| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1585635379.0xixuk2jdc.naveen@linux.ibm.com>
Date: Tue, 31 Mar 2020 11:47:39 +0530
From: "Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com>
To: Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Christophe Leroy <christophe.leroy@....fr>,
Michael Ellerman <mpe@...erman.id.au>,
Paul Mackerras <paulus@...ba.org>
Cc: linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH 10/12] powerpc/entry32: Blacklist exception entry points
for kprobe.
Christophe Leroy wrote:
>
>
> Le 30/03/2020 à 20:33, Christophe Leroy a écrit :
>>
>>
>> Le 30/03/2020 à 19:08, Naveen N. Rao a écrit :
>>> Christophe Leroy wrote:
>>>> kprobe does not handle events happening in real mode.
>>>>
>>>> As exception entry points are running with MMU disabled,
>>>> blacklist them.
>>>>
>>>> Signed-off-by: Christophe Leroy <christophe.leroy@....fr>
>>>> ---
>>>> arch/powerpc/kernel/entry_32.S | 7 +++++++
>>>> 1 file changed, 7 insertions(+)
>>>>
>>>> diff --git a/arch/powerpc/kernel/entry_32.S
>>>> b/arch/powerpc/kernel/entry_32.S
>>>> index 94f78c03cb79..9a1a45d6038a 100644
>>>> --- a/arch/powerpc/kernel/entry_32.S
>>>> +++ b/arch/powerpc/kernel/entry_32.S
>>>> @@ -51,6 +51,7 @@ mcheck_transfer_to_handler:
>>>> mfspr r0,SPRN_DSRR1
>>>> stw r0,_DSRR1(r11)
>>>> /* fall through */
>>>> +_ASM_NOKPROBE_SYMBOL(mcheck_transfer_to_handler)
>>>>
>>>> .globl debug_transfer_to_handler
>>>> debug_transfer_to_handler:
>>>> @@ -59,6 +60,7 @@ debug_transfer_to_handler:
>>>> mfspr r0,SPRN_CSRR1
>>>> stw r0,_CSRR1(r11)
>>>> /* fall through */
>>>> +_ASM_NOKPROBE_SYMBOL(debug_transfer_to_handler)
>>>>
>>>> .globl crit_transfer_to_handler
>>>> crit_transfer_to_handler:
>>>> @@ -94,6 +96,7 @@ crit_transfer_to_handler:
>>>> rlwinm r0,r1,0,0,(31 - THREAD_SHIFT)
>>>> stw r0,KSP_LIMIT(r8)
>>>> /* fall through */
>>>> +_ASM_NOKPROBE_SYMBOL(crit_transfer_to_handler)
>>>> #endif
>>>>
>>>> #ifdef CONFIG_40x
>>>> @@ -115,6 +118,7 @@ crit_transfer_to_handler:
>>>> rlwinm r0,r1,0,0,(31 - THREAD_SHIFT)
>>>> stw r0,KSP_LIMIT(r8)
>>>> /* fall through */
>>>> +_ASM_NOKPROBE_SYMBOL(crit_transfer_to_handler)
>>>> #endif
>>>>
>>>> /*
>>>> @@ -127,6 +131,7 @@ crit_transfer_to_handler:
>>>> .globl transfer_to_handler_full
>>>> transfer_to_handler_full:
>>>> SAVE_NVGPRS(r11)
>>>> +_ASM_NOKPROBE_SYMBOL(transfer_to_handler_full)
>>>> /* fall through */
>>>>
>>>> .globl transfer_to_handler
>>>> @@ -286,6 +291,8 @@ reenable_mmu:
>>>> lwz r2, GPR2(r11)
>>>> b fast_exception_return
>>>> #endif
>>>> +_ASM_NOKPROBE_SYMBOL(transfer_to_handler)
>>>> +_ASM_NOKPROBE_SYMBOL(transfer_to_handler_cont)
>>>
>>> These are added after 'reenable_mmu', which is itself not blacklisted.
>>> Is that intentional?
>>
>> Yes I put it as the complete end of the entry part, ie just before
>> stack_ovf which is a function by itself.
>>
>> Note that reenable_mmu is inside an #ifdef CONFIG_TRACE_IRQFLAGS.
>>
>> I'm not completely sure where to put the _ASM_NOKPROBE_SYMBOL()s, that's
>> the reason why I put it close to the symbol itself in my first series.
>>
>> Could you have a look at the code and tell me what looks the most
>> appropriate as a location to you ?
>>
>> https://elixir.bootlin.com/linux/v5.6/source/arch/powerpc/kernel/entry_32.S#L230
>
> Ok, thinking about it once more, I guess we have a problem as everything
> after that reenable_mmu will be visible.
I see that we reach reenable_mmu through a 'rfi' with MSR_KERNEL, which
seems safe to me. So, I figured it can be probed without issues?
- Naveen
Powered by blists - more mailing lists