[2/2] arm: kprobes: Prohibit kprobes on get_user functions

Message ID	151945939903.11045.1486072728379559979.stgit@devbox (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1F88E21717 From: Masami Hiramatsu <mhiramat@kernel.org> To: Russell King <linux@armlinux.org.uk> Subject: [PATCH 2/2] arm: kprobes: Prohibit kprobes on get_user functions Date: Sat, 24 Feb 2018 17:03:19 +0900 Message-Id: <151945939903.11045.1486072728379559979.stgit@devbox> In-Reply-To: <151945937038.11045.14421944772744094357.stgit@devbox> References: <151945937038.11045.14421944772744094357.stgit@devbox> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Precedence: list Cc: Jon Medhurst <tixy@linaro.org>, Wang Nan <wangnan0@huawei.com>, Will Deacon <will.deacon@arm.com>, linux-kernel@vger.kernel.org, mhiramat@kernel.org, linux-arm-kernel@lists.infradead.org, David Long <dave.long@linaro.org> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Message ID

151945939903.11045.1486072728379559979.stgit@devbox (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1F88E21717
From: Masami Hiramatsu <mhiramat@kernel.org>
To: Russell King <linux@armlinux.org.uk>
Subject: [PATCH 2/2] arm: kprobes: Prohibit kprobes on get_user functions
Date: Sat, 24 Feb 2018 17:03:19 +0900
Message-Id: <151945939903.11045.1486072728379559979.stgit@devbox>
In-Reply-To: <151945937038.11045.14421944772744094357.stgit@devbox>
References: <151945937038.11045.14421944772744094357.stgit@devbox>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Precedence: list
Cc: Jon Medhurst <tixy@linaro.org>, Wang Nan <wangnan0@huawei.com>,
	Will Deacon <will.deacon@arm.com>, linux-kernel@vger.kernel.org,
	mhiramat@kernel.org, linux-arm-kernel@lists.infradead.org,
	David Long <dave.long@linaro.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Commit Message

Masami Hiramatsu (Google) Feb. 24, 2018, 8:03 a.m. UTC

Since do_undefinstr() uses get_user to get the undefined
instruction, it can be called before kprobes processes
recursive check. This can cause an infinit recursive
exception.
Prohibit probing on get_user functions.

Fixes: 24ba613c9d6c ("ARM kprobes: core code")
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
---
 arch/arm/include/asm/assembler.h |    8 ++++++++
 arch/arm/lib/getuser.S           |   10 ++++++++++
 2 files changed, 18 insertions(+)

Comments

kernel test robot Feb. 25, 2018, 10:09 a.m. UTC | #1

Hi Masami,

I love your patch! Yet something to improve:

[auto build test ERROR on linus/master]
[also build test ERROR on v4.16-rc2 next-20180223]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Masami-Hiramatsu/arm-kprobes-Prohibit-kprobes-on-do_undefinstr/20180225-151050
config: arm-ixp4xx_defconfig (attached as .config)
compiler: arm-linux-gnueabi-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        make.cross ARCH=arm 

All errors (new ones prefixed by >>):

   arch/arm/lib/getuser.S: Assembler messages:
   arch/arm/lib/getuser.S:41: Error: bad instruction `_asm_nokprobe(__get_user_1)'
   arch/arm/lib/getuser.S:62: Error: bad instruction `_asm_nokprobe(__get_user_2)'
   arch/arm/lib/getuser.S:70: Error: bad instruction `_asm_nokprobe(__get_user_4)'
   arch/arm/lib/getuser.S:84: Error: bad instruction `_asm_nokprobe(__get_user_8)'
>> arch/arm/lib/getuser.S:98: Error: bad instruction `_asm_nokprobe(__get_user_32t_8)'
>> arch/arm/lib/getuser.S:106: Error: bad instruction `_asm_nokprobe(__get_user_64t_1)'
>> arch/arm/lib/getuser.S:123: Error: bad instruction `_asm_nokprobe(__get_user_64t_2)'
>> arch/arm/lib/getuser.S:131: Error: bad instruction `_asm_nokprobe(__get_user_64t_4)'
   arch/arm/lib/getuser.S:142: Error: bad instruction `_asm_nokprobe(__get_user_bad)'
   arch/arm/lib/getuser.S:143: Error: bad instruction `_asm_nokprobe(__get_user_bad8)'

