From patchwork Fri Sep 24 06:20:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12537811 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5C8CC433F5 for ; Fri, 24 Sep 2021 06:23:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BD6CB6124C for ; Fri, 24 Sep 2021 06:23:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244231AbhIXGYy (ORCPT ); Fri, 24 Sep 2021 02:24:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38322 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244234AbhIXGW5 (ORCPT ); Fri, 24 Sep 2021 02:22:57 -0400 Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 455AFC0613CF for ; Thu, 23 Sep 2021 23:20:18 -0700 (PDT) Received: by mail-pl1-x630.google.com with SMTP id j15so4349087plh.7 for ; Thu, 23 Sep 2021 23:20:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=5WCcuqE5ATqYYHgSY5EFkOCbHMpsSpyspHQpjUNcv5Y=; b=USHlnTajiNdM3P0VqSbAStEFaTYJqzSg2nm8ztUGra2sh16n3N01QtIiwG20m1d8E6 gGXkwSZDUKgQ0zX/AiF0MDejr+diNlb9FGN0Zhf6/ppRfEeSRs3ijG839x/k4a+/DPb9 JAS5vCtmD2lzaA67KHZaDPUzKqWnavkhSuSRA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5WCcuqE5ATqYYHgSY5EFkOCbHMpsSpyspHQpjUNcv5Y=; b=bSioAHYZY9Q5TmjW8Zsg4yxqpkt2YBp0l93jIxTLL0g7dsxMG4vRpqVS7OgKlw4we/ qihT/1ooVrj/VT5Do2ZRqPdIhvS8S/gw1RNTn27XfXeHM3Cf9dWdoiu9mZg3ZfRCR+mD C17r44tvcTht/vlmGnV9B4JL7udnUSvjdy7lnltLldrIBAfqm3ddhEfKd+vS+KBEX3/9 WEdkE3cKDXctWcIqKHO28kFTAZXyWfbxvBoecekZCebl9WY5GYerz5KDsLFwnpwlOQQJ Jztw0ojOGQFxFOYuE/q+nBW9/bc6uNakt6Z0ah3F1iU+2UTuwqQDCcD2Vmb79Xi0oAi+ G03g== X-Gm-Message-State: AOAM533PSWqtwN4iz+8XN9Y/BbWBqaKfFwP5tlHLVhhIl1dNg8zLywPL 6cGvSl9+LTkevJzjQMUUjMe5ig== X-Google-Smtp-Source: ABdhPJzfo1VcZJOORPchCfryh29i7+7kZ0+4SqFHpt+xI9bVgeTLDt8+VLo9QSQzSiBPaVyH03zneg== X-Received: by 2002:a17:90a:460a:: with SMTP id w10mr270337pjg.132.1632464417651; Thu, 23 Sep 2021 23:20:17 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id e2sm7733726pfn.141.2021.09.23.23.20.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Sep 2021 23:20:16 -0700 (PDT) From: Kees Cook To: Andrew Morton Cc: Kees Cook , kernel test robot , Vito Caputo , Jann Horn , stable@vger.kernel.org, Helge Deller , Qi Zheng , Josh Poimboeuf , "Tobin C. Harding" , Tycho Andersen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Mark Rutland , Jens Axboe , Peter Zijlstra , Andy Lutomirski , Lai Jiangshan , Stefan Metzmacher , Dave Hansen , Christian Brauner , Michal Hocko , "Eric W. Biederman" , Randy Dunlap , Ohhoon Kwon , YiFei Zhu , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, x86@kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH 1/3] Revert "proc/wchan: use printk format instead of lookup_symbol_name()" Date: Thu, 23 Sep 2021 23:20:04 -0700 Message-Id: <20210924062006.231699-2-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210924062006.231699-1-keescook@chromium.org> References: <20210924062006.231699-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1921; h=from:subject; bh=48rNinxgYhX0MMt+z9ytmuG8GHuOw2IZ5/XYplBnCcc=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhTW4V3aAmkY3cNkeh8mx6qR4Wd4ABLM9VfEd7+ihZ Bx7vHSCJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYU1uFQAKCRCJcvTf3G3AJnoXD/ 9+ie60XyWvsYauLjXuepEjG45dMmVfHo8TJw7OCNXZ2lTIe5ZGlf6Rx4OVEwn44n4dTUH8avAsCeKU tw8F1HJKdyRsL3NojF9a7XLqhrfqcnRaDkh/0BQejpIToUmgWFrtjFdKlKi0AfADEqEiMAqi7JHSZj