Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp2235386imn; Mon, 1 Aug 2022 16:44:09 -0700 (PDT) X-Google-Smtp-Source: AA6agR4ynugCngDpKlzF/90NQia//kxqh/xteMNNz3oFqcpy7uEKdMBhfVAffRbmAbcEsSvOtEmf X-Received: by 2002:a17:902:7d89:b0:16e:f604:31b8 with SMTP id a9-20020a1709027d8900b0016ef60431b8mr4829454plm.0.1659397449231; Mon, 01 Aug 2022 16:44:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659397449; cv=none; d=google.com; s=arc-20160816; b=0pjQPrntxUCY2sF4ZPoX8KmSpHBWRBLHv89qzrlcEZc4eA9UUwslO6u0+pBfw0L5NY L0lM0TVuMgw1fHTBpmT+Me4RKn7ZqTpg8mOt+on6CVGaRtQGgPjYF1wrUyUBAg7qNqKL sj/8Ki/VSUfBJx2Ao/cRQkMDpGpdCdPV7P1coU/0/BTo3SbvnhniAgs3kbHUqJM3xz/m F6tYsyMJu+7c9Yffy5FZzlaudL/2L+wzRp69CTWf9DxBN5Y5vI/XMv59uPdfCT0SkT33 n0s7o8/7n0WYCfdeOpUZ4YgTClBSvT+Mj/Hj7CLwtw+dew2n1i3JbZXCxYJhktJpSvYY 3IpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=pe9g4uspFbfKxlVa2+aoiwo7tmVBr4WQIs424+6djkw=; b=oxe/OmJPIRP0Gpb+T5WHieji/N9oe2XgINHVlVco8S/cXsdekkGxctqVLyT4OBkIiw M3pj+wIp9YkilQCCKui8Q1hyp/wHuzYe6z8WsUjrWjSpcZ7V/HLf+YUIxoQNwMqqDLQi tDH8COhvtxgUoTv8g+7k0KV+oPKGqHzg1U+CKcq1pYvRzOnt48m88biWPcvXhGMMovmq o0y82VtZPKdbdYnRLRZAyuhJ4UiPrNlN6q9mFqtZ4wCFhEWMCtMlNmITy7dzgtFk4O1R T8v5woJwtvrwp9w6+V78NFyWFaOefQg+wzdrmstz1HCntUBZcPyu/eSO5guGx6b1aQ/z jEsg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EiBIfttF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q142-20020a632a94000000b0041c5b90f8cbsi1163038pgq.850.2022.08.01.16.43.54; Mon, 01 Aug 2022 16:44:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EiBIfttF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234812AbiHAX3I (ORCPT + 99 others); Mon, 1 Aug 2022 19:29:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45848 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232527AbiHAX3G (ORCPT ); Mon, 1 Aug 2022 19:29:06 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B12022182D; Mon, 1 Aug 2022 16:29:05 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 58412B815BE; Mon, 1 Aug 2022 23:29:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5927CC433D6; Mon, 1 Aug 2022 23:29:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1659396543; bh=EthOnS7yDEmr90RlBcQIT6E/wUDMKFGG1x8VYcmF1j0=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=EiBIfttFLAvYAdzaQGF4B8h2IEm4SBhwDILvRRFvzTt3VDaIJ5x8zzSABoaE5ybLA kh3Xc3yV7ZNFlKG1JCySUUtn3eeRsW3t6QtSbytwOlrXGG1CmjADE0f4PJY4vetFH6 J2IBlR1XZn2uTTW6jc3TFA6gcERxIZXcsB1FR8epqlhGHnu9BK5pK7K1T5O6HKLkNG ze7g+CPf3VxH8cdB/Xhlu84ac5CIaBVP3J0SoModjTXUKgQTUEsVgErFKV9EDgQKri DXR2zujgF3fftvBqx8qlgZYnXjM6i/BO1zsqyXVCSyDQ/AUl4iGqY0mYQvUck3nMWy QOlB5uNS1oKvQ== Date: Tue, 2 Aug 2022 08:28:57 +0900 From: Masami Hiramatsu (Google) To: Chen Zhongjin Cc: , , , , , , , , , Subject: Re: [PATCH v3] kprobes: Forbid probing on trampoline and bpf prog Message-Id: <20220802082857.51a92a167876a2e3ba270aa7@kernel.org> In-Reply-To: <20220801033719.228248-1-chenzhongjin@huawei.com> References: <20220801033719.228248-1-chenzhongjin@huawei.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 1 Aug 2022 11:37:19 +0800 Chen Zhongjin wrote: > kernel_text_address returns ftrace_trampoline, kprobe_insn_slot > and bpf_text_address as kprobe legal address. > > These text are removable and changeable without any notifier to > kprobes. Probing on them can trigger some unexpected behavior[1]. > > Considering that jump_label and static_call text are already be > forbiden to probe, kernel_text_address should be replaced with > core_kernel_text and is_module_text_address to check other text > which is unsafe to kprobe. > > [1] https://lkml.org/lkml/2022/7/26/1148 > > Fixes: 5b485629ba0d ("kprobes, extable: Identify kprobes trampolines as kernel text area") > Fixes: 74451e66d516 ("bpf: make jited programs visible in traces") > Signed-off-by: Chen Zhongjin Thanks! this looks good to me. Acked-by: Masami Hiramatsu (Google) > --- > v2 -> v3: > Remove '-next' carelessly added in title. > > v1 -> v2: > Check core_kernel_text and is_module_text_address rather than > only kprobe_insn. > Also fix title and commit message for this. See old patch at [1]. > --- > kernel/kprobes.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/kernel/kprobes.c b/kernel/kprobes.c > index f214f8c088ed..80697e5e03e4 100644 > --- a/kernel/kprobes.c > +++ b/kernel/kprobes.c > @@ -1560,7 +1560,8 @@ static int check_kprobe_address_safe(struct kprobe *p, > preempt_disable(); > > /* Ensure it is not in reserved area nor out of text */ > - if (!kernel_text_address((unsigned long) p->addr) || > + if (!(core_kernel_text((unsigned long) p->addr) || > + is_module_text_address((unsigned long) p->addr)) || > within_kprobe_blacklist((unsigned long) p->addr) || > jump_label_text_reserved(p->addr, p->addr) || > static_call_text_reserved(p->addr, p->addr) || > -- > 2.17.1 > -- Masami Hiramatsu (Google)