Re: [PATCH v2] ARM: kprobes: Avoid fortify_panic() when copying optprobe template

Tue, 20 Oct 2020 03:14:14 -0700 

On Tue, Oct 20, 2020 at 05:32:26AM +0000, Joel Stanley wrote:
> On Fri, 9 Oct 2020 at 05:20, Joel Stanley <j...@jms.id.au> wrote:
> >
> > On Thu, 1 Oct 2020 at 04:30, Andrew Jeffery <and...@aj.id.au> wrote:
> > >
> > > Setting both CONFIG_KPROBES=y and CONFIG_FORTIFY_SOURCE=y on ARM leads
> > > to a panic in memcpy() when injecting a kprobe despite the fixes found
> > > in commit e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with
> > > FORTIFY_SOURCE") and commit 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes:
> > > optimized kprobes illegal instruction").
> > >
> > > arch/arm/include/asm/kprobes.h effectively declares
> > > the target type of the optprobe_template_entry assembly label as a u32
> > > which leads memcpy()'s __builtin_object_size() call to determine that
> > > the pointed-to object is of size four. However, the symbol is used as a 
> > > handle
> > > for the optimised probe assembly template that is at least 96 bytes in 
> > > size.
> > > The symbol's use despite its type blows up the memcpy() in ARM's
> > > arch_prepare_optimized_kprobe() with a false-positive fortify_panic() 
> > > when it
> > > should instead copy the optimised probe template into place:
> > >
> > > ```
> > > $ sudo perf probe -a aspeed_g6_pinctrl_probe
> > > [  158.457252] detected buffer overflow in memcpy
> > >
> > > Fixes: e46daee53bb5 ("ARM: 8806/1: kprobes: Fix false positive with 
> > > FORTIFY_SOURCE")
> > > Fixes: 0ac569bf6a79 ("ARM: 8834/1: Fix: kprobes: optimized kprobes 
> > > illegal instruction")
> > > Cc: Luka Oreskovic <luka.oresko...@sartura.hr>
> > > Cc: Juraj Vijtiuk <juraj.vijt...@sartura.hr>
> > > Suggested-by: Kees Cook <keesc...@chromium.org>
> > > Signed-off-by: Andrew Jeffery <and...@aj.id.au>
> >
> > Tested-by: Joel Stanley <j...@jms.id.au>
> > Reviewed-by: Joel Stanley <j...@jms.id.au>
> >
> > Thanks Andrew.
> >
> > > ---
> > > v1 was sent some time back, in May:
> > >
> > > https://lore.kernel.org/linux-arm-kernel/20200517153959.293224-1-and...@aj.id.au/
> 
> Russell, are you picking this fix up?

Sorry, but I don't "pick" patches off the mailing list. See my
signature.

-- 
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!

Reply via email to