lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 12 Jan 2023 21:32:51 +0800
From:   Tiezhu Yang <yangtiezhu@...ngson.cn>
To:     Masami Hiramatsu <mhiramat@...nel.org>,
        "Naveen N. Rao" <naveen.n.rao@...ux.ibm.com>,
        Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>,
        "David S. Miller" <davem@...emloft.net>
Cc:     linux-trace-kernel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: kernel hangs when kprobe memcpy



On 01/11/2023 07:38 PM, Tiezhu Yang wrote:
> Hi all,
>
> (1) I have the following test environment, kernel hangs when kprobe memcpy:
>
> system: x86_64 fedora 36
> kernel version: Linux 5.7 (compile and update)
> test case: modprobe kprobe_example symbol="memcpy"
> (CONFIG_SAMPLE_KPROBES=m)
>
> In order to fix build errors, it needs to unset CONFIG_NFP and do the
> following changes:
> commit 52a9dab6d892 ("libsubcmd: Fix use-after-free for realloc(..., 0)")
> commit de979c83574a ("x86/entry: Build thunk_$(BITS) only if
> CONFIG_PREEMPTION=y")
>
> (2) Using the latest upstream mainline kernel, no hang problem due to the
> commit e3a9e681adb7 ("x86/entry: Fixup bad_iret vs noinstr") to prohibit
> probing memcpy which is put into the .noinstr.text section.
>
>   # modprobe kprobe_example symbol="memcpy"
>   modprobe: ERROR: could not insert 'kprobe_example': Invalid argument
>
> In my opinion, according to the commit message, the above commit is not
> intended to fix the memcpy hang problem, the problem was fixed by accident.
>
> (3) If make handler_pre() and handler_post() as empty functions in the 5.7
> kernel code, the above hang problem does not exist.
>
> diff --git a/samples/kprobes/kprobe_example.c
> b/samples/kprobes/kprobe_example.c
> index fd346f58ddba..c194171d8a46 100644
> --- a/samples/kprobes/kprobe_example.c
> +++ b/samples/kprobes/kprobe_example.c
> @@ -28,8 +28,6 @@ static struct kprobe kp = {
>  static int __kprobes handler_pre(struct kprobe *p, struct pt_regs *regs)
>  {
>  #ifdef CONFIG_X86
> -    pr_info("<%s> p->addr = 0x%p, ip = %lx, flags = 0x%lx\n",
> -        p->symbol_name, p->addr, regs->ip, regs->flags);
>  #endif
>  #ifdef CONFIG_PPC
>      pr_info("<%s> p->addr = 0x%p, nip = 0x%lx, msr = 0x%lx\n",
> @@ -65,8 +63,6 @@ static void __kprobes handler_post(struct kprobe *p,
> struct pt_regs *regs,
>                  unsigned long flags)
>  {
>  #ifdef CONFIG_X86
> -    pr_info("<%s> p->addr = 0x%p, flags = 0x%lx\n",
> -        p->symbol_name, p->addr, regs->flags);
>  #endif
>  #ifdef CONFIG_PPC
>      pr_info("<%s> p->addr = 0x%p, msr = 0x%lx\n",
>
> I want to know what is the real reason of the hang problem when kprobe
> memcpy,
> I guess it may be kprobe recursion, what do you think? Thank you.
>
> By the way, kprobe memset has no problem whether or not handler_pre() and
> handler_post() are empty functions.
>
> Thanks,
> Tiezhu

I find out the following call trace:

handler_pre()
   pr_info()
     printk()
       _printk()
         vprintk()
           vprintk_store()
             memcpy()

I think it may cause recursive exceptions, so we should
mark memcpy as non-kprobe-able, right?

Thanks,
Tiezhu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