Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp2166888imn; Mon, 1 Aug 2022 13:45:48 -0700 (PDT) X-Google-Smtp-Source: AA6agR5pqSFy+3Ux4fcFd8dn+hwAixDzcPVVLGi0RKFq1PVsGnQMm13QQx5XsKA37wA+HARcp8j5 X-Received: by 2002:a17:90a:2fca:b0:1f0:bb04:6660 with SMTP id n10-20020a17090a2fca00b001f0bb046660mr20379356pjm.95.1659386748179; Mon, 01 Aug 2022 13:45:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659386748; cv=none; d=google.com; s=arc-20160816; b=woFyfjyIHv0PD8z6d3aujaC90C4+Y/mJ7dAcq+ac5PAk388+Qxhy/QK7zbKzBDk646 CPGOldYcCCe+71sedW522dHbakmtHJn7kH87lN8JaRIzPcMr7pSbvCeUnulWABkIArIv P2iTHgbzZIjTb+E+HNi/lsID/W2QlfRndkbSjIoiBa4+1O0rJMf7Cr6eoRACa9cNpA/I 9p65OarsizAyT4jr/yaxOc/dQgjkTQU0O2Kd718hxXrn8irFtxoWn9CYxKXxZMmXXXua h5AwQHlA1RE/EM3MvdaZeE4kwQkCwqpi7luPnr+9HIx7FW2Jqlx/GkTsS64x6DzugouZ dSEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:date:from:dkim-signature; bh=VICbJqTA7Gsy++ODC7DXtU58D84eyPqwBWnbSfvcRPE=; b=PUN0/HsRxS6nFw73W2tO6wequaAkp2Iff6swoeMtsA31TyigOSl3LMSZ4NHHeUip8T n58A49c8irQ6+En5yjC0aJEz/trblQnyYION7HCfqFxtUxFVSAFcTWRXSVpXJcu2XtAz 2Z5VG64Ozf7OHnQrRGBM/PSIeBhJionqR6FK9fpN9Qoayqy9gsZsq9X3pGUoCmt3ErkA 9Ib5Wd8idbiqVCcaPES+DkTOPArCzWyl+ZifSCvKSgnp/eK0izwUggIRNIS7Ks/VBnEX o1hIODORO7S9FZ4I6Z637Z7TbMpcLW4Rw3F5prSl40/z0XD9cZlMNU1c3aHIeDSeia8H xpfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=bMlVt0yY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j10-20020a056a00174a00b005298f42c3aasi14617259pfc.271.2022.08.01.13.45.33; Mon, 01 Aug 2022 13:45:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=bMlVt0yY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233396AbiHAUlb (ORCPT + 99 others); Mon, 1 Aug 2022 16:41:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231549AbiHAUl1 (ORCPT ); Mon, 1 Aug 2022 16:41:27 -0400 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C369013F99; Mon, 1 Aug 2022 13:41:23 -0700 (PDT) Received: by mail-ej1-x633.google.com with SMTP id m4so670555ejr.3; Mon, 01 Aug 2022 13:41:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:from:to:cc; bh=VICbJqTA7Gsy++ODC7DXtU58D84eyPqwBWnbSfvcRPE=; b=bMlVt0yY1v4of4NbdhbwF2Xi0To5mGndYpZw6xlEymr2AtDhdreVT+qJmo3pMDHLaQ eXraoGEq5RIQBgQSbB/1W4RMiloM3D1wkxEYSujJMXZ+bbb+0fHkBerl/jkLbhEUfOpk 5QyeN9QT4PB1wf/vEdxs/xLE4cFCnR5hzHw8OibaHJsr5epe4jQua+BnTB7qmkb4ZLEi ooaS/cqD3EKr1PXjssIkZM02pWhvDcOEADTorIFtP88hV9dtSbhP3QGiEb/DlQQnttuU iitMoPTEjaS0nUVP3YmRUdzpH9SKttuGWgr0+751TGp1OrML6di31+Ew8RKCCMWbIjA4 Cqsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:x-gm-message-state:from:to:cc; bh=VICbJqTA7Gsy++ODC7DXtU58D84eyPqwBWnbSfvcRPE=; b=RXN5SL96RaQ3S2IOl2Wl+RU6YaeBPgpDm1muzYdtHpbgKA2+AXfe+9PBtGjP3RhDI2 CYF4PPH/SggL2sDvgnkgOGM+4UtKeCUE4UxjEWGvcDMeslAoFYypKaJjZcrVsL5d77JU gpf75T7avVQJYiLWnhQVkjhB90i99UXTS7x+1qgg023ba1oJbbNQMDLbI125P6grjybF sE4C3kzkcNlA0eQpKUdwZJWruZyLQ253MY9cJvHA8RZ7aopqdi8+EoAt6u7fHsz1gccS kmaiHr5d+XV49Zfh//K+kCWCu3iDU2ytm00PSLIOQuXk67y74PrstY605yNBdZSmIA9b ZbFg== X-Gm-Message-State: AJIora9PYuRe6MWV++P6mmZaGmNBqRgYHiKRc9M2UizGK/ejF0rd7Z/z rDnvbgpJO5fl+UUUCbcZTsg= X-Received: by 2002:a17:907:8a0e:b0:72b:9d03:fbdb with SMTP id sc14-20020a1709078a0e00b0072b9d03fbdbmr13491983ejc.447.1659386482278; Mon, 01 Aug 2022 13:41:22 -0700 (PDT) Received: from krava ([83.240.62.89]) by smtp.gmail.com with ESMTPSA id r9-20020a1709061ba900b0071cef8bafc3sm5486494ejg.1.2022.08.01.13.41.