vim +98 arch/arm/lib/getuser.S

    34	
    35	ENTRY(__get_user_1)
    36		check_uaccess r0, 1, r1, r2, __get_user_bad
    37	1: TUSER(ldrb)	r2, [r0]
    38		mov	r0, #0
    39		ret	lr
    40	ENDPROC(__get_user_1)
  > 41	_ASM_NOKPROBE(__get_user_1)
    42	
    43	ENTRY(__get_user_2)
    44		check_uaccess r0, 2, r1, r2, __get_user_bad
    45	#ifdef CONFIG_CPU_USE_DOMAINS
    46	rb	.req	ip
    47	2:	ldrbt	r2, [r0], #1
    48	3:	ldrbt	rb, [r0], #0
    49	#else
    50	rb	.req	r0
    51	2:	ldrb	r2, [r0]
    52	3:	ldrb	rb, [r0, #1]
    53	#endif
    54	#ifndef __ARMEB__
    55		orr	r2, r2, rb, lsl #8
    56	#else
    57		orr	r2, rb, r2, lsl #8
    58	#endif
    59		mov	r0, #0
    60		ret	lr
    61	ENDPROC(__get_user_2)
    62	_ASM_NOKPROBE(__get_user_2)
    63	
    64	ENTRY(__get_user_4)
    65		check_uaccess r0, 4, r1, r2, __get_user_bad
    66	4: TUSER(ldr)	r2, [r0]
    67		mov	r0, #0
    68		ret	lr
    69	ENDPROC(__get_user_4)
    70	_ASM_NOKPROBE(__get_user_4)
    71	
    72	ENTRY(__get_user_8)
    73		check_uaccess r0, 8, r1, r2, __get_user_bad8
    74	#ifdef CONFIG_THUMB2_KERNEL
    75	5: TUSER(ldr)	r2, [r0]
    76	6: TUSER(ldr)	r3, [r0, #4]
    77	#else
    78	5: TUSER(ldr)	r2, [r0], #4
    79	6: TUSER(ldr)	r3, [r0]
    80	#endif
    81		mov	r0, #0
    82		ret	lr
    83	ENDPROC(__get_user_8)
    84	_ASM_NOKPROBE(__get_user_8)
    85	
    86	#ifdef __ARMEB__
    87	ENTRY(__get_user_32t_8)
    88		check_uaccess r0, 8, r1, r2, __get_user_bad
    89	#ifdef CONFIG_CPU_USE_DOMAINS
    90		add	r0, r0, #4
    91	7:	ldrt	r2, [r0]
    92	#else
    93	7:	ldr	r2, [r0, #4]
    94	#endif
    95		mov	r0, #0
    96		ret	lr
    97	ENDPROC(__get_user_32t_8)
  > 98	_ASM_NOKPROBE(__get_user_32t_8)
    99	
   100	ENTRY(__get_user_64t_1)
   101		check_uaccess r0, 1, r1, r2, __get_user_bad8
   102	8: TUSER(ldrb)	r3, [r0]
   103		mov	r0, #0
   104		ret	lr
   105	ENDPROC(__get_user_64t_1)
 > 106	_ASM_NOKPROBE(__get_user_64t_1)
   107	
   108	ENTRY(__get_user_64t_2)
   109		check_uaccess r0, 2, r1, r2, __get_user_bad8
   110	#ifdef CONFIG_CPU_USE_DOMAINS
   111	rb	.req	ip
   112	9:	ldrbt	r3, [r0], #1
   113	10:	ldrbt	rb, [r0], #0
   114	#else
   115	rb	.req	r0
   116	9:	ldrb	r3, [r0]
   117	10:	ldrb	rb, [r0, #1]
   118	#endif
   119		orr	r3, rb, r3, lsl #8
   120		mov	r0, #0
   121		ret	lr
   122	ENDPROC(__get_user_64t_2)
 > 123	_ASM_NOKPROBE(__get_user_64t_2)
   124	
   125	ENTRY(__get_user_64t_4)
   126		check_uaccess r0, 4, r1, r2, __get_user_bad8
   127	11: TUSER(ldr)	r3, [r0]
   128		mov	r0, #0
   129		ret	lr
   130	ENDPROC(__get_user_64t_4)
 > 131	_ASM_NOKPROBE(__get_user_64t_4)
   132	#endif
   133	
   134	__get_user_bad8:
   135		mov	r3, #0
   136	__get_user_bad:
   137		mov	r2, #0
   138		mov	r0, #-EFAULT
   139		ret	lr
   140	ENDPROC(__get_user_bad)
   141	ENDPROC(__get_user_bad8)
   142	_ASM_NOKPROBE(__get_user_bad)
   143	_ASM_NOKPROBE(__get_user_bad8)
   144	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

