Message ID | 20200514132703.448317-5-andrew@aj.id.au |
---|---|
State | RFC, archived |
Headers | show |
Series | Enable kprobes on AST2500 and later | expand |
On Thu, May 14, 2020 at 10:57:03PM +0930, Andrew Jeffery wrote: > Setting CONFIG_FORTIFY_SOURCE=y and CONFIG_KPROBES=y on arm gives a panic when > trying to insert a new probe: > > $ echo r:myretprobe do_sys_open '$retval' >> /sys/kernel/debug/tracing/kprobe_events > [ 51.688589] detected buffer overflow in memcpy > [ 51.689430] ------------[ cut here ]------------ > [ 51.689627] kernel BUG at lib/string.c:1096! > [ 51.689800] Internal error: Oops - BUG: 0 [#1] SMP ARM > [ 51.690107] Modules linked in: > [ 51.690442] CPU: 0 PID: 107 Comm: sh Not tainted 5.4.39-00272-ga1ee7c973659 #6 > [ 51.690674] Hardware name: Generic DT based system > [ 51.691184] PC is at fortify_panic+0x18/0x20 > [ 51.691371] LR is at __irq_work_queue_local+0x40/0x7c > [ 51.691575] pc : [<8083eaa4>] lr : [<8020e0ec>] psr: 60000013 > [ 51.691812] sp : bd237cb0 ip : bd237bc0 fp : bd237cbc > [ 51.692129] r10: 00000007 r9 : 00000000 r8 : 00000060 > [ 51.692395] r7 : 8011f2f0 r6 : b5092480 r5 : 7f000000 r4 : b4c53b4c > [ 51.692723] r3 : 80c04c48 r2 : 00000000 r1 : bd7c5448 r0 : 00000022 > [ 51.693088] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none > [ 51.693449] Control: 10c5387d Table: b50f406a DAC: 00000051 > [ 51.693769] Process sh (pid: 107, stack limit = 0x4e9b7225) > [ 51.694126] Stack: (0xbd237cb0 to 0xbd238000) > > YOLO it and disable fortified source. > > Signed-off-by: Andrew Jeffery <andrew@aj.id.au> > --- > arch/arm/configs/aspeed_g5_defconfig | 1 - > 1 file changed, 1 deletion(-) Doesn't this mean we're just hiding a bug with KPROBE code and potentially hiding more bugs with other drivers?
On Thu, 14 May 2020, at 23:24, Patrick Williams wrote: > On Thu, May 14, 2020 at 10:57:03PM +0930, Andrew Jeffery wrote: > > Setting CONFIG_FORTIFY_SOURCE=y and CONFIG_KPROBES=y on arm gives a panic when > > trying to insert a new probe: > > > > $ echo r:myretprobe do_sys_open '$retval' >> /sys/kernel/debug/tracing/kprobe_events > > [ 51.688589] detected buffer overflow in memcpy > > [ 51.689430] ------------[ cut here ]------------ > > [ 51.689627] kernel BUG at lib/string.c:1096! > > [ 51.689800] Internal error: Oops - BUG: 0 [#1] SMP ARM > > [ 51.690107] Modules linked in: > > [ 51.690442] CPU: 0 PID: 107 Comm: sh Not tainted 5.4.39-00272-ga1ee7c973659 #6 > > [ 51.690674] Hardware name: Generic DT based system > > [ 51.691184] PC is at fortify_panic+0x18/0x20 > > [ 51.691371] LR is at __irq_work_queue_local+0x40/0x7c > > [ 51.691575] pc : [<8083eaa4>] lr : [<8020e0ec>] psr: 60000013 > > [ 51.691812] sp : bd237cb0 ip : bd237bc0 fp : bd237cbc > > [ 51.692129] r10: 00000007 r9 : 00000000 r8 : 00000060 > > [ 51.692395] r7 : 8011f2f0 r6 : b5092480 r5 : 7f000000 r4 : b4c53b4c > > [ 51.692723] r3 : 80c04c48 r2 : 00000000 r1 : bd7c5448 r0 : 00000022 > > [ 51.693088] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none > > [ 51.693449] Control: 10c5387d Table: b50f406a DAC: 00000051 > > [ 51.693769] Process sh (pid: 107, stack limit = 0x4e9b7225) > > [ 51.694126] Stack: (0xbd237cb0 to 0xbd238000) > > > > YOLO it and disable fortified source. > > > > Signed-off-by: Andrew Jeffery <andrew@aj.id.au> > > --- > > arch/arm/configs/aspeed_g5_defconfig | 1 - > > 1 file changed, 1 deletion(-) > > Doesn't this mean we're just hiding a bug with KPROBE code Possibly. > and > potentially hiding more bugs with other drivers? Yes. You should view this series as "things I did to get kprobes 'working'" and not "patches we should apply to the kernel tree". This one in particular was a low-key troll patch to flush out any information on why CONFIG_FORTIFY_SOURCE=y breaks kprobes in particular. I mean, it even features "YOLO" in the commit mesage, so don't take it too seriously :) Andrew
