From patchwork Sun Dec 17 23:53:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 849729 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=tobin.cc header.i=@tobin.cc header.b="CEtCj/Cf"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="cxjOrePS"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3z0LcH5TBvz9sDB for ; Mon, 18 Dec 2017 10:54:23 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932186AbdLQXx6 (ORCPT ); Sun, 17 Dec 2017 18:53:58 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:57363 "EHLO out3-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757191AbdLQXxw (ORCPT ); Sun, 17 Dec 2017 18:53:52 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 60B3020DCE; Sun, 17 Dec 2017 18:53:51 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Sun, 17 Dec 2017 18:53:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=mv9z9HTaqkDGkbVRI JoZECVXAOGc9V23vp+CWvUA21A=; b=CEtCj/Cf/fnMJNS1OcSCTLFj7znv+zADj hrRJzgkKFKb4hUaYfHnX+CGe0EP/TfiS8Usa/bpY5FPkylxa17ZGf+OzcPXVrjlm kxyPN8lx2jDxWBpLqsGT2HRCKAT8tKuu0EokFYN7fjwhuJvZ9hC6qOpjTpiWzlI/ jfOjOtsMsk0Wy/rXA9xqHTHK1STY0mWng5n9xEES6q9ecc25nYa/+69eRLbmaaCe BHJ17vc0x79Dj6pFlKNAmiA5/aUXFrbFgDpl2kRun51H1TrIbZhxPgDPdlvPLbi1 3YBhMYPNKMLh1zO6IP2X0CEZbOVL2ML7mKu6s8iUUKc5L9yHr+kmw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=mv9z9HTaqkDGkbVRIJoZECVXAOGc9V23vp+CWvUA21A=; b=cxjOrePS damDF2NRl5mnBW/ky8xQ7s4T1qtCwmxsW07E6+K4ut3CkLG+K3T45eeeqebadqEH lJsBXo6NkwPF2spQw6f8hrYOTbEpeyip5/e+D3WTBHV/zV2kCc8o8zJ3cQJjpMTn Ct1mrTLxtT9A8ANqhGbmGNtJ63T+xAj0+TeKwi9raqy6Zmmkflp+MNTyFM96Gba7 UGoCFziGqFhKRAXv4UiSdGzPKPgPqwRBz2JGUNhQ/+npLL1pvcKHi/Xd5YinIx61 Ao7xk/bY5crTR2q2XtNfYXZrmAR2/VUhuNJyqxWAZsCqm6KzZW9bZj3SQ7HIO5nO waC4L6sA5Z6aNw== X-ME-Sender: Received: from localhost (unknown [124.170.221.129]) by mail.messagingengine.com (Postfix) with ESMTPA id A5E587E497; Sun, 17 Dec 2017 18:53:50 -0500 (EST) From: "Tobin C. Harding" To: kernel-hardening@lists.openwall.com Cc: "Tobin C. Harding" , Steven Rostedt , Tycho Andersen , Linus Torvalds , Kees Cook , Andrew Morton , Daniel Borkmann , Masahiro Yamada , Alexei Starovoitov , linux-kernel@vger.kernel.org, Network Development Subject: [PATCH 1/3] kallsyms: don't leak address when symbol not found Date: Mon, 18 Dec 2017 10:53:30 +1100 Message-Id: <1513554812-13014-2-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513554812-13014-1-git-send-email-me@tobin.cc> References: <1513554812-13014-1-git-send-email-me@tobin.cc> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Currently if kallsyms_lookup() fails to find the symbol then the address is printed. This potentially leaks sensitive information. Instead of printing the address we can return an error, giving the calling code the option to print the address or print some sanitized message. Return error instead of printing address to argument buffer. Leave buffer in a sane state. Signed-off-by: Tobin C. Harding --- kernel/kallsyms.