kernel test robot Feb. 25, 2018, 10:12 a.m. UTC | #2

Hi Masami,

I love your patch! Yet something to improve:

[auto build test ERROR on linus/master]
[also build test ERROR on v4.16-rc2 next-20180223]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Masami-Hiramatsu/arm-kprobes-Prohibit-kprobes-on-do_undefinstr/20180225-151050
config: arm-at91_dt_defconfig (attached as .config)
compiler: arm-linux-gnueabi-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        make.cross ARCH=arm 

All errors (new ones prefixed by >>):

   arch/arm/lib/getuser.S: Assembler messages:
>> arch/arm/lib/getuser.S:41: Error: bad instruction `_asm_nokprobe(__get_user_1)'
>> arch/arm/lib/getuser.S:62: Error: bad instruction `_asm_nokprobe(__get_user_2)'
>> arch/arm/lib/getuser.S:70: Error: bad instruction `_asm_nokprobe(__get_user_4)'
>> arch/arm/lib/getuser.S:84: Error: bad instruction `_asm_nokprobe(__get_user_8)'
>> arch/arm/lib/getuser.S:142: Error: bad instruction `_asm_nokprobe(__get_user_bad)'
>> arch/arm/lib/getuser.S:143: Error: bad instruction `_asm_nokprobe(__get_user_bad8)'

