From patchwork Wed Aug 2 14:33:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 129887 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f41:0:b0:3e4:2afc:c1 with SMTP id v1csp525403vqx; Wed, 2 Aug 2023 08:10:00 -0700 (PDT) X-Google-Smtp-Source: APBJJlFVF3z9L4fmuIv861bdfHNrQIb7B7wXXH2nqC6aaD7+ZKfsSYNCNgDCdq3q2wOFdwfdFqqC X-Received: by 2002:a05:6a00:2352:b0:687:1a86:7a78 with SMTP id j18-20020a056a00235200b006871a867a78mr14854116pfj.9.1690988999851; Wed, 02 Aug 2023 08:09:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690988999; cv=none; d=google.com; s=arc-20160816; b=JPQH53VTKRqIc2sNQWiWCmYuRRvQVd6U7uyj8HD0C5q5oL0b/SbhKv3tejn3SmtGXX fJcHQtyrqFiXc4ZbYFRE4MtA16A3R5JqVJAsSHfni6OjANwkoMS+lF+Sw0mrOzTpkZzI rAxcSc6zu58vMwKs1a/RMZtkG45UR9KjJuKuLMOaHbYd/8j3J7mKOutNgITtRJLqNwAY kCrTjqoaTD6tOHYwbIvW71RWkA2JUK+ACRv4loI+HgrDjjrLTit3EY9khFZg9rHNt6T9 /e63GsileHZPlRRKeZSX0G2oAsI8GcxgAds1G/R5wyG9oBl0O4Ic+n5toakKgjiwTi3E JmYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=i4djLxpRxCI6vFN9lbiqantN6FRdXb1eJIUZGIg6LFc=; fh=ACLDnPx2FRrdqe7euoMdSU0ggmh8rzp5jefX421Hcmg=; b=hwoiCydQ4VvWuQ3Fv/ILuPxrnEfUmCK/i0yTqZmPE/01y/fg3PVdXFVV5qvbLz/oJ3 Hw5ZjSvA63WsPxeK6iCQmwOYa+nKs0lrpeHSU6DNKNn8du7o3URk7KK6HUm4qmWeSmN4 IZrdRp7HDfvn50+aV+ozndHMZZqA4kD2QFM1KN1qw5a7uEtXxl+XlI0npMYCVfSWw0+N 2OKfjU9xM4Wv7rQkm9f2NrCr8xOxcj1gdohO0M3oED4cfoP1M8ysFeK8PMPpqFLK+MHc XF5zsilgeISp5v6WJJPnvO7g4heG0OYxWC7YI4KeAEXxAXMbGQuVC6oLtyffKZjOvC49 EzDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=WtUXvXrI; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=5sRSeF4p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cm25-20020a056a00339900b006871527e5cdsi8736143pfb.345.2023.08.02.08.09.39; Wed, 02 Aug 2023 08:09:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=WtUXvXrI; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=5sRSeF4p; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233820AbjHBOdY (ORCPT + 99 others); Wed, 2 Aug 2023 10:33:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231901AbjHBOdU (ORCPT ); Wed, 2 Aug 2023 10:33:20 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6788719AA; Wed, 2 Aug 2023 07:33:18 -0700 (PDT) Date: Wed, 02 Aug 2023 14:33:16 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1690986796; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i4djLxpRxCI6vFN9lbiqantN6FRdXb1eJIUZGIg6LFc=; b=WtUXvXrIWLS/fRB7sccQgzkZr1lXLu+g5WQ4eoi1JijQXmFNKou/+o9eZwvKxbgNm2RzD8 Lcli2d9je7GeC8by5KO4P3iba6H0+I2ArchXXWG0WAEARjIVBcdsbMpAzsmp7YVyjauORN vKWLkTnn8Xat0JyZ8PEcxQbvCa7O2SGKX4kfmxurQHKIF8aOj0CVJkcQ6uCiCGLJ/yeeBK mSgIUCw7zZA4hcFAQWUITyIeYtQWz9e6QM2Qa/Tyz5Ym/U2g8CWB8J3H7UB2YApVrZp0UL fqwWptRbOIrthJBsCEzNCDCHXu2KHflTb+Qw1oszT2EU1Tmp3spmR7XgOXfbhw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1690986796; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i4djLxpRxCI6vFN9lbiqantN6FRdXb1eJIUZGIg6LFc=; b=5sRSeF4pJ2ijlP3JwG4X1ujzT4ce94b7LbL7QWSkH+Kz9gedUYfnoSeiIwq8elRcDWtZwB t/8uO8h02OtJccDg== From: "tip-bot2 for Masami Hiramatsu" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/core] x86/kprobes: Prohibit probing on compiler generated CFI checking code Cc: "Masami Hiramatsu (Google)" , "Peter Zijlstra (Intel)" , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <168904025785.116016.12766408611437534723.stgit@devnote2> References: <168904025785.116016.12766408611437534723.stgit@devnote2> MIME-Version: 1.0 Message-ID: <169098679641.28540.17338602832715427082.