lE1dM2Vxe1Paqq79EITBohvHgYebZ3WrG4OuDaw1Vxpy8DoeElQfU+5pcvDokYbIls5rQAnAH4AtUp TVlgob8YzJvqYTYCDyIb9yxXKG7NAaY16IKLIhgnxcu75kkVFJ9CDRNIj1YHu7bbosm4rYpS7zACEM 0X2UGQ5R4jMA2jP2jP5CeNr3hotGrlZ8rtZ/SkhcWdcgu6Br7T4YnrAo6o99k7unwja/t4wugVSbcc sm7ZrehQY2OqsB/m7q4ClgVslqFfVcJRTvXlrAQJoQuCp419WQ90WLqdWheX1fZmu+kILVE2c3Zz28 fSCWDwW2Tc/g4VxVVqtjtiZkSZxBkcfyzt0e9R/Aciv2Y+Z95MtshjPERDwO6BaarMumHYWcwmMG+Z uBdVf6svZlcVnsn3J4HEnNZlk47ez87SpbihS9Vud0VBydXWwYsXBTLtFi9yT/EzMIG1INYJ62cs1B w/bp15u2DxJQTfDAKRvzhLl7s/oYbFUbxJ+vogxQzPbKDzPi2NQ4UKbDo4wQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org This reverts commit 152c432b128cb043fc107e8f211195fe94b2159c. When a kernel address couldn't be symbolized for /proc/$pid/wchan, it would leak the raw value, a potential information exposure. This is a regression compared to the safer pre-v5.12 behavior. Reported-by: kernel test robot Link: https://lore.kernel.org/all/20210103142726.GC30643@xsang-OptiPlex-9020/ Reported-by: Vito Caputo Link: https://lore.kernel.org/lkml/20210921193249.el476vlhg5k6lfcq@shells.gnugeneration.com/ Reported-by: Jann Horn Link: https://lore.kernel.org/lkml/CAG48ez2zC=+PuNgezH53HBPZ8CXU5H=vkWx7nJs60G8RXt3w0Q@mail.gmail.com/ Cc: stable@vger.kernel.org Signed-off-by: Kees Cook Acked-by: Helge Deller --- fs/proc/base.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 533d5836eb9a..1f394095eb88 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -67,6 +67,7 @@ #include #include #include +#include #include #include #include @@ -386,17 +387,19 @@ static int proc_pid_wchan(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { unsigned long wchan; + char symname[KSYM_NAME_LEN]; - if (ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) - wchan = get_wchan(task); - else - wchan = 0; + if (!ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS)) + goto print0; - if (wchan) - seq_printf(m, "%ps", (void *) wchan); - else - seq_putc(m, '0'); + wchan = get_wchan(task); + if (wchan && !lookup_symbol_name(wchan, symname)) { + seq_puts(m, symname); + return 0; + } +print0: + seq_putc(m, '0'); return 0; } #endif /* CONFIG_KALLSYMS */ From patchwork Fri Sep 24 06:20:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12537809 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5728CC433EF for ; Fri, 24 Sep 2021 06:23:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3EDE76124F for ; Fri, 24 Sep 2021 06:23:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244237AbhIXGYx (ORCPT ); Fri, 24 Sep 2021 02:24:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38328 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244236AbhIXGW5 (ORCPT ); Fri, 24 Sep 2021 02:22:57 -0400 Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67283C0613D8 for ; Thu, 23 Sep 2021 23:20:18 -0700 (PDT) Received: by mail-pj1-x1031.google.com with SMTP id dw14so6279917pjb.1 for ; Thu, 23 Sep 2021 23:20:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=MqGP9LMqqJMGAy3sQl4mgX42672AKmlBIPJNVCl2PBs=; b=fTqcY+WsERdzoOPpvaTo8qpxFm0CbD6HPGeTwGvDQoNnm1Bj6ql6u3jWOWXFf8Fq7F Q15KwMJ9DUrdFKrJGl21YEufa2x6M7w8LcvOloHVNIfj3nuGzlBpb+fWayG49TGZH5w9 79SLY5uWot4z27tUNwy4rcdqHKHBTLaKcGY9A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MqGP9LMqqJMGAy3sQl4mgX42672AKmlBIPJNVCl2PBs=; b=uWvzEYtan8z4i+Z9P7Tq39vv1K/TBIypCosWP6rxQfO4B67WSB/Wam1+5JIUZVfRpP 