vim +41 arch/arm/lib/getuser.S

    34	
    35	ENTRY(__get_user_1)
    36		check_uaccess r0, 1, r1, r2, __get_user_bad
    37	1: TUSER(ldrb)	r2, [r0]
    38		mov	r0, #0
    39		ret	lr
    40	ENDPROC(__get_user_1)
  > 41	_ASM_NOKPROBE(__get_user_1)
    42	
    43	ENTRY(__get_user_2)
    44		check_uaccess r0, 2, r1, r2, __get_user_bad
    45	#ifdef CONFIG_CPU_USE_DOMAINS
    46	rb	.req	ip
    47	2:	ldrbt	r2, [r0], #1
    48	3:	ldrbt	rb, [r0], #0
    49	#else
    50	rb	.req	r0
    51	2:	ldrb	r2, [r0]
    52	3:	ldrb	rb, [r0, #1]
    53	#endif
    54	#ifndef __ARMEB__
    55		orr	r2, r2, rb, lsl #8
    56	#else
    57		orr	r2, rb, r2, lsl #8
    58	#endif
    59		mov	r0, #0
    60		ret	lr
    61	ENDPROC(__get_user_2)
  > 62	_ASM_NOKPROBE(__get_user_2)
    63	
    64	ENTRY(__get_user_4)
    65		check_uaccess r0, 4, r1, r2, __get_user_bad
    66	4: TUSER(ldr)	r2, [r0]
    67		mov	r0, #0
    68		ret	lr
    69	ENDPROC(__get_user_4)
  > 70	_ASM_NOKPROBE(__get_user_4)
    71	
    72	ENTRY(__get_user_8)
    73		check_uaccess r0, 8, r1, r2, __get_user_bad8
    74	#ifdef CONFIG_THUMB2_KERNEL
    75	5: TUSER(ldr)	r2, [r0]
    76	6: TUSER(ldr)	r3, [r0, #4]
    77	#else
    78	5: TUSER(ldr)	r2, [r0], #4
    79	6: TUSER(ldr)	r3, [r0]
    80	#endif
    81		mov	r0, #0
    82		ret	lr
    83	ENDPROC(__get_user_8)
  > 84	_ASM_NOKPROBE(__get_user_8)
    85	
    86	#ifdef __ARMEB__
    87	ENTRY(__get_user_32t_8)
    88		check_uaccess r0, 8, r1, r2, __get_user_bad
    89	#ifdef CONFIG_CPU_USE_DOMAINS
    90		add	r0, r0, #4
    91	7:	ldrt	r2, [r0]
    92	#else
    93	7:	ldr	r2, [r0, #4]
    94	#endif
    95		mov	r0, #0
    96		ret	lr
    97	ENDPROC(__get_user_32t_8)
    98	_ASM_NOKPROBE(__get_user_32t_8)
    99	
   100	ENTRY(__get_user_64t_1)
   101		check_uaccess r0, 1, r1, r2, __get_user_bad8
   102	8: TUSER(ldrb)	r3, [r0]
   103		mov	r0, #0
   104		ret	lr
   105	ENDPROC(__get_user_64t_1)
   106	_ASM_NOKPROBE(__get_user_64t_1)
   107	
   108	ENTRY(__get_user_64t_2)
   109		check_uaccess r0, 2, r1, r2, __get_user_bad8
   110	#ifdef CONFIG_CPU_USE_DOMAINS
   111	rb	.req	ip
   112	9:	ldrbt	r3, [r0], #1
   113	10:	ldrbt	rb, [r0], #0
   114	#else
   115	rb	.req	r0
   116	9:	ldrb	r3, [r0]
   117	10:	ldrb	rb, [r0, #1]
   118	#endif
   119		orr	r3, rb, r3, lsl #8
   120		mov	r0, #0
   121		ret	lr
   122	ENDPROC(__get_user_64t_2)
   123	_ASM_NOKPROBE(__get_user_64t_2)
   124	
   125	ENTRY(__get_user_64t_4)
   126		check_uaccess r0, 4, r1, r2, __get_user_bad8
   127	11: TUSER(ldr)	r3, [r0]
   128		mov	r0, #0
   129		ret	lr
   130	ENDPROC(__get_user_64t_4)
   131	_ASM_NOKPROBE(__get_user_64t_4)
   132	#endif
   133	
   134	__get_user_bad8:
   135		mov	r3, #0
   136	__get_user_bad:
   137		mov	r2, #0
   138		mov	r0, #-EFAULT
   139		ret	lr
   140	ENDPROC(__get_user_bad)
   141	ENDPROC(__get_user_bad8)
 > 142	_ASM_NOKPROBE(__get_user_bad)
 > 143	_ASM_NOKPROBE(__get_user_bad8)
   144	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

Masami Hiramatsu (Google) Feb. 25, 2018, 12:21 p.m. UTC | #3

On Sat, 24 Feb 2018 17:03:19 +0900
Masami Hiramatsu <mhiramat@kernel.org> wrote:

> Since do_undefinstr() uses get_user to get the undefined
> instruction, it can be called before kprobes processes
> recursive check. This can cause an infinit recursive
> exception.
> Prohibit probing on get_user functions.
> 
> Fixes: 24ba613c9d6c ("ARM kprobes: core code")
> Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
> ---
>  arch/arm/include/asm/assembler.h |    8 ++++++++
>  arch/arm/lib/getuser.S           |   10 ++++++++++
>  2 files changed, 18 insertions(+)
> 
> diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h
> index bc8d4bbd82e2..dd5e7f30eaed 100644
> --- a/arch/arm/include/asm/assembler.h
> +++ b/arch/arm/include/asm/assembler.h
> @@ -536,4 +536,12 @@ THUMB(	orr	\reg , \reg , #PSR_T_BIT	)
>  #endif
>  	.endm
>  
> +#ifdef CONFIG_KPROBES
> +# define _ASM_NOKPROBE(entry)				\
> +	.pushsection "_kprobe_blacklist", "aw" ;	\
> +	.balign 4 ;					\
> +	.long entry;					\
> +	.popsection

Oops, I missed #else block... which cause build error if !CONFIG_KPROBES.
I'll update it soon.

