[PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist

[PATCH v11 0/9] arm64: Add kernel probes (kprobes) support · David Long <hidden> · 2016-03-09
[PATCH v11 1/9] arm64: Add HAVE_REGS_AND_STACK_ACCESS_API feature · David Long <hidden> · 2016-03-09
Re: [PATCH v11 1/9] arm64: Add HAVE_REGS_AND_STACK_ACCESS_API feature · James Morse <james.morse@arm.com> · 2016-03-11
Re: [PATCH v11 1/9] arm64: Add HAVE_REGS_AND_STACK_ACCESS_API feature · David Long <hidden> · 2016-03-18
Re: [PATCH v11 1/9] arm64: Add HAVE_REGS_AND_STACK_ACCESS_API feature · Marc Zyngier <hidden> · 2016-03-15
Re: [PATCH v11 1/9] arm64: Add HAVE_REGS_AND_STACK_ACCESS_API feature · David Long <hidden> · 2016-03-21
[PATCH v11 2/9] arm64: Add more test functions to insn.c · David Long <hidden> · 2016-03-09
[PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · David Long <hidden> · 2016-03-09
Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · James Morse <james.morse@arm.com> · 2016-03-15
Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · Pratyush Anand <hidden> · 2016-03-16
Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · James Morse <james.morse@arm.com> · 2016-03-16
Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · Pratyush Anand <hidden> · 2016-03-17
Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · Pratyush Anand <hidden> · 2016-03-18
Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · James Morse <james.morse@arm.com> · 2016-03-18
Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · Pratyush Anand <hidden> · 2016-03-18
Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · James Morse <james.morse@arm.com> · 2016-03-18
Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · Pratyush Anand <hidden> · 2016-03-21
Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · Will Deacon <hidden> · 2016-03-21
Re: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · Pratyush Anand <hidden> · 2016-03-22
RE: [PATCH v11 3/9] arm64: add copy_to/from_user to kprobes blacklist · 平松雅巳 / HIRAMATU，MASAMI <hidden> · 2016-03-17
[PATCH v11 4/9] arm64: add conditional instruction simulation support · David Long <hidden> · 2016-03-09
Re: [PATCH v11 4/9] arm64: add conditional instruction simulation support · Marc Zyngier <hidden> · 2016-03-13
Re: [PATCH v11 4/9] arm64: add conditional instruction simulation support · Pratyush Anand <hidden> · 2016-03-14
Re: [PATCH v11 4/9] arm64: add conditional instruction simulation support · Marc Zyngier <hidden> · 2016-03-14
Re: [PATCH v11 4/9] arm64: add conditional instruction simulation support · David Long <hidden> · 2016-03-21
[PATCH v11 6/9] arm64: kprobes instruction simulation support · David Long <hidden> · 2016-03-09
Re: [PATCH v11 6/9] arm64: kprobes instruction simulation support · Marc Zyngier <hidden> · 2016-03-12
Re: [PATCH v11 6/9] arm64: kprobes instruction simulation support · David Long <hidden> · 2016-03-21
[PATCH v11 5/9] arm64: Kprobes with single stepping support · David Long <hidden> · 2016-03-09
Re: [PATCH v11 5/9] arm64: Kprobes with single stepping support · Li Bin <hidden> · 2016-04-20
[PATCH v11 7/9] arm64: Add trampoline code for kretprobes · David Long <hidden> · 2016-03-09
Re: [PATCH v11 7/9] arm64: Add trampoline code for kretprobes · Marc Zyngier <hidden> · 2016-03-13
Re: [PATCH v11 7/9] arm64: Add trampoline code for kretprobes · David Long <hidden> · 2016-03-21
[PATCH v11 9/9] kprobes: Add arm64 case in kprobe example module · David Long <hidden> · 2016-03-09
[PATCH v11 8/9] arm64: Add kernel return probes support (kretprobes) · David Long <hidden> · 2016-03-09
RE: [PATCH v11 8/9] arm64: Add kernel return probes support (kretprobes) · 平松雅巳 / HIRAMATU，MASAMI <hidden> · 2016-03-17
RE: [PATCH v11 8/9] arm64: Add kernel return probes support (kretprobes) · 平松雅巳 / HIRAMATU，MASAMI <hidden> · 2016-03-17
Re: [PATCH v11 8/9] arm64: Add kernel return probes support (kretprobes) · David Long <hidden> · 2016-03-21

From: Pratyush Anand <hidden>
Date: 2016-03-16 05:44:02
Also in: lkml

On 15/03/2016:06:47:52 PM, James Morse wrote:

Hi David,

On 09/03/16 05:32, David Long wrote:

quoted

From: "David A. Long" <redacted>

diff --git a/arch/arm64/lib/copy_from_user.S b/arch/arm64/lib/copy_from_user.S
index 4699cd7..0ac2131 100644
--- a/arch/arm64/lib/copy_from_user.S
+++ b/arch/arm64/lib/copy_from_user.S

@@ -66,6 +66,7 @@
 	.endm
 
 end	.req	x5
+	.section .kprobes.text,"ax",%progbits
 ENTRY(__copy_from_user)
 ALTERNATIVE("nop", __stringify(SET_PSTATE_PAN(0)), ARM64_HAS_PAN, \
 	    CONFIG_ARM64_PAN)

diff --git a/arch/arm64/lib/copy_to_user.S b/arch/arm64/lib/copy_to_user.S
index 7512bbb..e4eb84c 100644
--- a/arch/arm64/lib/copy_to_user.S
+++ b/arch/arm64/lib/copy_to_user.S

@@ -65,6 +65,7 @@
 	.endm
 
 end	.req	x5
+	.section .kprobes.text,"ax",%progbits
 ENTRY(__copy_to_user)
 ALTERNATIVE("nop", __stringify(SET_PSTATE_PAN(0)), ARM64_HAS_PAN, \
 	    CONFIG_ARM64_PAN)

If I understand this correctly -  you can't kprobe these ldr/str instructions as
the fault handler wouldn't find kprobe's out-of line version of the instruction
in the exception table... but why only these two functions? (for library
functions, we also have clear_user() and copy_in_user()...)

May be not clear_user() because those are inlined, but may be __clear_user().

There can be many other functions (see [1], [2] and can be many more) which need
to be blacklisted, but I think they can always be added latter on, and atleast
this aspect should not hinder inclusion of these patches.

The get_user()/put_user() stuff in uaccess.h gets inlined all over the kernel, I
don't think its feasible to put all of these in a separate section.

Yes, It does not seem possible to blacklist  inlined functions. There can be
some other places like valid kprobable instructions in atomic context, .word
instruction having data as valid instruction, etc... So, probably its not
possible to make 100% safe, but yes wherever possible, we should take care.

Infact, other ARCHs are also not completely safe. One can try to instrument
kprobe on all the symbols in Kallsyms on an x86_64 machine and kernel crashes.

Is it feasible to search the exception table at runtime instead? If an
address-to-be-kprobed appears in the list, we know it could generate exceptions,
so we should report that we can't probe this address. That would catch all of
the library functions, all the places uaccess.h was inlined, and anything new
that gets invented in the future.

Sorry, probably I could not get it. How can an inlined addresses range be placed
in exception table or any other code area.

~Pratyush

[1] https://github.com/pratyushanand/linux/commit/855bc4dbb98ceafac4c933e00d203b1cd7ee9ca4
[2] https://github.com/pratyushanand/linux/commit/8bc586d6f767240e9ffa582f45a9ad11de47ecfb

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help