From patchwork Mon Jul 10 12:14:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Masami Hiramatsu (Google)" X-Patchwork-Id: 117882 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp4984541vqx; Mon, 10 Jul 2023 05:22:33 -0700 (PDT) X-Google-Smtp-Source: APBJJlEpvHHD71/xvwHApoNIJUlJGlLbG2sO9ooCIf1aUmmr1h3g74+5okYTk5Bo7qeK1R5CmsRB X-Received: by 2002:aa7:c7c4:0:b0:51e:7c:5025 with SMTP id o4-20020aa7c7c4000000b0051e007c5025mr10419834eds.9.1688991752690; Mon, 10 Jul 2023 05:22:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688991752; cv=none; d=google.com; s=arc-20160816; b=Hvk8UKogWN21ooPz/V1Bxs2KF1YCWJp6jR0LCgFAlGAEXCBH/FZ+S6lZ70Ib+rDUOt L+4Fuj+9W10dAZIa6Z8BqrdevHwkrYzhvHryxWASAjJZkGU4mPIZMyXQ305iIcbgpPGe +YCwb7R7vd2426nPhM3K6p8bjzJ0q1ekjEUR3Z05+vmnSA/gZbc9D4AjBsFItD3AfBMj HBDhMwycFg50L6juIPDCS9kCvoUKhue6miC05qk8rnFTPr1gu1RFZsU5L+wOKGQU3+rs Krop/AYcAtsNwXGvi7qLpQRfZJhEVtdFM+LGfrXbFyRUwML5QdQEFeUwO3mUMoah1GB/ mwEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=mmXiU50XjgU1QUGmB0gXOqv9g2B0Opao2VF3bCDMlFA=; fh=B4q89xUy9DRjDdZZ7pfgA4xc0K5nMMNyHs2WNlwRQlk=; b=ZjXpztmTTh0IELf3bKJ1UfbukGbu67Ld6uVsZX0EtsQ+br8wibwZR0Bu3WMrUzBjui q9bEtGFtUxliKitoKWvJLNp1vqOg16fvs3YFB7LSQ1oi5hu2fdQSc51RIJxXFd7aL2cx QZhb/nxx1sw4wKX7Mt7bHRJIgVm5oCGADW99bWTa7FnGZoCEUho+BIF5A6Fkf1TQyizQ zLACDr+DRdEu8ahO/XtH6mrWVGpreM0Lch2ne7X7iFpXJFUJb0iGqEA2mtGqmNx+8jer DfUM3jRS7OVII6d/51KDsS8t7r0juKQ2oA5Q29HaT8YNthgFxoeUxuFMNnJowRCqNG74 ldcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=eBoK6rpn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d5-20020a05640208c500b0051e126a3fecsi9069680edz.311.2023.07.10.05.22.08; Mon, 10 Jul 2023 05:22:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=eBoK6rpn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230361AbjGJMOd (ORCPT + 99 others); Mon, 10 Jul 2023 08:14:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56344 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230492AbjGJMOb (ORCPT ); Mon, 10 Jul 2023 08:14:31 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B520D118; Mon, 10 Jul 2023 05:14:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4AD6260FD6; Mon, 10 Jul 2023 12:14:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1DD20C433C7; Mon, 10 Jul 2023 12:14:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1688991269; bh=/Q11alT8tbZRlfgyDDMM5QaswwfEKymoi7mANE+IolU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eBoK6rpnc6ooaLGvz/UPIrjCuWlziMTtlLYOn/o+xtxH7S6khirTDK2EfkX1Iw6TS /z+f6x1g8CfW5ke4WIyvljbM9SVmTXEWKp9VnVm54zNZG92Zl9FmWi1K2VNUs1Pj+T /NSMYsS3CWYPeMezLNMQ4DvwhBCyxzzxj4EhjnnrgxaEObXwE87lo4lK+vQ/uXZwJr dXHTvksru2ImAsvrhYVHeYrYsScbel2TVzCXFdXpPIAH742h3VRB4ttuJJlThQYia+ YlP8//zNN9PJO0cQiRcryLAuUB6HNbL/z0uOQ2Gfe6bE3h9QkQF3Nhx5/DabpCatqT +3+hx94BKLHUg== From: "Masami Hiramatsu (Google)" To: Peter Zijlstra Cc: Petr Pavlu , tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, samitolvanen@google.com, x86@kernel.org, linux-trace-kernel@vger.kernel.org, linux-kernel@vger.kernel.org, Masami Hiramatsu Subject: [RFC PATCH 1/2] kprobes: Prohibit probing on CFI preamble symbol Date: Mon, 10 Jul 2023 21:14:24 +0900 Message-Id: <168899126450.80889.16200438320430187434.stgit@devnote2> X-Mailer: git-send-email 2.25.1 In-Reply-To: <168899125356.80889.17967397360941194229.stgit@devnote2> References: <168899125356.80889.17967397360941194229.stgit@devnote2> User-Agent: StGit/0.19 MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771036215569459714 X-GMAIL-MSGID: 1771036215569459714 From: Masami Hiramatsu (Google) Do not allow to probe on "__cfi_" started symbol, because it includes a typeid value in the code for CFI. Probing it will break the typeid checking. Signed-off-by: Masami Hiramatsu (Google) --- kernel/kprobes.