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Aug 2022 13:41:21 -0700 (PDT) From: Jiri Olsa X-Google-Original-From: Jiri Olsa Date: Mon, 1 Aug 2022 22:41:19 +0200 To: Chen Zhongjin Cc: linux-kernel@vger.kernel.org, bpf@vger.kernel.org, naveen.n.rao@linux.ibm.com, anil.s.keshavamurthy@intel.com, davem@davemloft.net, mhiramat@kernel.org, peterz@infradead.org, mingo@kernel.org, ast@kernel.org, daniel@iogearbox.net, Steven Rostedt Subject: Re: [PATCH v3] kprobes: Forbid probing on trampoline and bpf prog Message-ID: References: <20220801033719.228248-1-chenzhongjin@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220801033719.228248-1-chenzhongjin@huawei.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 01, 2022 at 11:37:19AM +0800, Chen Zhongjin wrote: > kernel_text_address returns ftrace_trampoline, kprobe_insn_slot > and bpf_text_address as kprobe legal address. > > These text are removable and changeable without any notifier to > kprobes. Probing on them can trigger some unexpected behavior[1]. > > Considering that jump_label and static_call text are already be > forbiden to probe, kernel_text_address should be replaced with > core_kernel_text and is_module_text_address to check other text > which is unsafe to kprobe. > > [1] https://lkml.org/lkml/2022/7/26/1148 > > Fixes: 5b485629ba0d ("kprobes, extable: Identify kprobes trampolines as kernel text area") > Fixes: 74451e66d516 ("bpf: make jited programs visible in traces") > Signed-off-by: Chen Zhongjin > --- > v2 -> v3: > Remove '-next' carelessly added in title. LGTM cc-ing Steven because it affects ftrace as well jirka > > v1 -> v2: > Check core_kernel_text and is_module_text_address rather than > only kprobe_insn. > Also fix title and commit message for this. See old patch at [1]. > --- > kernel/kprobes.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/kernel/kprobes.c b/kernel/kprobes.c > index f214f8c088ed..80697e5e03e4 100644 > --- a/kernel/kprobes.c > +++ b/kernel/kprobes.c > @@ -1560,7 +1560,8 @@ static int check_kprobe_address_safe(struct kprobe *p, > preempt_disable(); > > /* Ensure it is not in reserved area nor out of text */ > - if (!kernel_text_address((unsigned long) p->addr) || > + if (!(core_kernel_text((unsigned long) p->addr) || > + is_module_text_address((unsigned long) p->addr)) || > within_kprobe_blacklist((unsigned long) p->addr) || > jump_label_text_reserved(p->addr, p->addr) || > static_call_text_reserved(p->addr, p->addr) || > -- > 2.17.1 >