lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1646154463.4r1sh4kjf0.naveen@linux.ibm.com>
Date:   Tue, 01 Mar 2022 22:49:09 +0530
From:   "Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com>
To:     Masami Hiramatsu <mhiramat@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>
Cc:     alexei.starovoitov@...il.com, alyssa.milburn@...el.com,
        andrew.cooper3@...rix.com, hjl.tools@...il.com,
        joao@...rdrivepizza.com, jpoimboe@...hat.com,
        keescook@...omium.org, linux-kernel@...r.kernel.org,
        mark.rutland@....com, mbenes@...e.cz, ndesaulniers@...gle.com,
        rostedt@...dmis.org, samitolvanen@...gle.com, x86@...nel.org
Subject: Re: [PATCH v2 15/39] x86/ibt,kprobes: Fix more +0 assumptions

Peter Zijlstra wrote:
> On Tue, Mar 01, 2022 at 11:49:05AM +0900, Masami Hiramatsu wrote:
> 
>> - the 'offset' is NOT limited under the symbol size.
>>   (e.g. symbol_name = "_text" and @offset points the offset of target symbol from _text)
>> 
>> This means we need to call kallsyms_lookup_size_offset() in this case too.
> 
> I'm feeling we should error out in that case. Using sym+offset beyond
> the limits of sym is just daft.
> 
> But if you really want/need to retain that, then yes, we need that
> else branch unconditionally :/

I think we will need this. perf always specifies an offset from _text.

Also, I just noticed:

> -static kprobe_opcode_t *_kprobe_addr(kprobe_opcode_t *addr,
> -			const char *symbol_name, unsigned int offset)
> +static kprobe_opcode_t *
> +_kprobe_addr(kprobe_opcode_t *addr, const char *symbol_name,
> +	     unsigned long offset, bool *on_func_entry)
>  {
>  	if ((symbol_name && addr) || (!symbol_name && !addr))
>  		goto invalid;
>  
>  	if (symbol_name) {
> +		/*
> +		 * Input: @sym + @offset
> +		 * Output: @addr + @offset
> +		 *
> +		 * NOTE: kprobe_lookup_name() does *NOT* fold the offset
> +		 *       argument into it's output!
> +		 */
>  		addr = kprobe_lookup_name(symbol_name, offset);
>  		if (!addr)
>  			return ERR_PTR(-ENOENT);
> +	} else {
> +		/*
> +		 * Input: @addr + @offset
> +		 * Output: @addr' + @offset'
> +		 */
> +		if (!kallsyms_lookup_size_offset((unsigned long)addr + offset,
> +						 NULL, &offset))
> +			return ERR_PTR(-ENOENT);
> +		addr = (kprobe_opcode_t *)((unsigned long)addr - offset);
>  	}

This looks wrong. I think you need to retain offset to calculate the 
proper function entry address so that you can do:
	addr = (kprobe_opcode_t *)((unsigned long)(addr + offset) - func_offset);
	offset = func_offset;

>  
> -	addr = (kprobe_opcode_t *)(((char *)addr) + offset);
> +	addr = arch_adjust_kprobe_addr((unsigned long)addr, offset, on_func_entry);
>  	if (addr)
>  		return addr;
>

- Naveen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