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 00e177de91cc..ce2e460c1f79 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1545,6 +1545,20 @@ static int check_ftrace_location(struct kprobe *p) return 0; } +#ifdef CONFIG_CFI_CLANG +static bool is_cfi_preamble_symbol(unsigned long addr) +{ + char symbuf[KSYM_NAME_LEN]; + + if (lookup_symbol_name(addr, symbuf)) + return false; + + return str_has_prefix("__cfi_", symbuf); +} +#else +#define is_cfi_preamble_symbol(addr) (0) +#endif + static int check_kprobe_address_safe(struct kprobe *p, struct module **probed_mod) { @@ -1563,7 +1577,8 @@ static int check_kprobe_address_safe(struct kprobe *p, within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || - find_bug((unsigned long)p->addr)) { + find_bug((unsigned long)p->addr) || + is_cfi_preamble_symbol((unsigned long)p->addr)) { ret = -EINVAL; goto out; } From patchwork Mon Jul 10 12:14:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Masami Hiramatsu (Google)" X-Patchwork-Id: 117884 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp4993336vqx; Mon, 10 Jul 2023 05:38:13 -0700 (PDT) X-Google-Smtp-Source: APBJJlF1WHd3DgvbjAP2QaFiMiMrrEUzgN0jDoANuZas+34S9B7gOacFu/q8wd5+TKz7KSC930Tp X-Received: by 2002:aa7:d91a:0:b0:51b:fbf3:d9a7 with SMTP id a26-20020aa7d91a000000b0051bfbf3d9a7mr11995264edr.39.1688992693706; Mon, 10 Jul 2023 05:38:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688992693; cv=none; d=google.com; s=arc-20160816; b=iXC/a4S9oDjC3ax19/Mi5QAWCCSlgqYrI6P0pfUJUWBl4P/Qty2wkklne9rjTzzdxj aepqf4mCqLWbqNImyxHFJVjJJxoOQTldtD0TqcN4LJKTYjSz6tP7nm77RroG1NzptfMf v1V7Q7lRaLbVZ0I76PUhfvCkH913OjsJmYV0wKX2jCnnPerdrNaamyzb7QMnZD2/2B6f peZ5OSfkZXcECB55m24YOg56vWQWWvi19SpcWkj9q+uRBPG7PbQP/tbegGaoX3QnO2aT abmPX7wpr5FxWqlDqr4rBEV4vBeLgkD5YeDaITEAMbcIrsQSGm739rSF0a50fKChGDZy Pb7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=EpmgswIp+I0TLIhYt/2A6X9ydnnDN3n2TS2BkLyOpL8=; fh=B4q89xUy9DRjDdZZ7pfgA4xc0K5nMMNyHs2WNlwRQlk=; b=evK4ZlyacMCtvM59IcebQ5kvxS1MfMEH9UVUBsPTWEDCb/+6z/OtpBTRGKd5HBy0tB hgXwrmz6JZ1ia0+mkec3QkzzNyOtU3/AcNgpfpajVEU1N6Bfzkv5dMztDdNlOGUZV+z5 e3SP84EdB65qzDbahYHbLsMTSz+a6U13ksSDpVi5tQg2XnJnyx5vatwvPG7lIHL/rMtz J45HT2ON41npllAoPtX4Wl/TpqMt5PRCXq5YPRR1GHGBUTYqtA0HQroOW7mrKQpzPi8H tADVjTC/DEMcEL09TGNVz87pr63ndw9CBxnULkbKFUPT7fZb4vPp1/+z/b3ViOLAXQDz YxyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DuJ8f0e7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q20-20020aa7da94000000b0051e226c4e6dsi10323655eds.278.2023.07.10.05.37.50; Mon, 10 Jul 2023 05:38:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DuJ8f0e7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231253AbjGJMOv (ORCPT + 99 others); Mon, 10 Jul 2023 08:14:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56536 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229759AbjGJMOq (ORCPT ); Mon, 10 Jul 2023 08:14:46 