lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200723115216.GA17032@C02TD0UTHF1T.local>
Date:   Thu, 23 Jul 2020 12:52:16 +0100
From:   Mark Rutland <mark.rutland@....com>
To:     gregory.herrero@...cle.com
Cc:     linux-kernel@...r.kernel.org, rostedt@...dmis.org,
        stable@...r.kernel.org, will@...nel.org, catalin.marinas@....com
Subject: Re: [PATCH] recordmcount: only record relocation of type
 R_AARCH64_CALL26 on arm64.

Hi Gregory,

As a general thing, for patches affecting arm64 could you please Cc the
linx-arm-kernel mailing list (linux-arm-kernel@...ts.infradead.org).
Some folk working on arm/arm64 aren't subscribed to LKML, and it means
patches like this may get missed.

On Fri, Jul 17, 2020 at 04:33:38PM +0200, gregory.herrero@...cle.com wrote:
> From: Gregory Herrero <gregory.herrero@...cle.com>
> 
> Currently, if a section has a relocation to '_mcount' symbol, a new
> __mcount_loc entry will be added whatever the relocation type is.
> This is problematic when a relocation to '_mcount' is in the middle of a
> section and is not a call for ftrace use.
> 
> Such relocation could be generated with below code for example:
>     bool is_mcount(unsigned long addr)
>     {
>         return (target == (unsigned long) &_mcount);
>     }
> 
> With this snippet of code, ftrace will try to patch the mcount location
> generated by this code on module load and fail with:
> 
>     Call trace:
>      ftrace_bug+0xa0/0x28c
>      ftrace_process_locs+0x2f4/0x430
>      ftrace_module_init+0x30/0x38
>      load_module+0x14f0/0x1e78
>      __do_sys_finit_module+0x100/0x11c
>      __arm64_sys_finit_module+0x28/0x34
>      el0_svc_common+0x88/0x194
>      el0_svc_handler+0x38/0x8c
>      el0_svc+0x8/0xc
>     ---[ end trace d828d06b36ad9d59 ]---
>     ftrace failed to modify
>     [<ffffa2dbf3a3a41c>] 0xffffa2dbf3a3a41c
>      actual:   66:a9:3c:90
>     Initializing ftrace call sites
>     ftrace record flags: 2000000
>      (0)
>     expected tramp: ffffa2dc6cf66724

Which code specifically is this triggering for? Is this something in an
upstream kernel, or out-of-tree patches?

Can you say which toolchain you're using, too?

> So Limit the relocation type to R_AARCH64_CALL26 as in perl version of
> recordmcount.

Given our patching code expects each callsite to be:

	bl	_mcount

... this looks sane to me, and I *think* that's sound for modules too.

> Fixes: ed60453fa8f8 ("ARM: 6511/1: ftrace: add ARM support for C version of recordmcount")

That's a 32-bit arm commit. I suspect that was meant to be:

Fixes: af64d2aa872a1747 ("ftrace: Add arm64 support to recordmcount")

> Signed-off-by: Gregory Herrero <gregory.herrero@...cle.com>
> ---
>  scripts/recordmcount.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/scripts/recordmcount.c b/scripts/recordmcount.c
> index 7225107a9aaf..e59022b3f125 100644
> --- a/scripts/recordmcount.c
> +++ b/scripts/recordmcount.c
> @@ -434,6 +434,11 @@ static int arm_is_fake_mcount(Elf32_Rel const *rp)
>  	return 1;
>  }
>  
> +static int arm64_is_fake_mcount(Elf64_Rel const *rp)
> +{
> +	return ELF64_R_TYPE(w(rp->r_info)) != R_AARCH64_CALL26;
> +}
> +
>  /* 64-bit EM_MIPS has weird ELF64_Rela.r_info.
>   * http://techpubs.sgi.com/library/manuals/4000/007-4658-001/pdf/007-4658-001.pdf
>   * We interpret Table 29 Relocation Operation (Elf64_Rel, Elf64_Rela) [p.40]
> @@ -547,6 +552,7 @@ static int do_file(char const *const fname)
>  		make_nop = make_nop_arm64;
>  		rel_type_nop = R_AARCH64_NONE;
>  		ideal_nop = ideal_nop4_arm64;
> +		is_fake_mcount64 = arm64_is_fake_mcount;
>  		break;

As above, I think this is sound, but if you could answer my questions
that'd be helpful.

Thanks,
Mark.

>  	case EM_IA_64:	reltype = R_IA64_IMM64; break;
>  	case EM_MIPS:	/* reltype: e_class    */ break;
> -- 
> 2.27.0
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