0dchvZQdnXkZZON3R1glqmAD9tP8lkPK0Zypgbg0lzXX+4XOBgSO/CciBWQ2jY5jxnOb 1W1mqesKJdCGhwq6B/KAuNQmnDSakNbXPnJZg4GerbdJtBNzifen5jEyl5VSokOR9bYz DEuUSXiSs4IsoYeIN3Y3ru+42QC5BYrVeROAjWz0eV7eebAnIE59jEuyOZfkDbXpjEik r+8YgM/KMLnYD8UCP6x4I/CNBpgVIJXNq1YDKdZ6qw29jeXgNS21vVrFSEYk+f+spAow q7og== X-Gm-Message-State: AOAM530bG2GMfAt6P2B8Aq8FHUykm74cHq4pYwkhm6trE+7o1SUbx8xc CYfJkmI4cc4cF2HLePpAOIQ9tA== X-Google-Smtp-Source: ABdhPJwfJZj2ZbWFQDmuxHrN9k1j5ZMHPc7UQuTGrEfZedlEiAdefUF+dDKuiKtIpbE3+wgAw8Mf0Q== X-Received: by 2002:a17:90a:c982:: with SMTP id w2mr283172pjt.30.1632464417963; Thu, 23 Sep 2021 23:20:17 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id mv6sm7119740pjb.16.2021.09.23.23.20.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Sep 2021 23:20:16 -0700 (PDT) From: Kees Cook To: Andrew Morton Cc: Kees Cook , "Tobin C. Harding" , Tycho Andersen , Helge Deller , Qi Zheng , Vito Caputo , Josh Poimboeuf , Jann Horn , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Mark Rutland , Jens Axboe , Peter Zijlstra , Andy Lutomirski , Lai Jiangshan , Stefan Metzmacher , Dave Hansen , Christian Brauner , Michal Hocko , "Eric W. Biederman" , Randy Dunlap , Ohhoon Kwon , YiFei Zhu , kernel test robot , linux-kernel@vger.kernel.org, stable@vger.kernel.org, linux-hardening@vger.kernel.org, x86@kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH 2/3] leaking_addresses: Always print a trailing newline Date: Thu, 23 Sep 2021 23:20:05 -0700 Message-Id: <20210924062006.231699-3-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210924062006.231699-1-keescook@chromium.org> References: <20210924062006.231699-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=996; h=from:subject; bh=5lftZQczWL2NYn7i81/S0r7+lfWbje0junTyfy2SMv4=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhTW4WqXBX8L5MwMB+PTMTeALNE3r8NpP8q4VzKbwS JIaNQbKJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYU1uFgAKCRCJcvTf3G3AJjsmD/ 0WuSkZwR3MGbYJDi4shdfA9ea0lTwo/tRcec1N+TaYDy/KTm+u1jXXMflO6EhMp32CoU0ioyG/x65p 3cdwzReovQO0YCwmOIAqf2F3IVn0FIRFh9fpBzOaZO35CiblK8jY6Sr+yopgV8yFw38C6TFPyxxFbX y6wMUbhtPEQR0i9FXwWv5GE2jayS2KDQJoJqgtJWzoi6MvYe8rqpy9bz+bJpg1fEMJdW3BwHeEtZW0 IeApnzknnnAfpfqTuQjq57P16eTsfQHpxIo46RkvtCfD5P56WP2VBp6VwruecAr3NSHzSD1Gxuh+vx pQDuXFagqcqmzlKzoUmAYkuuA1nSPoYra9FrOfYU+Hm2oJPl0PdzATH1TSAC4aOj1cvoFAB2TQWEHs H5sgt1jY7Xl7ywhgkZbcfaWxJpqWc83Rc2A6Xz9z60JFbFYq05EIpiXrxXys4fyAq7x9+HhKCHWJFy 4TX1ggdfIcR+wpXYm9xVv/I1bVtVcOjebcKApPtFrS4md0wAASDyN4+Ly1nxaK+Kigz3sGv9uExmP1 fryIdiZOMWL7kHOizYjbm1v1BvU3X1GBPIgvDq9RF7B1n5dyffkQeL5o1YHkuKTfv/H5vRmnfZ10zw kYBbLF+yKczyv0rDwse0oGg7c+hKDqq77KqXlBAq1JVe/IgvFllZ2fMNol4A== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org For files that lack trailing newlines and match a leaking address (e.g. wchan[1]), the leaking_addresses.pl report would run together with the net line, making things look corrupted. Unconditionally remove the newline on input, and write it back out on output. [1] https://lore.kernel.org/all/20210103142726.GC30643@xsang-OptiPlex-9020/ Cc: "Tobin C. Harding" Cc: Tycho Andersen Signed-off-by: Kees Cook --- scripts/leaking_addresses.