[RFC,linux,dev-5.4,4/4] ARM: configs: aspeed-g5: Set CONFIG_FORTIFY_SOURCE=n to appease kprobes

Setting CONFIG_FORTIFY_SOURCE=y and CONFIG_KPROBES=y on arm gives a panic when
trying to insert a new probe:

$ echo r:myretprobe do_sys_open '$retval' >> /sys/kernel/debug/tracing/kprobe_events
[   51.688589] detected buffer overflow in memcpy
[   51.689430] ------------[ cut here ]------------
[   51.689627] kernel BUG at lib/string.c:1096!
[   51.689800] Internal error: Oops - BUG: 0 [#1] SMP ARM
[   51.690107] Modules linked in:
[   51.690442] CPU: 0 PID: 107 Comm: sh Not tainted 5.4.39-00272-ga1ee7c973659 #6
[   51.690674] Hardware name: Generic DT based system
[   51.691184] PC is at fortify_panic+0x18/0x20
[   51.691371] LR is at __irq_work_queue_local+0x40/0x7c
[   51.691575] pc : [<8083eaa4>]    lr : [<8020e0ec>]    psr: 60000013
[   51.691812] sp : bd237cb0  ip : bd237bc0  fp : bd237cbc
[   51.692129] r10: 00000007  r9 : 00000000  r8 : 00000060
[   51.692395] r7 : 8011f2f0  r6 : b5092480  r5 : 7f000000  r4 : b4c53b4c
[   51.692723] r3 : 80c04c48  r2 : 00000000  r1 : bd7c5448  r0 : 00000022
[   51.693088] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   51.693449] Control: 10c5387d  Table: b50f406a  DAC: 00000051
[   51.693769] Process sh (pid: 107, stack limit = 0x4e9b7225)
[   51.694126] Stack: (0xbd237cb0 to 0xbd238000)

YOLO it and disable fortified source.

Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
---
 arch/arm/configs/aspeed_g5_defconfig | 1 -
 1 file changed, 1 deletion(-)

On Thu, May 14, 2020 at 10:57:03PM +0930, Andrew Jeffery wrote:
> Setting CONFIG_FORTIFY_SOURCE=y and CONFIG_KPROBES=y on arm gives a panic when
> trying to insert a new probe:
> 
> $ echo r:myretprobe do_sys_open '$retval' >> /sys/kernel/debug/tracing/kprobe_events
> [   51.688589] detected buffer overflow in memcpy
> [   51.689430] ------------[ cut here ]------------
> [   51.689627] kernel BUG at lib/string.c:1096!
> [   51.689800] Internal error: Oops - BUG: 0 [#1] SMP ARM
> [   51.690107] Modules linked in:
> [   51.690442] CPU: 0 PID: 107 Comm: sh Not tainted 5.4.39-00272-ga1ee7c973659 #6
> [   51.690674] Hardware name: Generic DT based system
> [   51.691184] PC is at fortify_panic+0x18/0x20
> [   51.691371] LR is at __irq_work_queue_local+0x40/0x7c
> [   51.691575] pc : [<8083eaa4>]    lr : [<8020e0ec>]    psr: 60000013
> [   51.691812] sp : bd237cb0  ip : bd237bc0  fp : bd237cbc
> [   51.692129] r10: 00000007  r9 : 00000000  r8 : 00000060
> [   51.692395] r7 : 8011f2f0  r6 : b5092480  r5 : 7f000000  r4 : b4c53b4c
> [   51.692723] r3 : 80c04c48  r2 : 00000000  r1 : bd7c5448  r0 : 00000022
> [   51.693088] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
> [   51.693449] Control: 10c5387d  Table: b50f406a  DAC: 00000051
> [   51.693769] Process sh (pid: 107, stack limit = 0x4e9b7225)
> [   51.694126] Stack: (0xbd237cb0 to 0xbd238000)
> 
> YOLO it and disable fortified source.
> 
> Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
> ---
>  arch/arm/configs/aspeed_g5_defconfig | 1 -
>  1 file changed, 1 deletion(-)

Doesn't this mean we're just hiding a bug with KPROBE code and
potentially hiding more bugs with other drivers?

