lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87msyphk99.fsf@all.your.base.are.belong.to.us>
Date:   Thu, 17 Aug 2023 15:27:14 +0200
From:   Björn Töpel <bjorn@...nel.org>
To:     Yunhui Cui <cuiyunhui@...edance.com>, paul.walmsley@...ive.com,
        palmer@...belt.com, aou@...s.berkeley.edu, guoren@...nel.org,
        bjorn@...osinc.com, conor.dooley@...rochip.com, jszhang@...nel.org,
        andy.chiu@...ive.com, cuiyunhui@...edance.com,
        dave.hansen@...ux.intel.com, elver@...gle.com, glider@...gle.com,
        cyphar@...har.com, kirill.shutemov@...ux.intel.com,
        keescook@...omium.org, linux-riscv@...ts.infradead.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] riscv: add userland instruction dump to RISC-V splats

Yunhui Cui <cuiyunhui@...edance.com> writes:

> Added userland instruction dump in dump_kernel_instr().
>
> An example:
> [    0.822439] Freeing unused kernel image (initmem) memory: 6916K
> [    0.823817] Run /init as init process
> [    0.839411] init[1]: unhandled signal 4 code 0x1 at 0x000000000005be18 in bb[10000+5fb000]
> [    0.840751] CPU: 0 PID: 1 Comm: init Not tainted 5.14.0-rc4-00049-gbd644290aa72-dirty #187
> [    0.841373] Hardware name:  , BIOS
> [    0.841743] epc : 000000000005be18 ra : 0000000000079e74 sp : 0000003fffcafda0
> [    0.842271]  gp : ffffffff816e9dc8 tp : 0000000000000000 t0 : 0000000000000000
> [    0.842947]  t1 : 0000003fffc9fdf0 t2 : 0000000000000000 s0 : 0000000000000000
> [    0.843434]  s1 : 0000000000000000 a0 : 0000003fffca0190 a1 : 0000003fffcafe18
> [    0.843891]  a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000
> [    0.844357]  a5 : 0000000000000000 a6 : 0000000000000000 a7 : 0000000000000000
> [    0.844803]  s2 : 0000000000000000 s3 : 0000000000000000 s4 : 0000000000000000
> [    0.845253]  s5 : 0000000000000000 s6 : 0000000000000000 s7 : 0000000000000000
> [    0.845722]  s8 : 0000000000000000 s9 : 0000000000000000 s10: 0000000000000000
> [    0.846180]  s11: 0000000000d144e0 t3 : 0000000000000000 t4 : 0000000000000000
> [    0.846616]  t5 : 0000000000000000 t6 : 0000000000000000
> [    0.847204] status: 0000000200000020 badaddr: 00000000f0028053 cause: 0000000000000002
> [    0.848219] Code: f06f ff5f 3823 fa11 0113 fb01 2e23 0201 0293 0000 (8053) f002
> [    0.851016] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
>
> Signed-off-by: Yunhui Cui <cuiyunhui@...edance.com>
> ---
>  arch/riscv/kernel/traps.c | 10 +++++++---
>  include/linux/uaccess.h   |  5 +++++
>  2 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
> index f910dfccbf5d..a6a850e42d59 100644
> --- a/arch/riscv/kernel/traps.c
> +++ b/arch/riscv/kernel/traps.c
> @@ -33,7 +33,7 @@ int show_unhandled_signals = 1;
>  
>  static DEFINE_SPINLOCK(die_lock);
>  
> -static void dump_kernel_instr(const char *loglvl, struct pt_regs *regs)
> +static void dump_instr(const char *loglvl, struct pt_regs *regs)
>  {
>  	char str[sizeof("0000 ") * 12 + 2 + 1], *p = str;
>  	const u16 *insns = (u16 *)instruction_pointer(regs);
> @@ -42,7 +42,10 @@ static void dump_kernel_instr(const char *loglvl, struct pt_regs *regs)
>  	int i;
>  
>  	for (i = -10; i < 2; i++) {
> -		bad = get_kernel_nofault(val, &insns[i]);
> +		if (user_mode(regs))
> +			bad = get_user_nofault(val, &insns[i]);
> +		else
> +			bad = get_kernel_nofault(val, &insns[i]);
>  		if (!bad) {
>  			p += sprintf(p, i == 0 ? "(%04hx) " : "%04hx ", val);
>  		} else {
> @@ -71,7 +74,7 @@ void die(struct pt_regs *regs, const char *str)
>  	print_modules();
>  	if (regs) {
>  		show_regs(regs);
> -		dump_kernel_instr(KERN_EMERG, regs);
> +		dump_instr(KERN_EMERG, regs);
>  	}
>  
>  	cause = regs ? regs->cause : -1;
> @@ -104,6 +107,7 @@ void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr)
>  		print_vma_addr(KERN_CONT " in ", instruction_pointer(regs));
>  		pr_cont("\n");
>  		__show_regs(regs);
> +		dump_instr(KERN_EMERG, regs);
>  	}
>  
>  	force_sig_fault(signo, code, (void __user *)addr);
> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
> index 3064314f4832..ba8cb37a7241 100644
> --- a/include/linux/uaccess.h
> +++ b/include/linux/uaccess.h
> @@ -385,6 +385,11 @@ long strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
>  		long count);
>  long strnlen_user_nofault(const void __user *unsafe_addr, long count);
>  
> +#define get_user_nofault(val, ptr) ({				\
> +	const typeof(val) *__gk_ptr = (ptr);			\
> +	copy_from_user_nofault(&(val), __gk_ptr, sizeof(val));\
> +})
> +

Your previous version had a check:
  |         /* The user space code from other tasks cannot be accessed. */
  |         if (regs != task_pt_regs(current))
  |                 return -EPERM;

Why was that left out? Is it not needed?

Your get_user_nofault is only used in this file, so maybe it's better to
do what x86 does, and introduce a static "copy_code()" that deals with
the user/kernel checks/copy?


Björn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