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index b2d8b8aa2d99..8f636a23bc3f 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -455,8 +455,9 @@ sub parse_file open my $fh, "<", $file or return; while ( <$fh> ) { + chomp; if (may_leak_address($_)) { - print $file . ': ' . $_; + printf("$file: $_\n"); } } close $fh; From patchwork Fri Sep 24 06:20:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12537805 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F19CAC433F5 for ; Fri, 24 Sep 2021 06:23:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D00846124F for ; Fri, 24 Sep 2021 06:23:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244198AbhIXGXD (ORCPT ); Fri, 24 Sep 2021 02:23:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38294 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244165AbhIXGW7 (ORCPT ); Fri, 24 Sep 2021 02:22:59 -0400 Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ABBF5C0613E1 for ; Thu, 23 Sep 2021 23:20:18 -0700 (PDT) Received: by mail-pl1-x631.google.com with SMTP id n2so5743073plk.12 for ; Thu, 23 Sep 2021 23:20:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=gtp+PhiNYL14RQ36xZy2Q/C53xERkhDc4tFWQNnO3vk=; b=fNdXsf2wBVkiDe6gWGju9kPx4AwSHKIvM1vTsiqeS3wn1Iu5U/KnbMDLraPJUIO8uk N3aouM1uMKmG6c0c0qREFiGypCqRzRWn3qsSlq2Q2pWXoJI+tzpXZmoNGgeCXEE2ifGj /80880cCTeP6f7uSPWy7pg/+N6GqRbqq8iaGI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=gtp+PhiNYL14RQ36xZy2Q/C53xERkhDc4tFWQNnO3vk=; b=6d+x8lyCy55XikUKv2Ul/iNnHKpWe9rEhj5XrPRAKViPrhbnOdYsmLxIvp0AOfTTMT k1v5CKXR0JkhIZWuYxRT1S2Z2KrgUTN7KDmRLUD/iO9re6jZ7asfh0OtE6w0mROY8nCe NkrDLkYmNBDPX+vajR8uR6jQq/BZgXe8AwoUdBxppZnTzOym2v8TXnumn+V5GZ6jqpee euWqOwa4po+xjvGSPVeSqsRNreGpKN/BfHNIcS291AwFXxCEUknQORJ/V+QTxb8DMLOj d77l8ShWIFBdcG34s9qlVRLocCJw1ImqyETwp+LjNIZbwqXdJe5iCII+adMLI1rAuhkA jZDg== X-Gm-Message-State: AOAM532C6A7ft9Ri3tUlx6snIlNBgLwG/jWyt80nRX0fGJZIXo3AVlJp GGaGqiV8m4UZff0AcQqLwSpcyA== X-Google-Smtp-Source: ABdhPJy1zhOzlP3OCh0HTB40xpV43kVP1bbFS8pCx+Z34LJkWO7dDHbsvHF2OOX5mJ7P7a2qPluUQg== X-Received: by 2002:a17:90a:2e0e:: with SMTP id q14mr234223pjd.171.1632464418245; Thu, 23 Sep 2021 23:20:18 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id w142sm7521009pfc.47.2021.09.23.23.20.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Sep 2021 23:20:16 -0700 (PDT) From: Kees Cook To: Andrew Morton Cc: Kees Cook , Qi Zheng , stable@vger.kernel.org, Helge Deller , Vito Caputo , Josh Poimboeuf , Jann Horn , "Tobin C. Harding" , Tycho Andersen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Mark Rutland , Jens Axboe , Peter Zijlstra , Andy Lutomirski , Lai Jiangshan , Stefan Metzmacher , Dave Hansen , Christian Brauner , Michal Hocko , "Eric W. Biederman" , Randy Dunlap , Ohhoon Kwon , YiFei Zhu , kernel test robot , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, x86@kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH 3/3] x86: Fix get_wchan() to support the ORC unwinder Date: Thu, 23 Sep 2021 23:20:06 -0700 Message-Id: <20210924062006.231699-4-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210924062006.231699-1-keescook@chromium.org> References: <20210924062006.231699-1-keescook@chromium.