On Thu, 14 May 2020, at 23:24, Patrick Williams wrote:
> On Thu, May 14, 2020 at 10:57:03PM +0930, Andrew Jeffery wrote:
> > Setting CONFIG_FORTIFY_SOURCE=y and CONFIG_KPROBES=y on arm gives a panic when
> > trying to insert a new probe:
> > 
> > $ echo r:myretprobe do_sys_open '$retval' >> /sys/kernel/debug/tracing/kprobe_events
> > [   51.688589] detected buffer overflow in memcpy
> > [   51.689430] ------------[ cut here ]------------
> > [   51.689627] kernel BUG at lib/string.c:1096!
> > [   51.689800] Internal error: Oops - BUG: 0 [#1] SMP ARM
> > [   51.690107] Modules linked in:
> > [   51.690442] CPU: 0 PID: 107 Comm: sh Not tainted 5.4.39-00272-ga1ee7c973659 #6
> > [   51.690674] Hardware name: Generic DT based system
> > [   51.691184] PC is at fortify_panic+0x18/0x20
> > [   51.691371] LR is at __irq_work_queue_local+0x40/0x7c
> > [   51.691575] pc : [<8083eaa4>]    lr : [<8020e0ec>]    psr: 60000013
> > [   51.691812] sp : bd237cb0  ip : bd237bc0  fp : bd237cbc
> > [   51.692129] r10: 00000007  r9 : 00000000  r8 : 00000060
> > [   51.692395] r7 : 8011f2f0  r6 : b5092480  r5 : 7f000000  r4 : b4c53b4c
> > [   51.692723] r3 : 80c04c48  r2 : 00000000  r1 : bd7c5448  r0 : 00000022
> > [   51.693088] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
> > [   51.693449] Control: 10c5387d  Table: b50f406a  DAC: 00000051
> > [   51.693769] Process sh (pid: 107, stack limit = 0x4e9b7225)
> > [   51.694126] Stack: (0xbd237cb0 to 0xbd238000)
> > 
> > YOLO it and disable fortified source.
> > 
> > Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
> > ---
> >  arch/arm/configs/aspeed_g5_defconfig | 1 -
> >  1 file changed, 1 deletion(-)
> 
> Doesn't this mean we're just hiding a bug with KPROBE code

Possibly.

> and
> potentially hiding more bugs with other drivers?

Yes.

You should view this series as "things I did to get kprobes 'working'" and not
"patches we should apply to the kernel tree". This one in particular was a
low-key troll patch to flush out any information on why
CONFIG_FORTIFY_SOURCE=y breaks kprobes in particular. I mean, it even
features "YOLO" in the commit mesage, so don't take it too seriously :)

Andrew

On Fri, 15 May 2020, at 07:40, Andrew Jeffery wrote:
> 
> 
> On Thu, 14 May 2020, at 23:24, Patrick Williams wrote:
> > On Thu, May 14, 2020 at 10:57:03PM +0930, Andrew Jeffery wrote:
> > > Setting CONFIG_FORTIFY_SOURCE=y and CONFIG_KPROBES=y on arm gives a panic when
> > > trying to insert a new probe:
> > > 
> > > $ echo r:myretprobe do_sys_open '$retval' >> /sys/kernel/debug/tracing/kprobe_events
> > > [   51.688589] detected buffer overflow in memcpy
> > > [   51.689430] ------------[ cut here ]------------
> > > [   51.689627] kernel BUG at lib/string.c:1096!
> > > [   51.689800] Internal error: Oops - BUG: 0 [#1] SMP ARM
> > > [   51.690107] Modules linked in:
> > > [   51.690442] CPU: 0 PID: 107 Comm: sh Not tainted 5.4.39-00272-ga1ee7c973659 #6
> > > [   51.690674] Hardware name: Generic DT based system
> > > [   51.691184] PC is at fortify_panic+0x18/0x20
> > > [   51.691371] LR is at __irq_work_queue_local+0x40/0x7c
> > > [   51.691575] pc : [<8083eaa4>]    lr : [<8020e0ec>]    psr: 60000013
> > > [   51.691812] sp : bd237cb0  ip : bd237bc0  fp : bd237cbc
> > > [   51.692129] r10: 00000007  r9 : 00000000  r8 : 00000060
> > > [   51.692395] r7 : 8011f2f0  r6 : b5092480  r5 : 7f000000  r4 : b4c53b4c
> > > [   51.692723] r3 : 80c04c48  r2 : 00000000  r1 : bd7c5448  r0 : 00000022
> > > [   51.693088] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
> > > [   51.693449] Control: 10c5387d  Table: b50f406a  DAC: 00000051
> > > [   51.693769] Process sh (pid: 107, stack limit = 0x4e9b7225)
> > > [   51.694126] Stack: (0xbd237cb0 to 0xbd238000)
> > > 
> > > YOLO it and disable fortified source.
> > > 
> > > Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
> > > ---
> > >  arch/arm/configs/aspeed_g5_defconfig | 1 -
> > >  1 file changed, 1 deletion(-)
> > 
> > Doesn't this mean we're just hiding a bug with KPROBE code
> 
> Possibly.
> 
> > and
> > potentially hiding more bugs with other drivers?
> 
> Yes.
> 
> You should view this series as "things I did to get kprobes 'working'" and not
> "patches we should apply to the kernel tree". This one in particular was a
> low-key troll patch to flush out any information on why
> CONFIG_FORTIFY_SOURCE=y breaks kprobes in particular.

In [1] Kees Cook suggests it's a false-positive and provides a potential fix. This
was submitted at [2]. [3] then fixes the fix. Turns out the issue needs fixing
again due to compiler advances, so I sent [4] but it looks like we might instead
resolve it by [5].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1639397
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e46daee53bb5
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ac569bf6a798
[4] https://lore.kernel.org/linux-arm-kernel/20200517153959.293224-1-andrew@aj.id.au/
[5] https://lore.kernel.org/linux-arm-kernel/202005171447.00CFE0C@keescook/

Andrew