructions my lttng
> users are noticing on arm32 when using kprobes on a v4.19.13 Linux kernel
> in a Yocto environment [1]. They were able to reproduce the issue with perf
> as well.
>
> commit e46daee53bb50bde38805f1823a182979724c229
> Author: Kees Cook <keescook@...omium.org>
> Date:   Tue Oct 30 22:12:56 2018 +0100
>
>     ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE
>
> I *think* the intent there was to do
>
> -       memcpy(code, &optprobe_template_entry,
> +       memcpy(code, (unsigned long *)&optprobe_template_entry,
>
> But if you look at the commit, the "&" seems to have been stripped away,
> which happens to change the behavior significantly.

Yeah, this was a typo on my part. :(

> Has this change ever been runtime-tested ?

I thought I had, given the details from the original bug report, but
clearly it didn't exercise it.

Thanks for fixing this!

-Kees

>
> It has been backported to:
> - 4.19 stable as commit 3fe0c68aea21
> - 4.14 stable as commit f9e0bc710347
>
> Thanks,
>
> Mathieu
>
> [1] https://bugs.lttng.org/issues/1174
>
> --
> Mathieu Desnoyers
> EfficiOS Inc.
> http://www.efficios.com



-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