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2655; i=keescook@chromium.org; h=from:subject; bh=h4Mwhvti6HC9Gzl6rvebY2d6U2FoXZWvHbtyd+yZEFo=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBhTW4Wr/0QSzXjC1MlF3eZkA04AE/CdBQgh6sIk6Hd p5JfgfyJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYU1uFgAKCRCJcvTf3G3AJvgvD/ 0Wj7dtO4lv/TyeF7NG65VuqZkcc0g9euy9CGnrus/2KjABDj/SDPpG5kn2qPiosFecigyVpj7ZcOG7 xo2svpeeZMqWDEOJcWKDaTFOh8VrQHuyk5hFFu2TalMkGchr2DZpRU3vP8HbCh/KWjScvx/Hjuktfl cCn9i2tuzuZWm2pw7n+ZB4BMkXg3dtcUUmLLiJgRff4oBkpoF4msWMubgYr54JRuRuVHBH23ZQP+k4 GDdm1MFMDoZ9bz6D2wDbP7mFXl5OzN09gKxl92IpVr9bOz7oZ+mzrJevkm8Frw2+Wd2FFTVkI4JJ2l F5BGukMT6aM+9Uio5hAQIFH0n+yRc6Vm9Pref6/4gb7QXzeuBP//kg8Z6qyZ50WwWMEIVg4RHH+Jqu MTsrlKAxfl8UWPTSB8pbBgjWxzJqWIlPTTIRXn0LFyqOKf/Z+I0ZG5F+7HrnvM6yhNcxmdddeRoUdP mNAOr2EoH/D4m3iqko+20JYvHgsgfrXqrHABEQ+JPO8NBZ3vKc19VMPLsHoUtOlVDGw/bVLMqAZn61 iIQxBEhODvlR4eXY3rO9Zs+k3hoHiV9/NZaZtjAVOVEAaeLUg2/pGoCVC2ltfxrlF8n9RiEC7OYWPB L3h8n6Nz1IgbJpcDgT5qPegnC8uVTjfBdyWOjmn2mbIHJS9ezNyH4CMBJ4BQ== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Qi Zheng Currently, the kernel CONFIG_UNWINDER_ORC option is enabled by default on x86, but the implementation of get_wchan() is still based on the frame pointer unwinder, so the /proc//wchan usually returned 0 regardless of whether the task is running. Reimplement get_wchan() by calling stack_trace_save_tsk(), which is adapted to the ORC and frame pointer unwinders. Fixes: ee9f8fce9964 ("x86/unwind: Add the ORC unwinder") Signed-off-by: Qi Zheng Link: https://lore.kernel.org/r/20210831083625.59554-1-zhengqi.arch@bytedance.com Cc: stable@vger.kernel.org Signed-off-by: Kees Cook --- arch/x86/kernel/process.c | 51 +++------------------------------------ 1 file changed, 3 insertions(+), 48 deletions(-) diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 1d9463e3096b..e645925f9f02 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -944,58 +944,13 @@ unsigned long arch_randomize_brk(struct mm_struct *mm) */ unsigned long get_wchan(struct task_struct *p) { - unsigned long start, bottom, top, sp, fp, ip, ret = 0; - int count = 0; + unsigned long entry = 0; if (p == current || task_is_running(p)) return 0; - if (!try_get_task_stack(p)) - return 0; - - start = (unsigned long)task_stack_page(p); - if (!start) - goto out; - - /* - * Layout of the stack page: - * - * ----------- topmax = start + THREAD_SIZE - sizeof(unsigned long) - * PADDING - * ----------- top = topmax - TOP_OF_KERNEL_STACK_PADDING - * stack - * ----------- bottom = start - * - * The tasks stack pointer points at the location where the - * framepointer is stored. The data on the stack is: - * ... IP FP ... IP FP - * - * We need to read FP and IP, so we need to adjust the upper - * bound by another unsigned long. - */ - top = start + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING; - top -= 2 * sizeof(unsigned long); - bottom = start; - - sp = READ_ONCE(p->thread.sp); - if (sp < bottom || sp > top) - goto out; - - fp = READ_ONCE_NOCHECK(((struct inactive_task_frame *)sp)->bp); - do { - if (fp < bottom || fp > top) - goto out; - ip = READ_ONCE_NOCHECK(*(unsigned long *)(fp + sizeof(unsigned long))); - if (!in_sched_functions(ip)) { - ret = ip; - goto out; - } - fp = READ_ONCE_NOCHECK(*(unsigned long *)fp); - } while (count++ < 16 && !task_is_running(p)); - -out: - put_task_stack(p); - return ret; + stack_trace_save_tsk(p, &entry, 1, 0); + return entry; } long do_arch_prctl_common(struct task_struct *task, int option,