| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Mar 2021 18:28:01 +0530
From: Ravi Bangoria <ravi.bangoria@...ux.ibm.com>
To: "Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com>,
Michael Ellerman <mpe@...erman.id.au>
Cc: oleg@...hat.com, rostedt@...dmis.org, paulus@...ba.org,
jniethe5@...il.com, naveen.n.rao@...ux.ibm.com,
sandipan@...ux.ibm.com, linuxppc-dev@...ts.ozlabs.org,
linux-kernel@...r.kernel.org, christophe.leroy@...roup.eu,
Ravi Bangoria <ravi.bangoria@...ux.ibm.com>
Subject: Re: [PATCH v4] powerpc/uprobes: Validation for prefixed instruction
On 3/9/21 4:51 PM, Naveen N. Rao wrote:
> On 2021/03/09 08:54PM, Michael Ellerman wrote:
>> Ravi Bangoria <ravi.bangoria@...ux.ibm.com> writes:
>>> As per ISA 3.1, prefixed instruction should not cross 64-byte
>>> boundary. So don't allow Uprobe on such prefixed instruction.
>>>
>>> There are two ways probed instruction is changed in mapped pages.
>>> First, when Uprobe is activated, it searches for all the relevant
>>> pages and replace instruction in them. In this case, if that probe
>>> is on the 64-byte unaligned prefixed instruction, error out
>>> directly. Second, when Uprobe is already active and user maps a
>>> relevant page via mmap(), instruction is replaced via mmap() code
>>> path. But because Uprobe is invalid, entire mmap() operation can
>>> not be stopped. In this case just print an error and continue.
>>>
>>> Signed-off-by: Ravi Bangoria <ravi.bangoria@...ux.ibm.com>
>>> Acked-by: Naveen N. Rao <naveen.n.rao@...ux.vnet.ibm.com>
>>
>> Do we have a Fixes: tag for this?
>
> Since this is an additional check we are adding, I don't think we should
> add a Fixes: tag. Nothing is broken per-se -- we're just adding more
> checks to catch simple mistakes. Also, like Oleg pointed out, there are
> still many other ways for users to shoot themselves in the foot with
> uprobes and prefixed instructions, if they so desire.
>
> However, if you still think we should add a Fixes: tag, we can perhaps
> use the below commit since I didn't see any specific commit adding
> support for prefixed instructions for uprobes:
>
> Fixes: 650b55b707fdfa ("powerpc: Add prefixed instructions to
> instruction data type")
True. IMO, It doesn't really need any Fixes tag.
>
>>
>>> ---
>>> v3: https://lore.kernel.org/r/20210304050529.59391-1-ravi.bangoria@linux.ibm.com
>>> v3->v4:
>>> - CONFIG_PPC64 check was not required, remove it.
>>> - Use SZ_ macros instead of hardcoded numbers.
>>>
>>> arch/powerpc/kernel/uprobes.c | 7 +++++++
>>> 1 file changed, 7 insertions(+)
>>>
>>> diff --git a/arch/powerpc/kernel/uprobes.c b/arch/powerpc/kernel/uprobes.c
>>> index e8a63713e655..4cbfff6e94a3 100644
>>> --- a/arch/powerpc/kernel/uprobes.c
>>> +++ b/arch/powerpc/kernel/uprobes.c
>>> @@ -41,6 +41,13 @@ int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe,
>>> if (addr & 0x03)
>>> return -EINVAL;
>>>
>>> + if (cpu_has_feature(CPU_FTR_ARCH_31) &&
>>> + ppc_inst_prefixed(auprobe->insn) &&
>>> + (addr & (SZ_64 - 4)) == SZ_64 - 4) {
>>> + pr_info_ratelimited("Cannot register a uprobe on 64 byte unaligned prefixed instruction\n");
>>> + return -EINVAL;
>>
>> I realise we already did the 0x03 check above, but I still think this
>> would be clearer simply as:
>>
>> (addr & 0x3f == 60)
>
> Indeed, I like the use of `60' there -- hex is overrated ;)
Sure. Will resend.
Ravi
Powered by blists - more mailing lists