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41775180; Mon, 10 Jul 2023 05:14:41 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5D4BE60FD9; Mon, 10 Jul 2023 12:14:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EE57AC433C9; Mon, 10 Jul 2023 12:14:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1688991280; bh=keXlJlAzhceOANDhcIRA1uDchUR8isMCDIVgVQwTE4A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DuJ8f0e72x8Q5m1yjEwl9Gx7RYAGn2V9Cy601y7bD2ecK4X4cHGOOCN0Kkzlnm/B3 /2Lmy9WhuBpa1bQKtGkK0dXCieP76n0BgarlhMvBqdMNAkvzz9J9zgm+ibjg0+Ijfj TqpJCkszJkzFxo61d7eKrA0eZwQ4vD9UJa01YO1hxM3kR8Eu3XYFuSULFdPGsDReS5 OGQR0/iMwLY42VlDMqFVIjNHPEr2o82sOyYLwkPmOFUpLH4S40fMyzcRN3tE/59W96 gfCtOUtvkpx4KaOLbaXFpx49s4zylVPvUdchhPIbP86VwaJKXQf7vyunHfkhtokiQG OfTRE9rzzx++A== From: "Masami Hiramatsu (Google)" To: Peter Zijlstra Cc: Petr Pavlu , tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, samitolvanen@google.com, x86@kernel.org, linux-trace-kernel@vger.kernel.org, linux-kernel@vger.kernel.org, Masami Hiramatsu Subject: [RFC PATCH 2/2] x86/kprobes: Prohibit probing on compiler generated CFI checking code Date: Mon, 10 Jul 2023 21:14:35 +0900 Message-Id: <168899127520.80889.15418363018799407058.stgit@devnote2> X-Mailer: git-send-email 2.25.1 In-Reply-To: <168899125356.80889.17967397360941194229.stgit@devnote2> References: <168899125356.80889.17967397360941194229.stgit@devnote2> User-Agent: StGit/0.19 MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771037202371841863 X-GMAIL-MSGID: 1771037202371841863 From: Masami Hiramatsu (Google) Prohibit probing on the compiler generated CFI typeid checking code because it is used for decoding typeid when CFI error happens. The compiler generates the following instruction sequence for indirect call checks on x86;   movl -, %r10d ; 6 bytes addl -4(%reg), %r10d ; 4 bytes je .Ltmp1 ; 2 bytes ud2 ; <- regs->ip And handle_cfi_failure() decodes these instructions (movl and addl) for the typeid and the target address. Thus if we put a kprobe on those instructions, the decode will fail and report a wrong typeid and target address. Signed-off-by: Masami Hiramatsu (Google) Acked-by: Peter Zijlstra (Intel) --- arch/x86/kernel/kprobes/core.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c index f7f6042eb7e6..fa8c2b41cbaf 100644 --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -54,6 +54,7 @@ #include #include #include +#include #include "common.h" @@ -293,7 +294,40 @@ static int can_probe(unsigned long paddr) #endif addr += insn.length; } + if (IS_ENABLED(CONFIG_CFI_CLANG)) { + /* + * The compiler generates the following instruction sequence + * for indirect call checks and cfi.c decodes this; + * + *  movl -, %r10d ; 6 bytes + * addl -4(%reg), %r10d ; 4 bytes + * je .Ltmp1 ; 2 bytes + * ud2 ; <- regs->ip + * .Ltmp1: + * + * Also, these movl and addl are used for showing expected + * type. So those must not be touched. + */ + __addr = recover_probed_instruction(buf, addr); + if (!__addr) + return 0; + + if (insn_decode_kernel(&insn, (void *)__addr) < 0) + return 0; + + if (insn.opcode.value == 0xBA) + offset = 12; + else if (insn.opcode.value == 0x3) + offset = 6; + else + goto out; + + /* This movl/addl is used for decoding CFI. */ + if (is_cfi_trap(addr + offset)) + return 0; + } +out: return (addr == paddr); }