From patchwork Tue Jul 11 01:50:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Masami Hiramatsu (Google)" X-Patchwork-Id: 118204 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:a6b2:0:b0:3e4:2afc:c1 with SMTP id c18csp201269vqm; Mon, 10 Jul 2023 19:34:32 -0700 (PDT) X-Google-Smtp-Source: APBJJlFaLJX36ZmhAePIHpJm+cgQ//c8/x6Q8TF060UkJ/vMQNxrHkAgnrxF033Di3zDu3mKjrQG X-Received: by 2002:a05:6808:1799:b0:3a1:e166:156a with SMTP id bg25-20020a056808179900b003a1e166156amr19184825oib.8.1689042872479; Mon, 10 Jul 2023 19:34:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689042872; cv=none; d=google.com; s=arc-20160816; b=hatFewSEixJ9UqpS2lS3LF9O9ykmi+MJJhIRdg1gIOkhFAU9Mef/WDRpOH8QJJVrCb ktv46awF9WMs2D3z8a8JJvUU4eOIvxMXKsMv0gBfPt0SX1/5WYn2RJZ2mqMCH/e5opHa ocsS/lzSHll7beEM20gqtvC0qdYrkFUKx6WA4raCJ4HbNTox8cmQc+LbW65qvXQ98wBX fvzQX+qaGRwbSlP05vHiT0EQdUS1S3JP77BttAWvp59j/yJAhNHQS1msAg+kA+Vgl361 APc63c+nH5X24Aq0uWOJC1VJudaerWfSG3SkzMqf9pMaaAiqsmruap7Jk32sqlob+omg 7tIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=jxYdPxP7ShLVHg0Xc82WRm0TrOiYkEN6tOOLYv4806U=; fh=B4q89xUy9DRjDdZZ7pfgA4xc0K5nMMNyHs2WNlwRQlk=; b=WI78K5GbBxJ5rLiai0g52deUJcOei5jhpfe/k5kEc5ieu2KEc30Gs9h7GLQpCfuoKk 760V8UfqyrNEKTJVaSBDOhOpFJUX1XB8wVOOrm4Z3Ud2F6dlmeDPBS0PEQvBn6H2Y6d+ 352/Ahanoj+Ik/uLiwaKZgvb2wsfbfsohveB8yuDzI6d6hBCBKilW/JCAyrF+2jrYwXg wd0GE5Rd7ubeyfFOv6S8vIsraPq4cZPYVoT28j8L73ZBKrht56trfr+MTkm4KyqZ/u4e FjjhnROu/53tRC2M5p5nhJvx1N9bbRWsXbUfMHQzbxHFP6ESqkhI+Q5z2fHxPD+L+tU2 NBbg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YSU9s+PA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cp26-20020a056a00349a00b0066733d71d01si657577pfb.317.2023.07.10.19.34.19; Mon, 10 Jul 2023 19:34:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YSU9s+PA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230264AbjGKBv2 (ORCPT + 99 others); Mon, 10 Jul 2023 21:51:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51110 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229532AbjGKBvV (ORCPT ); Mon, 10 Jul 2023 21:51:21 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7721CB6; Mon, 10 Jul 2023 18:50:53 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 116CC612C3; Tue, 11 Jul 2023 01:50:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A1C2BC433C8; Tue, 11 Jul 2023 01:50:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689040252; bh=G53cisJ1oPIw1E6Ka9hA5wzdkbxHiWemrgTO3t6vUgU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YSU9s+PAzFuCiDGKH9vHy8rem2/DY9PbpK/6bUGql+kKCiDqfW+Qbvl4+QVA0vuDt zh3kL+cUW8kav3KW/YbyKIx6/2cvcDlBkB014nG4SAoDUgM99tZDWezx0nRwhQjCUq sQsLQtANnT7abWt+M/+6xH4QuR+7FS7qb0GzSjZCgwujOCgui2s82sWeZ6qh2g7cvP SUZlHejcuVrPISlkg6UI2F4ZdO7eumJkNoKsoyafTY3fowcSAAbKTfFGnJzEV2NXIs kBNoTqWZvHYh6mC3x/uIuD9XwIiAs1XLa1t8iSYUnR5Rjd2tJOpZYgbdtDxmbReevl IDVTvz1xLJXEA== From: "Masami Hiramatsu (Google)" To: Peter Zijlstra Cc: Petr Pavlu , tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, samitolvanen@google.com, x86@kernel.org, linux-trace-kernel@vger.kernel.org, linux-kernel@vger.kernel.org, Masami Hiramatsu Subject: [PATCH v2 1/2] kprobes: Prohibit probing on CFI preamble symbol Date: Tue, 11 Jul 2023 10:50:47 +0900 Message-Id: <168904024679.116016.18089228029322008512.stgit@devnote2> X-Mailer: git-send-email 2.25.1 In-Reply-To: <168904023542.116016.10540228903086100726.stgit@devnote2> References: <168904023542.116016.10540228903086100726.stgit@devnote2> User-Agent: StGit/0.19 MIME-Version: 1.0 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771089819040950526 X-GMAIL-MSGID: 1771089819040950526 From: Masami Hiramatsu (Google) Do not allow to probe on "__cfi_" or "__pfx_" started symbol, because those are used for CFI and not executed. Probing it will break the CFI. Signed-off-by: Masami Hiramatsu (Google) Reviewed-by: Steven Rostedt (Google) --- Changes in v2: - Check "__pfx_" prefix functions too. - Make the check unconditional. --- kernel/kprobes.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/kernel/kprobes.c b/kernel/kprobes.c index 00e177de91cc..3da9726232ff 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1545,6 +1545,17 @@ static int check_ftrace_location(struct kprobe *p) return 0; } +static bool is_cfi_preamble_symbol(unsigned long addr) +{ + char symbuf[KSYM_NAME_LEN]; + + if (lookup_symbol_name(addr, symbuf)) + return false; + + return str_has_prefix("__cfi_", symbuf) || + str_has_prefix("__pfx_", symbuf); +} + static int check_kprobe_address_safe(struct kprobe *p, struct module **probed_mod) { @@ -1563,7 +1574,8 @@ static int check_kprobe_address_safe(struct kprobe *p, within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || - find_bug((unsigned long)p->addr)) { + find_bug((unsigned long)p->addr) || + is_cfi_preamble_symbol((unsigned long)p->addr)) { ret = -EINVAL; goto out; } From patchwork Tue Jul 11 01:50:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Masami Hiramatsu (Google)" X-Patchwork-Id: 118200 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:a6b2:0:b0:3e4:2afc:c1 with SMTP id c18csp200493vqm; Mon, 10 Jul 2023 19:32:19 -0700 (PDT) X-Google-Smtp-Source: APBJJlHzzBoPVxsHdI5e8izFPNWIQF9CCDVUpn+AVhGUFlydXhj/CVjEKCqGFDlLa1vLpPKMgRP0 X-Received: by 2002:a05:6a00:b8c:b0:66f:913a:7c1c with SMTP id g12-20020a056a000b8c00b0066f913a7c1cmr13867987pfj.22.1689042739382; Mon, 10 Jul 2023 19:32:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689042739; cv=none; d=google.com; s=arc-20160816; b=SU8naHvQz4uReYVEFQo6qrubV41lb9CWcRv40fDTER33vLQlisDT7Z6IfuKcPwtf93 2Wz7nPW03B1WEup/XV7s6Uqx5ZO3d8sK5PRXcwtYHAH9gdVolU7pT1hXwNDE2bnEIOhH GZE0QxzhUIfBBppFZEvhGTQeaZRxo9Nz4/yM7554f+njC645CB+k9RdYx4FvRNCpjCpa r2DXeVTJ3pVZteIHwTDUkB5vb0gdf0X1/E6mzJaugF0AAmIIHm7pc3ke2IpDD+H+TUfB xQdZb5boIKGejyGXgc1VAIJdxQ1iYkrI40bW9hbwrx/xlvoGts4knv95q/+5H4sp5Bws F31w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=0gxjWb5YnKlZIFnzQFu4Gan2PaNcN8QMCIz13Y21DNU=; fh=B4q89xUy9DRjDdZZ7pfgA4xc0K5nMMNyHs2WNlwRQlk=; b=GDPT8ztBoFmHCpemYDC6wvW4tpt8Xi4UlZmdy+LmOQwCYY0k3gcTDNNk6BISTS6WFm NrNyxCt7Xu6oNRIJsEGRruUqkZBB5GjxwKf5PKcBSI2leMCRnFQQsudTE2N8a7J3lloi KIdnakgbjY/9VBefHgOqSRa7k6IalCWi8Sf9kwDeWBe6/XdJFwuAQRxrlXLDw4uz9iGG hC7JhYn53jjLN7WCcwfrdWmvWbLmK0X9rgnOleSIp7kQfRVryu9WhaTX9bgCQPWyTnkm dmbMYGvM60v6vhy9SjrbTxzs0BvbSjG+oiMkA4bdsRCDUSlJq0GEV4bNlRHvLfOILkZQ Nm1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hoJ0l1uO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s13-20020a63f04d000000b0055b4ef605easi589504pgj.886.2023.07.10.19.32.06; Mon, 10 Jul 2023 19:32:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hoJ0l1uO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230318AbjGKBvb (ORCPT + 99 others); Mon, 10 Jul 2023 21:51:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51082 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230182AbjGKBvW (ORCPT ); Mon, 10 Jul 2023 21:51:22 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7A955136; Mon, 10 Jul 2023 18:51:04 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 03C81612AB; Tue, 11 Jul 2023 01:51:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7DCB6C433C7; Tue, 11 Jul 2023 01:51:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689040263; bh=DyLifkE+mWkAJUWftPR5lGeD6sKueyYzATZh59IvHwA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hoJ0l1uO1SG+a0wjcEMYnieBeWbRZEPyqQUJaeEcVX3zfM8X8IpzK2aG0G/3KCs4E 30Q2WG56TYfXxP96eJ+QjIgVk4cA5Evomj7TK0ebhyIj8BNRHtdrr0r1Ku44lSUgKZ 6/2qNGxfZEe31jVAP9TyUyoAVOi8q70izu8rQ2z2JMNbFCviz+k/6MmEDY3pIlOm9D /BuNnB5ozUhlZmRjh4zZZwQft4iEouEfYe1IiqKukeWFLzLeIg2AtxV7cpGeEoYLdy 1OK+0/EiiFDPfZttGzRLqBD2p8NGplr49H0VK/qk111g7ywuJLfyF3RCyJQnFoOaOj vkHXND+BsUMDg== From: "Masami Hiramatsu (Google)" To: Peter Zijlstra Cc: Petr Pavlu , tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, samitolvanen@google.com, x86@kernel.org, linux-trace-kernel@vger.kernel.org, linux-kernel@vger.kernel.org, Masami Hiramatsu Subject: [PATCH v2 2/2] x86/kprobes: Prohibit probing on compiler generated CFI checking code Date: Tue, 11 Jul 2023 10:50:58 +0900 Message-Id: <168904025785.116016.12766408611437534723.stgit@devnote2> X-Mailer: git-send-email 2.25.1 In-Reply-To: <168904023542.116016.10540228903086100726.stgit@devnote2> References: <168904023542.116016.10540228903086100726.stgit@devnote2> User-Agent: StGit/0.19 MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771089679370464342 X-GMAIL-MSGID: 1771089679370464342 From: Masami Hiramatsu (Google) Prohibit probing on the compiler generated CFI typeid checking code because it is used for decoding typeid when CFI error happens. The compiler generates the following instruction sequence for indirect call checks on x86;   movl -, %r10d ; 6 bytes addl -4(%reg), %r10d ; 4 bytes je .Ltmp1 ; 2 bytes ud2 ; <- regs->ip And handle_cfi_failure() decodes these instructions (movl and addl) for the typeid and the target address. Thus if we put a kprobe on those instructions, the decode will fail and report a wrong typeid and target address. Signed-off-by: Masami Hiramatsu (Google) Acked-by: Peter Zijlstra (Intel) --- arch/x86/kernel/kprobes/core.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c index f7f6042eb7e6..fa8c2b41cbaf 100644 --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -54,6 +54,7 @@ #include #include #include +#include #include "common.h" @@ -293,7 +294,40 @@ static int can_probe(unsigned long paddr) #endif addr += insn.length; } + if (IS_ENABLED(CONFIG_CFI_CLANG)) { + /* + * The compiler generates the following instruction sequence + * for indirect call checks and cfi.c decodes this; + * + *  movl -, %r10d ; 6 bytes + * addl -4(%reg), %r10d ; 4 bytes + * je .Ltmp1 ; 2 bytes + * ud2 ; <- regs->ip + * .Ltmp1: + * + * Also, these movl and addl are used for showing expected + * type. So those must not be touched. + */ + __addr = recover_probed_instruction(buf, addr); + if (!__addr) + return 0; + + if (insn_decode_kernel(&insn, (void *)__addr) < 0) + return 0; + + if (insn.opcode.value == 0xBA) + offset = 12; + else if (insn.opcode.value == 0x3) + offset = 6; + else + goto out; + + /* This movl/addl is used for decoding CFI. */ + if (is_cfi_trap(addr + offset)) + return 0; + } +out: return (addr == paddr); }