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771089679370464342 X-GMAIL-MSGID: 1773130481357145294 The following commit has been merged into the x86/core branch of tip: Commit-ID: b65413768abd27a55af74945aec58127a52b30a8 Gitweb: https://git.kernel.org/tip/b65413768abd27a55af74945aec58127a52b30a8 Author: Masami Hiramatsu AuthorDate: Tue, 11 Jul 2023 10:50:58 +09:00 Committer: Peter Zijlstra CommitterDate: Wed, 02 Aug 2023 16:27:07 +02:00 x86/kprobes: Prohibit probing on compiler generated CFI checking code Prohibit probing on the compiler generated CFI typeid checking code because it is used for decoding typeid when CFI error happens. The compiler generates the following instruction sequence for indirect call checks on x86;   movl -, %r10d ; 6 bytes addl -4(%reg), %r10d ; 4 bytes je .Ltmp1 ; 2 bytes ud2 ; <- regs->ip And handle_cfi_failure() decodes these instructions (movl and addl) for the typeid and the target address. Thus if we put a kprobe on those instructions, the decode will fail and report a wrong typeid and target address. Signed-off-by: Masami Hiramatsu (Google) Signed-off-by: Peter Zijlstra (Intel) Link: https://lore.kernel.org/r/168904025785.116016.12766408611437534723.stgit@devnote2 --- arch/x86/kernel/kprobes/core.c | 34 +++++++++++++++++++++++++++++++++- include/linux/cfi.h | 4 +++- 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c index f7f6042..e8babeb 100644 --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -45,6 +45,7 @@ #include #include #include +#include #include #include @@ -293,7 +294,40 @@ static int can_probe(unsigned long paddr) #endif addr += insn.length; } + if (IS_ENABLED(CONFIG_CFI_CLANG)) { + /* + * The compiler generates the following instruction sequence + * for indirect call checks and cfi.c decodes this; + * + *  movl -, %r10d ; 6 bytes + * addl -4(%reg), %r10d ; 4 bytes + * je .Ltmp1 ; 2 bytes + * ud2 ; <- regs->ip + * .Ltmp1: + * + * Also, these movl and addl are used for showing expected + * type. So those must not be touched. + */ + __addr = recover_probed_instruction(buf, addr); + if (!__addr) + return 0; + + if (insn_decode_kernel(&insn, (void *)__addr) < 0) + return 0; + + if (insn.opcode.value == 0xBA) + offset = 12; + else if (insn.opcode.value == 0x3) + offset = 6; + else + goto out; + + /* This movl/addl is used for decoding CFI. */ + if (is_cfi_trap(addr + offset)) + return 0; + } +out: return (addr == paddr); } diff --git a/include/linux/cfi.h b/include/linux/cfi.h index 5e134f4..3552ec8 100644 --- a/include/linux/cfi.h +++ b/include/linux/cfi.h @@ -19,11 +19,13 @@ static inline enum bug_trap_type report_cfi_failure_noaddr(struct pt_regs *regs, { return report_cfi_failure(regs, addr, NULL, 0); } +#endif /* CONFIG_CFI_CLANG */ #ifdef CONFIG_ARCH_USES_CFI_TRAPS bool is_cfi_trap(unsigned long addr); +#else +static inline bool is_cfi_trap(unsigned long addr) { return false; } #endif -#endif /* CONFIG_CFI_CLANG */ #ifdef CONFIG_MODULES #ifdef CONFIG_ARCH_USES_CFI_TRAPS