Thanks,

diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h
index bc8d4bbd82e2..dd5e7f30eaed 100644
--- a/arch/arm/include/asm/assembler.h
+++ b/arch/arm/include/asm/assembler.h
@@ -536,4 +536,12 @@  THUMB(	orr	\reg , \reg , #PSR_T_BIT	)
 #endif
 	.endm
 
+#ifdef CONFIG_KPROBES
+# define _ASM_NOKPROBE(entry)				\
+	.pushsection "_kprobe_blacklist", "aw" ;	\
+	.balign 4 ;					\
+	.long entry;					\
+	.popsection
+#endif
+
 #endif /* __ASM_ASSEMBLER_H__ */
diff --git a/arch/arm/lib/getuser.S b/arch/arm/lib/getuser.S
index df73914e81c8..746e7801dcdf 100644
--- a/arch/arm/lib/getuser.S
+++ b/arch/arm/lib/getuser.S
@@ -38,6 +38,7 @@  ENTRY(__get_user_1)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_1)
+_ASM_NOKPROBE(__get_user_1)
 
 ENTRY(__get_user_2)
 	check_uaccess r0, 2, r1, r2, __get_user_bad
@@ -58,6 +59,7 @@  rb	.req	r0
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_2)
+_ASM_NOKPROBE(__get_user_2)
 
 ENTRY(__get_user_4)
 	check_uaccess r0, 4, r1, r2, __get_user_bad
@@ -65,6 +67,7 @@  ENTRY(__get_user_4)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_4)
+_ASM_NOKPROBE(__get_user_4)
 
 ENTRY(__get_user_8)
 	check_uaccess r0, 8, r1, r2, __get_user_bad8
@@ -78,6 +81,7 @@  ENTRY(__get_user_8)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_8)
+_ASM_NOKPROBE(__get_user_8)
 
 #ifdef __ARMEB__
 ENTRY(__get_user_32t_8)
@@ -91,6 +95,7 @@  ENTRY(__get_user_32t_8)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_32t_8)
+_ASM_NOKPROBE(__get_user_32t_8)
 
 ENTRY(__get_user_64t_1)
 	check_uaccess r0, 1, r1, r2, __get_user_bad8
@@ -98,6 +103,7 @@  ENTRY(__get_user_64t_1)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_64t_1)
+_ASM_NOKPROBE(__get_user_64t_1)
 
 ENTRY(__get_user_64t_2)
 	check_uaccess r0, 2, r1, r2, __get_user_bad8
@@ -114,6 +120,7 @@  rb	.req	r0
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_64t_2)
+_ASM_NOKPROBE(__get_user_64t_2)
 
 ENTRY(__get_user_64t_4)
 	check_uaccess r0, 4, r1, r2, __get_user_bad8
@@ -121,6 +128,7 @@  ENTRY(__get_user_64t_4)
 	mov	r0, #0
 	ret	lr
 ENDPROC(__get_user_64t_4)
+_ASM_NOKPROBE(__get_user_64t_4)
 #endif
 
 __get_user_bad8:
@@ -131,6 +139,8 @@  __get_user_bad:
 	ret	lr
 ENDPROC(__get_user_bad)
 ENDPROC(__get_user_bad8)
+_ASM_NOKPROBE(__get_user_bad)
+_ASM_NOKPROBE(__get_user_bad8)
 
 .pushsection __ex_table, "a"
 	.long	1b, __get_user_bad

[2/2] arm: kprobes: Prohibit kprobes on get_user functions

Commit Message

Comments

Patch