lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210310055035epcms5p230de287f0daec198eb334b3348d07924@epcms5p2>
Date:   Wed, 10 Mar 2021 11:20:35 +0530
From:   Maninder Singh <maninder1.s@...sung.com>
To:     "linux@...linux.org.uk" <linux@...linux.org.uk>,
        "cl@...ux.com" <cl@...ux.com>,
        "penberg@...nel.org" <penberg@...nel.org>,
        "rientjes@...gle.com" <rientjes@...gle.com>,
        "iamjoonsoo.kim@....com" <iamjoonsoo.kim@....com>,
        "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
        "vbabka@...e.cz" <vbabka@...e.cz>
CC:     Maninder Singh <maninder1.s@...sung.com>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        AMIT SAHRAWAT <a.sahrawat@...sung.com>,
        Vaneet Narang <v.narang@...sung.com>
Subject: RE: [PATCH v2] arm: print alloc free paths for address in registers

Hi,

Any comments or updates?

>Sender : Maninder Singh <maninder1.s@...sung.com> Engineer/Platform S/W Group /SRI-Delhi/Samsung Electronics 
>Date : 2021-02-25 13:57 (GMT+5:30)
>Title : [PATCH v2] arm: print alloc free paths for address in registers
> 
>In case of "Use After Free" kernel OOPs, free path of object
>is required to debug futher.
>And in most of cases object address is present in one of registers.
> 
>Thus check for register address and if it belongs to slab,
>print its alloc and free path.
> 
>e.g. in below issue  register r6 belongs to slab, and use after free issue
>occurred on one of its derefer values:
> 
>[  124.310386] (ptrval)
>[  124.312647] 8<--- cut here ---
>[  124.313761] Unable to handle kernel paging request at virtual address 6b6b6b6f
>[  124.315972] pgd = (ptrval)
>...
>[  124.328290] pc : [<c052fc0c>]    lr : [<c052fc00>]    psr: 60000013
>[  124.330349] sp : c8993d28  ip : 0000bff4  fp : c8ae2020
>[  124.332071] r10: 00000000  r9 : 00000001  r8 : c1804cc8
>[  124.333803] r7 : 00000000  r6 : c8ae9180  r5 : c1804a80  r4 : c8ae2008
>[  124.335936] r3 : 6b6b6b6b  r2 : 315049d6  r1 : 2d867000  r0 : c1396584
>..
>[  124.365233] register r6: c8ae9180 belongs to slab object
>[  124.366364] INFO: Allocated in meminfo_proc_show+0x3c/0x500 age=1 cpu=0 pid=69
>[  124.367545]  meminfo_proc_show+0x3c/0x500
>[  124.368271]  seq_read_iter+0x10c/0x4bc
>[  124.368994]  proc_reg_read_iter+0x74/0xa8
>[  124.369712]  generic_file_splice_read+0xe8/0x178
>[  124.370496]  splice_direct_to_actor+0xe0/0x2b8
>[  124.371261]  do_splice_direct+0xa4/0xdc
>[  124.371917]  do_sendfile+0x1c4/0x3ec
>[  124.372550]  sys_sendfile64+0x128/0x130
>[  124.373109]  ret_fast_syscall+0x0/0x54
>[  124.373664]  0xbe9a2de4
>[  124.374081] INFO: Freed in meminfo_proc_show+0x5c/0x500 age=1 cpu=0 pid=69
>[  124.374933]  meminfo_proc_show+0x5c/0x500
>[  124.375485]  seq_read_iter+0x10c/0x4bc
>[  124.376020]  proc_reg_read_iter+0x74/0xa8
>[  124.376643]  generic_file_splice_read+0xe8/0x178
>[  124.377331]  splice_direct_to_actor+0xe0/0x2b8
>[  124.378022]  do_splice_direct+0xa4/0xdc
>[  124.378633]  do_sendfile+0x1c4/0x3ec
>[  124.379220]  sys_sendfile64+0x128/0x130
>[  124.379822]  ret_fast_syscall+0x0/0x54
>[  124.380421]  0xbe9a2de4
> 
>Co-developed-by: Vaneet Narang <v.narang@...sung.com>
>Signed-off-by: Vaneet Narang <v.narang@...sung.com>
>Signed-off-by: Maninder Singh <maninder1.s@...sung.com>
>---
>v1 -> v2: do address sanity with virt_addr_valid
> 
> arch/arm/include/asm/bug.h |  1 +
> arch/arm/kernel/process.c  | 18 ++++++++++++++++++
> arch/arm/kernel/traps.c    |  1 +
> include/linux/slab.h       | 14 ++++++++++++++
> mm/slab.h                  |  7 -------
> mm/slub.c                  | 18 ++++++++++++++++++
> 6 files changed, 52 insertions(+), 7 deletions(-)
 

Thanks,
Maninder Singh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