Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp3930963pxu; Tue, 20 Oct 2020 04:27:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJySmiVZW21smcKCpXr148IkdhdK71swt5O2emsPi5vdrERmi4/tMdc5taAvUlsJDXaoxXLo X-Received: by 2002:aa7:d8cd:: with SMTP id k13mr2219575eds.91.1603193273765; Tue, 20 Oct 2020 04:27:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603193273; cv=none; d=google.com; s=arc-20160816; b=Z3IptmG2yodkI9WwvS/84E+uPZ/ygVcNTS8Ow25JhyA2M9lIe7pErk+Aifk1gzAtVR zmwCT1K6N6VuP1ROiZprte5xsvnNm7h7o9mGW2gE6FwDhb+6CGyvZXrhwCMGoTHrC9+3 7MWTjPq4DiXfDmBiKioT3/DlE/S+zajtK+N4DZMYtGyeVvJiyftJawszMCdAh7SzNfwi 1gvIeVpavLZmOr9emSWCE/vOavOPGdS3z85Uz1zyCmeurskP0hLi4FJmz+hpuTM6z6gO g4ibtNAv5sdL3oEolpslOiUE1L4gF69XdhbG3zAtd5bdHqWlq7CRfB3AlxK90qeNENVF VsVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=ulf1b4scapw8ctjjAAz+4kLXfTbjmbhJeEFBO0fcNVE=; b=mVLcSbUx00yfPGhD+/GY+0cRiLWvDL2vMgLUKxPqqZt7PFzwSwtfGYNRcMyQBzbYzb xoAxVzvcg+V0lG7cn/CrwQ/rx9dVqEdFZgDkIwC6OwqeS/kzskOrTf2GCKvU+Ss/PA7c qLTswGBfJxAJgJXgG6i/2BaU3/cN7ZConfZHB0YKDnbUI8QizwEgXyOOM1lFzISId8TF VzOU98JBNCe6gXkSUrb/MIqwkjTznUGNAzrj1paGTcmo1yY4TlMtj+pnDZaiAvDDdVHi fDC42KdPVPjgNhbcOjvJToTcePnTAFnXo9Mkvy+o4YE1KWZ6I0sg5zIx9i5kNh00IG0g 9irQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail (test mode) header.i=@armlinux.org.uk header.s=pandora-2019 header.b="bW/0XvzF"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=armlinux.org.uk Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z8si1062956ejp.314.2020.10.20.04.27.31; Tue, 20 Oct 2020 04:27:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail (test mode) header.i=@armlinux.org.uk header.s=pandora-2019 header.b="bW/0XvzF"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=armlinux.org.uk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732559AbgJTKNk (ORCPT + 99 others); Tue, 20 Oct 2020 06:13:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56908 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729921AbgJTKNk (ORCPT ); Tue, 20 Oct 2020 06:13:40 -0400 Received: from pandora.armlinux.org.uk (pandora.armlinux.org.uk [IPv6:2001:4d48:ad52:32c8:5054:ff:fe00:142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55B73C061755 for ; Tue, 20 Oct 2020 03:13:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=armlinux.org.uk; s=pandora-2019; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ulf1b4scapw8ctjjAAz+4kLXfTbjmbhJeEFBO0fcNVE=; b=bW/0XvzFz0jzLulc5aAH1fFri e3xmMJmksLdSUc7UG9xzd2z49GU6JCPdz/3zV3CvN8dtLpUt0iGWkfEhTA6rqzDughAlLRWSAnSB5 unVgdLOzvO8oTTE7bnWIYQMuZ/yDXSBH0hKYz38Hpj/myzEUaocO6GvD3pzo310ORPuzNKuyqedlA yZSnSgnWuUT/vMFBs5fQPcNsY5ZxJ4FTUksoTuMxin/nq8R5qEhQPJZnEAnLD0X0P2EX0QGyGuLU6 OOMYtgg5bIlRC+atsL9HS6HOKnw5Kt43gdxikf/QqeN1/1tFAf09brxvRTgHtRV0e/ngKV10TbyMZ rrtXBEwtA==; Received: from shell.armlinux.org.uk ([fd8f:7570:feb6:1:5054:ff:fe00:4ec]:48618) by pandora.armlinux.org.uk with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kUodz-00076j-FI; Tue, 20 Oct 2020 11:13:27 +0100 Received: from linux by shell.armlinux.org.uk with local (Exim 4.92) (envelope-from ) id 1kUodw-0005CL-QC; Tue, 20 Oct 2020 11:13:24 +0100 Date: Tue, 20 Oct 2020 11:13:24 +0100 From: Russell King - ARM Linux admin To: Joel Stanley Cc: Andrew Jeffery , Linux ARM , mhiramat@kernel.org, labbott@redhat.com, Kees Cook , Mathieu Desnoyers , Linux Kernel Mailing List , Luka Oreskovic , Juraj Vijtiuk Subject: Re: [PATCH v2] ARM: kprobes: Avoid fortify_panic() when copying optprobe template Message-ID: <20201020101324.GA1551@shell.armlinux.org.uk> References: <20201001042927.2147800-1-andrew@aj.id.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: Russell King - ARM Linux admin Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 20, 2020 at 05:32:26AM +0000, Joel Stanley wrote: > On Fri, 9 Oct 2020 at 05:20, Joel Stanley wrote: > > > > On Thu, 1 Oct 2020 at 04:30, Andrew Jeffery wrote: > > > > > > Setting both CONFIG_KPROBES=y and CONFIG_FORTIFY_SOURCE=y on ARM leads > > > to a panic in memcpy() when injecting a kprobe despite the fixes found > > > in commit e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with > > > FORTIFY_SOURCE") and commit 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes: > > > optimized kprobes illegal instruction"). > > > > > > arch/arm/include/asm/kprobes.h effectively declares > > > the target type of the optprobe_template_entry assembly label as a u32 > > > which leads memcpy()'s __builtin_object_size() call to determine that > > > the pointed-to object is of size four. However, the symbol is used as a handle > > > for the optimised probe assembly template that is at least 96 bytes in size. > > > The symbol's use despite its type blows up the memcpy() in ARM's > > > arch_prepare_optimized_kprobe() with a false-positive fortify_panic() when it > > > should instead copy the optimised probe template into place: > > > > > > ``` > > > $ sudo perf probe -a aspeed_g6_pinctrl_probe > > > [ 158.457252] detected buffer overflow in memcpy > > > > > > Fixes: e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE") > > > Fixes: 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes: optimized kprobes illegal instruction") > > > Cc: Luka Oreskovic > > > Cc: Juraj Vijtiuk > > > Suggested-by: Kees Cook > > > Signed-off-by: Andrew Jeffery > > > > Tested-by: Joel Stanley > > Reviewed-by: Joel Stanley > > > > Thanks Andrew. > > > > > --- > > > v1 was sent some time back, in May: > > > > > > https://lore.kernel.org/linux-arm-kernel/20200517153959.293224-1-andrew@aj.id.au/ > > Russell, are you picking this fix up? Sorry, but I don't "pick" patches off the mailing list. See my signature. -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!