[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20201020101324.GA1551@shell.armlinux.org.uk>
Date: Tue, 20 Oct 2020 11:13:24 +0100
From: Russell King - ARM Linux admin <linux@...linux.org.uk>
To: Joel Stanley <joel@....id.au>
Cc: Andrew Jeffery <andrew@...id.au>,
Linux ARM <linux-arm-kernel@...ts.infradead.org>,
mhiramat@...nel.org, labbott@...hat.com,
Kees Cook <keescook@...omium.org>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Luka Oreskovic <luka.oreskovic@...tura.hr>,
Juraj Vijtiuk <juraj.vijtiuk@...tura.hr>
Subject: Re: [PATCH v2] ARM: kprobes: Avoid fortify_panic() when copying
optprobe template
On Tue, Oct 20, 2020 at 05:32:26AM +0000, Joel Stanley wrote:
> On Fri, 9 Oct 2020 at 05:20, Joel Stanley <joel@....id.au> wrote:
> >
> > On Thu, 1 Oct 2020 at 04:30, Andrew Jeffery <andrew@...id.au> wrote:
> > >
> > > Setting both CONFIG_KPROBES=y and CONFIG_FORTIFY_SOURCE=y on ARM leads
> > > to a panic in memcpy() when injecting a kprobe despite the fixes found
> > > in commit e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with
> > > FORTIFY_SOURCE") and commit 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes:
> > > optimized kprobes illegal instruction").
> > >
> > > arch/arm/include/asm/kprobes.h effectively declares
> > > the target type of the optprobe_template_entry assembly label as a u32
> > > which leads memcpy()'s __builtin_object_size() call to determine that
> > > the pointed-to object is of size four. However, the symbol is used as a handle
> > > for the optimised probe assembly template that is at least 96 bytes in size.
> > > The symbol's use despite its type blows up the memcpy() in ARM's
> > > arch_prepare_optimized_kprobe() with a false-positive fortify_panic() when it
> > > should instead copy the optimised probe template into place:
> > >
> > > ```
> > > $ sudo perf probe -a aspeed_g6_pinctrl_probe
> > > [ 158.457252] detected buffer overflow in memcpy
> > >
> > > Fixes: e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE")
> > > Fixes: 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes: optimized kprobes illegal instruction")
> > > Cc: Luka Oreskovic <luka.oreskovic@...tura.hr>
> > > Cc: Juraj Vijtiuk <juraj.vijtiuk@...tura.hr>
> > > Suggested-by: Kees Cook <keescook@...omium.org>
> > > Signed-off-by: Andrew Jeffery <andrew@...id.au>
> >
> > Tested-by: Joel Stanley <joel@....id.au>
> > Reviewed-by: Joel Stanley <joel@....id.au>
> >
> > Thanks Andrew.
> >
> > > ---
> > > v1 was sent some time back, in May:
> > >
> > > https://lore.kernel.org/linux-arm-kernel/20200517153959.293224-1-andrew@aj.id.au/
>
> Russell, are you picking this fix up?
Sorry, but I don't "pick" patches off the mailing list. See my
signature.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
Powered by blists - more mailing lists