lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 27 Nov 2019 14:56:41 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     Ingo Molnar <mingo@...nel.org>
Cc:     Steven Rostedt <rostedt@...dmis.org>,
        Peter Zijlstra <peterz@...radead.org>, x86@...nel.org,
        linux-kernel@...r.kernel.org, bristot@...hat.com,
        jbaron@...mai.com, torvalds@...ux-foundation.org,
        tglx@...utronix.de, namit@...are.com, hpa@...or.com,
        luto@...nel.org, ard.biesheuvel@...aro.org, jpoimboe@...hat.com,
        jeyu@...nel.org, alexei.starovoitov@...il.com,
        Masami Hiramatsu <mhiramat@...nel.org>
Subject: [PATCH -tip 0/2] x86/kprobes: Fix 2 issues related to text_poke_bp and optprobe

Hi,

Here are the patches which I've faced while testing ftracetest
without function tracer. While investigating I found there were
2 different bugs there.

The 1st bug is a timing bug caused by wrong global variable
update and syncing in text_poke_bp_batch(). This can cause a
kernel panic if we hit int3 in between bp_patching.vec = NULL
and bp_patching.nr_entries = 0. This is actually a wrong order
and no synchronization. Steve suggested we can fix it with
reordering and adding sync_core() between them.

The 2nd bug is in the optprobe, which is caused by wrong flag
update order. Currently kprobes update optimized flag before
unoptimizing code. But if the kprobe is hit unoptimizing
intermediate state, it can go back from int3 to the middle of
modified instruction and cause a kernel panic. This can be
fixed by updating flag after unoptimized code. 

Thank you,

---

Masami Hiramatsu (2):
      x86/alternative: Sync bp_patching update for avoiding NULL pointer exception
      kprobes: Set unoptimized flag after unoptimizing code


 arch/x86/kernel/alternative.c |    8 +++++++-
 kernel/kprobes.c              |    4 +++-
 2 files changed, 10 insertions(+), 2 deletions(-)

--
Masami Hiramatsu (Linaro) <mhiramat@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