On Fri, 15 May 2020, at 07:40, Andrew Jeffery wrote: > > > On Thu, 14 May 2020, at 23:24, Patrick Williams wrote: > > On Thu, May 14, 2020 at 10:57:03PM +0930, Andrew Jeffery wrote: > > > Setting CONFIG_FORTIFY_SOURCE=y and CONFIG_KPROBES=y on arm gives a panic when > > > trying to insert a new probe: > > > > > > $ echo r:myretprobe do_sys_open '$retval' >> /sys/kernel/debug/tracing/kprobe_events > > > [ 51.688589] detected buffer overflow in memcpy > > > [ 51.689430] ------------[ cut here ]------------ > > > [ 51.689627] kernel BUG at lib/string.c:1096! > > > [ 51.689800] Internal error: Oops - BUG: 0 [#1] SMP ARM > > > [ 51.690107] Modules linked in: > > > [ 51.690442] CPU: 0 PID: 107 Comm: sh Not tainted 5.4.39-00272-ga1ee7c973659 #6 > > > [ 51.690674] Hardware name: Generic DT based system > > > [ 51.691184] PC is at fortify_panic+0x18/0x20 > > > [ 51.691371] LR is at __irq_work_queue_local+0x40/0x7c > > > [ 51.691575] pc : [<8083eaa4>] lr : [<8020e0ec>] psr: 60000013 > > > [ 51.691812] sp : bd237cb0 ip : bd237bc0 fp : bd237cbc > > > [ 51.692129] r10: 00000007 r9 : 00000000 r8 : 00000060 > > > [ 51.692395] r7 : 8011f2f0 r6 : b5092480 r5 : 7f000000 r4 : b4c53b4c > > > [ 51.692723] r3 : 80c04c48 r2 : 00000000 r1 : bd7c5448 r0 : 00000022 > > > [ 51.693088] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none > > > [ 51.693449] Control: 10c5387d Table: b50f406a DAC: 00000051 > > > [ 51.693769] Process sh (pid: 107, stack limit = 0x4e9b7225) > > > [ 51.694126] Stack: (0xbd237cb0 to 0xbd238000) > > > > > > YOLO it and disable fortified source. > > > > > > Signed-off-by: Andrew Jeffery <andrew@aj.id.au> > > > --- > > > arch/arm/configs/aspeed_g5_defconfig | 1 - > > > 1 file changed, 1 deletion(-) > > > > Doesn't this mean we're just hiding a bug with KPROBE code > > Possibly. > > > and > > potentially hiding more bugs with other drivers? > > Yes. > > You should view this series as "things I did to get kprobes 'working'" and not > "patches we should apply to the kernel tree". This one in particular was a > low-key troll patch to flush out any information on why > CONFIG_FORTIFY_SOURCE=y breaks kprobes in particular. In [1] Kees Cook suggests it's a false-positive and provides a potential fix. This was submitted at [2]. [3] then fixes the fix. Turns out the issue needs fixing again due to compiler advances, so I sent [4] but it looks like we might instead resolve it by [5]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1639397 [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e46daee53bb5 [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ac569bf6a798 [4] https://lore.kernel.org/linux-arm-kernel/20200517153959.293224-1-andrew@aj.id.au/ [5] https://lore.kernel.org/linux-arm-kernel/202005171447.00CFE0C@keescook/ Andrew
diff --git a/arch/arm/configs/aspeed_g5_defconfig b/arch/arm/configs/aspeed_g5_defconfig index 254fb7562738..b7f8ccc99000 100644 --- a/arch/arm/configs/aspeed_g5_defconfig +++ b/arch/arm/configs/aspeed_g5_defconfig @@ -269,7 +269,6 @@ CONFIG_SQUASHFS_XZ=y CONFIG_SQUASHFS_ZSTD=y # CONFIG_NETWORK_FILESYSTEMS is not set CONFIG_HARDENED_USERCOPY=y -CONFIG_FORTIFY_SOURCE=y CONFIG_CRYPTO_HMAC=y CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_USER_API_HASH=y
Setting CONFIG_FORTIFY_SOURCE=y and CONFIG_KPROBES=y on arm gives a panic when trying to insert a new probe: $ echo r:myretprobe do_sys_open '$retval' >> /sys/kernel/debug/tracing/kprobe_events [ 51.688589] detected buffer overflow in memcpy [ 51.689430] ------------[ cut here ]------------ [ 51.689627] kernel BUG at lib/string.c:1096! [ 51.689800] Internal error: Oops - BUG: 0 [#1] SMP ARM [ 51.690107] Modules linked in: [ 51.690442] CPU: 0 PID: 107 Comm: sh Not tainted 5.4.39-00272-ga1ee7c973659 #6 [ 51.690674] Hardware name: Generic DT based system [ 51.691184] PC is at fortify_panic+0x18/0x20 [ 51.691371] LR is at __irq_work_queue_local+0x40/0x7c [ 51.691575] pc : [<8083eaa4>] lr : [<8020e0ec>] psr: 60000013 [ 51.691812] sp : bd237cb0 ip : bd237bc0 fp : bd237cbc [ 51.692129] r10: 00000007 r9 : 00000000 r8 : 00000060 [ 51.692395] r7 : 8011f2f0 r6 : b5092480 r5 : 7f000000 r4 : b4c53b4c [ 51.692723] r3 : 80c04c48 r2 : 00000000 r1 : bd7c5448 r0 : 00000022 [ 51.693088] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 51.693449] Control: 10c5387d Table: b50f406a DAC: 00000051 [ 51.693769] Process sh (pid: 107, stack limit = 0x4e9b7225) [ 51.694126] Stack: (0xbd237cb0 to 0xbd238000) YOLO it and disable fortified source. Signed-off-by: Andrew Jeffery <andrew@aj.id.au> --- arch/arm/configs/aspeed_g5_defconfig | 1 - 1 file changed, 1 deletion(-)