Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2631759pxb; Tue, 19 Jan 2021 02:01:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJzwtc4qzAcZ5zAp7ecZjgVrOSZ6V3CyUG2GExdT74JRylcJcgoU77hNorgJWjqqE5dNvUdQ X-Received: by 2002:a17:906:f85b:: with SMTP id ks27mr2433295ejb.20.1611050379536; Tue, 19 Jan 2021 01:59:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611050379; cv=none; d=google.com; s=arc-20160816; b=kBt9HlFVrkjIMAMViriBOvRKej0V6+cx7GXSFnOtUHmHgbOVyJehe0MsI9OLCACAIB 1Yq18U37zyTp/6HAYRUZuDww9Y+56c1d9kPvVvAZK0HYk8np+Ddn7eO6UZ+7bm76Ui04 X/pWHoHQQVWj3nsX9/nFeaqJtMS8AY7gdg2eGedDf6+Z7BJR32x5WDnT1gjAdOxfJLBH VETM2vzS1HR75YOQUh24vdj6URWoQo714dGLlvUPdoxL47cpFH5Sc1uo+FA0BD7cvyFE A5w1WVZsQflrSaDuZjx/lGwkfleq6RjlHRWocVf1+OeucML3E/UAY1UXIdvJ3A5bCQ+5 grRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=B9fPVhsYHZ9MUgvx5shkeAk+LRY3aHnUMBspjKAb654=; b=v6okenZW4S+tis28v70Ni4zA6oKFbdqzZQMHmmiF6YoswT3NwWLkeqUOBXjYs6u3Mq 4WSkShjOlTE/bkB8uBBopj4hKbw0Mx/GgJZK+Cv8e/m+2lEWbt+8p13a7wuV9RHAPkNs +o0tqLENNnh9P3W7ttkFRzcM83kbGp27kQsBkp7YjoPnxQ5KHK4cbdxdsaoD7IJUT+l3 52RVRRBF2FcNUz5SBO5UfkBeQf9SVyWq9Pa7qzLZXFh6fPR7+HeQ5tGEoYFir3Fuk8cm m1DkYhqH2IEl4TM5rqymsbIzeqRVZtYOuGlhSxfNXpAR9uBpSPFU1X+eoIgHCASiuaOK VNgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=WmnH56xc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o4si6405786ejx.582.2021.01.19.01.59.07; Tue, 19 Jan 2021 01:59:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=WmnH56xc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733144AbhASJ1K (ORCPT + 99 others); Tue, 19 Jan 2021 04:27:10 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:35082 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1732138AbhASJOV (ORCPT ); Tue, 19 Jan 2021 04:14:21 -0500 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 10J9AjxY134957; Tue, 19 Jan 2021 04:12:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=B9fPVhsYHZ9MUgvx5shkeAk+LRY3aHnUMBspjKAb654=; b=WmnH56xcFfo4qr+gZAKshSPC/i9jp69EncdX3atomCknagdx8SQ7J4S+ijX77Y/g6uVP i/QxsX36YAePLFsaa3rrjwHnSGkU1kIKDY6qGlxU9LAWDChYtojnSSVMXr3dLv6Te40N lDWqQ2jwg0oRU7cz1MkhwPtKSgOzvig2qTE+fy5a88cpzN/BjviPWoAX7dVQ2VgH5ae3 75ztiDJ5BirGzS+X6zpIsRIFmMwnUPN2SllZhjYTNwkMnVSBTTpPqRb5ZRVcYJossxbw 4l2UhVyVu0ET2LCQMI2Va1ZMavsm6jbtghF/M8JoQK7EKCZAE74UB391e44UdWLLZL7Z Cg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 365v9a89sw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 19 Jan 2021 04:12:51 -0500 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 10J9Cpb4139548; Tue, 19 Jan 2021 04:12:51 -0500 Received: from ppma03ams.nl.ibm.com (62.31.33a9.ip4.static.sl-reverse.com [169.51.49.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 365v9a89sj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 19 Jan 2021 04:12:51 -0500 Received: from pps.filterd (ppma03ams.nl.ibm.com [127.0.0.1]) by ppma03ams.nl.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 10J9BLQB030385; Tue, 19 Jan 2021 09:12:49 GMT Received: from b06cxnps4074.portsmouth.uk.ibm.com (d06relay11.portsmouth.uk.ibm.com [9.149.109.196]) by ppma03ams.nl.ibm.com with ESMTP id 363qs7jvq4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 19 Jan 2021 09:12:49 +0000 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 10J9Ck6f41484590 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 19 Jan 2021 09:12:46 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C6450A4054; Tue, 19 Jan 2021 09:12:46 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A0605A405C; Tue, 19 Jan 2021 09:12:44 +0000 (GMT) Received: from bangoria.ibmuc.com (unknown [9.199.45.223]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Tue, 19 Jan 2021 09:12:44 +0000 (GMT) From: Ravi Bangoria To: mpe@ellerman.id.au Cc: ravi.bangoria@linux.ibm.com, oleg@redhat.com, rostedt@goodmis.org, paulus@samba.org, jniethe5@gmail.com, naveen.n.rao@linux.ibm.com, sandipan@linux.ibm.com, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org Subject: [PATCH] powerpc/uprobes: Don't allow probe on suffix of prefixed instruction Date: Tue, 19 Jan 2021 14:42:34 +0530 Message-Id: <20210119091234.76317-1-ravi.bangoria@linux.ibm.com> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343,18.0.737 definitions=2021-01-19_01:2021-01-18,2021-01-19 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 impostorscore=0 adultscore=0 mlxlogscore=999 phishscore=0 bulkscore=0 malwarescore=0 mlxscore=0 suspectscore=0 clxscore=1011 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2101190052 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Probe on 2nd word of a prefixed instruction is invalid scenario and should be restricted. There are two ways probed instruction is changed in mapped pages. First, when Uprobe is activated, it searches for all the relevant pages and replace instruction in them. In this case, if we notice that probe is on the 2nd word of prefixed instruction, error out directly. Second, when Uprobe is already active and user maps a relevant page via mmap(), instruction is replaced via mmap() code path. But because Uprobe is invalid, entire mmap() operation can not be stopped. In this case just print an error and continue. Signed-off-by: Ravi Bangoria --- arch/powerpc/kernel/uprobes.c | 28 ++++++++++++++++++++++++++++ include/linux/uprobes.h | 1 + kernel/events/uprobes.c | 8 ++++++++ 3 files changed, 37 insertions(+) diff --git a/arch/powerpc/kernel/uprobes.c b/arch/powerpc/kernel/uprobes.c index e8a63713e655..c73d5a397164 100644 --- a/arch/powerpc/kernel/uprobes.c +++ b/arch/powerpc/kernel/uprobes.c @@ -7,6 +7,7 @@ * Adapted from the x86 port by Ananth N Mavinakayanahalli */ #include +#include #include #include #include @@ -44,6 +45,33 @@ int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, return 0; } +#ifdef CONFIG_PPC64 +int arch_uprobe_verify_opcode(struct page *page, unsigned long vaddr, + uprobe_opcode_t opcode) +{ + uprobe_opcode_t prefix; + void *kaddr; + struct ppc_inst inst; + + /* Don't check if vaddr is pointing to the beginning of page */ + if (!(vaddr & ~PAGE_MASK)) + return 0; + + kaddr = kmap_atomic(page); + memcpy(&prefix, kaddr + ((vaddr - 4) & ~PAGE_MASK), UPROBE_SWBP_INSN_SIZE); + kunmap_atomic(kaddr); + + inst = ppc_inst_prefix(prefix, opcode); + + if (ppc_inst_prefixed(inst)) { + printk_ratelimited("Cannot register a uprobe on the second " + "word of prefixed instruction\n"); + return -1; + } + return 0; +} +#endif + /* * arch_uprobe_pre_xol - prepare to execute out of line. * @auprobe: the probepoint information. diff --git a/include/linux/uprobes.h b/include/linux/uprobes.h index f46e0ca0169c..5a3b45878e13 100644 --- a/include/linux/uprobes.h +++ b/include/linux/uprobes.h @@ -128,6 +128,7 @@ extern bool uprobe_deny_signal(void); extern bool arch_uprobe_skip_sstep(struct arch_uprobe *aup, struct pt_regs *regs); extern void uprobe_clear_state(struct mm_struct *mm); extern int arch_uprobe_analyze_insn(struct arch_uprobe *aup, struct mm_struct *mm, unsigned long addr); +int arch_uprobe_verify_opcode(struct page *page, unsigned long vaddr, uprobe_opcode_t opcode); extern int arch_uprobe_pre_xol(struct arch_uprobe *aup, struct pt_regs *regs); extern int arch_uprobe_post_xol(struct arch_uprobe *aup, struct pt_regs *regs); extern bool arch_uprobe_xol_was_trapped(struct task_struct *tsk); diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c index bf9edd8d75be..be02e6c26e3f 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c @@ -255,6 +255,12 @@ static void copy_to_page(struct page *page, unsigned long vaddr, const void *src kunmap_atomic(kaddr); } +int __weak arch_uprobe_verify_opcode(struct page *page, unsigned long vaddr, + uprobe_opcode_t opcode) +{ + return 0; +} + static int verify_opcode(struct page *page, unsigned long vaddr, uprobe_opcode_t *new_opcode) { uprobe_opcode_t old_opcode; @@ -275,6 +281,8 @@ static int verify_opcode(struct page *page, unsigned long vaddr, uprobe_opcode_t if (is_swbp_insn(new_opcode)) { if (is_swbp) /* register: already installed? */ return 0; + if (arch_uprobe_verify_opcode(page, vaddr, old_opcode)) + return -EINVAL; } else { if (!is_swbp) /* unregister: was it changed by us? */ return 0; -- 2.26.2