lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20220801033104.227091-1-chenzhongjin@huawei.com>
Date:   Mon, 1 Aug 2022 11:31:04 +0800
From:   Chen Zhongjin <chenzhongjin@...wei.com>
To:     <linux-kernel@...r.kernel.org>, <bpf@...r.kernel.org>
CC:     <naveen.n.rao@...ux.ibm.com>, <anil.s.keshavamurthy@...el.com>,
        <davem@...emloft.net>, <mhiramat@...nel.org>,
        <peterz@...radead.org>, <mingo@...nel.org>, <ast@...nel.org>,
        <daniel@...earbox.net>, <chenzhongjin@...wei.com>
Subject: [PATCH -next v2] kprobes: Forbid probing on trampoline and bpf prog

kernel_text_address returns ftrace_trampoline, kprobe_insn_slot
and bpf_text_address as kprobe legal address.

These text are removable and changeable without any notifier to
kprobes. Probing on them can trigger some unexpected behavior[1].

Considering that jump_label and static_call text are already be
forbiden to probe, kernel_text_address should be replaced with
core_kernel_text and is_module_text_address to check other text
which is unsafe to kprobe.

[1] https://lkml.org/lkml/2022/7/26/1148

Fixes: 5b485629ba0d ("kprobes, extable: Identify kprobes trampolines as kernel text area")
Fixes: 74451e66d516 ("bpf: make jited programs visible in traces")
Signed-off-by: Chen Zhongjin <chenzhongjin@...wei.com>
---
v1 -> v2:
Check core_kernel_text and is_module_text_address rather than
only kprobe_insn.
Also fix title and commit message for this. See old patch at [1].
---
 kernel/kprobes.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index f214f8c088ed..80697e5e03e4 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1560,7 +1560,8 @@ static int check_kprobe_address_safe(struct kprobe *p,
 	preempt_disable();
 
 	/* Ensure it is not in reserved area nor out of text */
-	if (!kernel_text_address((unsigned long) p->addr) ||
+	if (!(core_kernel_text((unsigned long) p->addr) ||
+	    is_module_text_address((unsigned long) p->addr)) ||
 	    within_kprobe_blacklist((unsigned long) p->addr) ||
 	    jump_label_text_reserved(p->addr, p->addr) ||
 	    static_call_text_reserved(p->addr, p->addr) ||
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