[RFC PATCH 0/2] x86: kprobes: Fix CFI_CLANG related issues

From: Masami Hiramatsu (Google)
Date: Mon Jul 10 2023 - 08:14:25 EST

Next message: Masami Hiramatsu (Google): "[RFC PATCH 1/2] kprobes: Prohibit probing on CFI preamble symbol"
Previous message: Geert Uytterhoeven: "Re: [PATCH v2 08/11] i2c: sh_mobile: Use devm_platform_get_and_ioremap_resource()"
Next in thread: Masami Hiramatsu (Google): "[RFC PATCH 1/2] kprobes: Prohibit probing on CFI preamble symbol"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Peter,

Here I tried to fix 2 issues discussed on the previous thread;

https://lore.kernel.org/all/20230706113403.GI2833176@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/

- Prohibit probing on __cfi_* preamble symbols, which have the typeid.
- Prohibit probing on compiler generated movl/addl which is used for
detecting typeid on x86.

I'm not sure how arm64 implemented, but it seems
cfi_handler()@arch/arm64/kernel/traps.c just reads the registers for
the typeid instead of decoding the instructions.

I just build tested, since I could not boot the kernel with CFI_CLANG=y.
Would anyone know something about this error?

[ 0.141030] MMIO Stale Data: Unknown: No mitigations
[ 0.153511] SMP alternatives: Using kCFI
[ 0.164593] Freeing SMP alternatives memory: 36K
[ 0.165053] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: start_kernel+0x472/0x48b
[ 0.166028] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.2-00002-g12b1b2fca8ef #126
[ 0.166028] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[ 0.166028] Call Trace:
[ 0.166028] <TASK>
[ 0.166028] dump_stack_lvl+0x6e/0xb0
[ 0.166028] panic+0x146/0x2f0
[ 0.166028] ? start_kernel+0x472/0x48b
[ 0.166028] __stack_chk_fail+0x14/0x20
[ 0.166028] start_kernel+0x472/0x48b
[ 0.166028] x86_64_start_reservations+0x24/0x30
[ 0.166028] x86_64_start_kernel+0xa6/0xbb
[ 0.166028] secondary_startup_64_no_verify+0x106/0x11b
[ 0.166028] </TASK>
[ 0.166028] ---[ end Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: start_kernel+0x472/0x48b ]---

Thank you,

---

Masami Hiramatsu (Google) (2):
kprobes: Prohibit probing on CFI preamble symbol
x86/kprobes: Prohibit probing on compiler generated CFI checking code

arch/x86/kernel/kprobes/core.c | 34 ++++++++++++++++++++++++++++++++++
kernel/kprobes.c | 17 ++++++++++++++++-
2 files changed, 50 insertions(+), 1 deletion(-)

--
Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>

Next message: Masami Hiramatsu (Google): "[RFC PATCH 1/2] kprobes: Prohibit probing on CFI preamble symbol"
Previous message: Geert Uytterhoeven: "Re: [PATCH v2 08/11] i2c: sh_mobile: Use devm_platform_get_and_ioremap_resource()"
Next in thread: Masami Hiramatsu (Google): "[RFC PATCH 1/2] kprobes: Prohibit probing on CFI preamble symbol"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]