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c index d5fa4116688a..23b9336c1461 100644 --- a/kernel/kallsyms.c +++ b/kernel/kallsyms.c @@ -394,8 +394,10 @@ static int __sprint_symbol(char *buffer, unsigned long address, address += symbol_offset; name = kallsyms_lookup(address, &size, &offset, &modname, buffer); - if (!name) - return sprintf(buffer, "0x%lx", address - symbol_offset); + if (!name) { + buffer[0] = '\0'; + return -1; + } if (name != buffer) strcpy(buffer, name); From patchwork Sun Dec 17 23:53:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 849730 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=tobin.cc header.i=@tobin.cc header.b="KEiWxmN3"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="pSMsRonQ"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3z0Lck2jyGz9sDB for ; Mon, 18 Dec 2017 10:54:46 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757691AbdLQXyd (ORCPT ); Sun, 17 Dec 2017 18:54:33 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:34021 "EHLO out3-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757622AbdLQXxz (ORCPT ); Sun, 17 Dec 2017 18:53:55 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 877D520DA4; Sun, 17 Dec 2017 18:53:54 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Sun, 17 Dec 2017 18:53:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=W0/70Jt4wydvsPrPr XT/qT3HtkhWHysmgMbFTm17vlo=; b=KEiWxmN3ocZUKn7TJAOxkkZdNLM9J8EJh oR4Wx6bi2+vYofJII1h+JZvhcmK020XPdT1/oAg4QGeL8gEpqnBdNEOu5AytdKhD o4LfMLiuzn/JZZ263ON8aL3qrNmOVgxOSk4a3guRdTWPYqK2WvadJUrPrqYxj8fC G7iZ7WUPXm90wVWn0npFj/FJCiC0Uqh+AAQ5ewZnbH6cw3JsC4/wkjcA2SDuiE1j zB6ZgC+fk6EboRcjM7iPvgEnytokVOauaCPmr7EScrytp6OLDDvWChaf/K9DyGg+ BCsBWJEZzf0nCk8DSF7A0C7V4GOZDXlpPCNhNJv3HHCDphRdIvIFQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=W0/70Jt4wydvsPrPrXT/qT3HtkhWHysmgMbFTm17vlo=; b=pSMsRonQ ojyZmhDx8bShVyrLOWRK3z+fWAZzv9y4SbykE5BXxciR616F/D0CtSNPA08oMEYI b1345pjWNWNMZdNfMyKY4/C8rC7IKw9+PQEIzkENEqlBWr+UlVGuXshLbQybvgS+ 204EWFAA0yY0mQcMs9UC6FzEgTp/G/f6MSJUxnMr1ECS0lc1+vFO1hNnGDs8/B8u rRLQIlirt/i1DIagXDOKimjRLqsmROG8xLell6GHIfL5e1ASrTOAoQneMSPadqIi aRKLWr2utVvOY5+L06ABkQdVJfk0v+R8eqpZ13tD9kvDg4Lqh8XLRnD8hg1ayiDL 8b3oLiH4n16MIw== X-ME-Sender: Received: from localhost (unknown [124.170.221.129]) by mail.messagingengine.com (Postfix) with ESMTPA id CECE37E497; Sun, 17 Dec 2017 18:53:53 -0500 (EST) From: "Tobin C. Harding" To: kernel-hardening@lists.openwall.com Cc: "Tobin C. Harding" , Steven Rostedt , Tycho Andersen , Linus Torvalds , Kees Cook , Andrew Morton , Daniel Borkmann , Masahiro Yamada , Alexei Starovoitov , linux-kernel@vger.kernel.org, Network Development Subject: [PATCH 2/3] vsprintf: print if symbol not found Date: Mon, 18 Dec 2017 10:53:31 +1100 Message-Id: <1513554812-13014-3-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513554812-13014-1-git-send-email-me@tobin.cc> References: <1513554812-13014-1-git-send-email-me@tobin.cc> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Depends on: commit bd6b239cdbb2 ("kallsyms: don't leak address when symbol not found") Currently vsprintf for specifiers %p[SsB] relies on the behaviour of kallsyms (sprint_symbol()) and prints the actual address if a symbol is not found. Previous patch changes this behaviour so tha sprint_symbol() returns an error if symbol not found. With this patch in place we can print a sanitized message '' instead of leaking the address. Print '' for printk specifier %s[sSB] if no symbol is found. Signed-off-by: Tobin C. Harding --- include/linux/kernel.h | 2 ++ lib/vsprintf.c | 18 +++++++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/include/linux/kernel.h b/include/linux/kernel.h index ce51455e2adf..89e8ce79c2d1 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -460,6 +460,8 @@ char *kvasprintf(gfp_t gfp, const char *fmt, va_list args); extern __printf(2, 0) const char *kvasprintf_const(gfp_t gfp, const char *fmt, va_list args); +extern int string_is_no_symbol(const char *s); + extern __scanf(2, 3) int sscanf(const char *, const char *, ...); extern __scanf(2, 0) diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 01c3957b2de6..c112b0980ead 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -667,6 +667,8 @@ char *bdev_name(char *buf, char *end, struct block_device *bdev, } #endif +#define PRINTK_NO_SYMBOL_STR "" + static noinline_for_stack char *symbol_string(char *buf, char *end, void *ptr, struct printf_spec spec, const char *fmt) @@ -674,6 +676,7 @@ char *symbol_string(char *buf, char *end, void *ptr, unsigned long value; #ifdef CONFIG_KALLSYMS char sym[KSYM_SYMBOL_LEN]; + int ret; #endif if (fmt[1] == 'R') @@ -682,11 +685,14 @@ char *symbol_string(char *buf, char *end, void *ptr, #ifdef CONFIG_KALLSYMS if (*fmt == 'B') - sprint_backtrace(sym, value); + ret = sprint_backtrace(sym, value); else if (*fmt != 'f' && *fmt != 's') - sprint_symbol(sym, value); + ret = sprint_symbol(sym, value); else - sprint_symbol_no_offset(sym, value); + ret = sprint_symbol_no_offset(sym, value); + + if (ret == -1) + strcpy(sym, PRINTK_NO_SYMBOL_STR); return string(buf, end, sym, spec); #else @@ -694,6 +700,12 @@ char *symbol_string(char *buf, char *end, void *ptr, #endif } +int string_is_no_symbol(const char *s) +{ + return !!strstr(s, PRINTK_NO_SYMBOL_STR); +} +EXPORT_SYMBOL(string_is_no_symbol); + static noinline_for_stack char *resource_string(char *buf, char *end, struct resource *res, struct printf_spec spec, const char *fmt) From patchwork Sun Dec 17 23:53:32 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Tobin C. Harding" X-Patchwork-Id: 849728 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=tobin.cc header.i=@tobin.cc header.b="bPZV4T30"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="TYqYzP4R"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3z0Lc6443Cz9sDB for ; Mon, 18 Dec 2017 10:54:14 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757637AbdLQXyA (ORCPT ); Sun, 17 Dec 2017 18:54:00 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:34925 "EHLO out3-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932158AbdLQXx6 (ORCPT ); Sun, 17 Dec 2017 18:53:58 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id B0FAA20E0C; Sun, 17 Dec 2017 18:53:57 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Sun, 17 Dec 2017 18:53:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=zxNtm9gAUcU/benW0 zdQ3UnutO1bdXMPyHB3RmH7zG0=; b=bPZV4T30rL4tJpSW2+vRq3ICwy/Z7d/wh o8mm9TdOKA+nVdYXXJIcvPKuziG5tembKdYzL7UBMaEy2ySAypueP1D+Dql+ZG06 zvkhqdcZPOWAi8H0N/KA9MD8sy3t5TdmK8yHezVqdXp+JlKJBn2RbnHCJRbS/JLP ac2JNbE4ydpnmGvW+UJVruJRioy6WoLkA2snWpwJdEBTy+wsvRPkCvwXX2e69ZGd puR/FnQr/d26w0yQ/4J5QG1Pp9wHQw9zcFaqbcv75Kyn5qQ6yL/7kBAk4HmKzekg OanO2q3uSNcJIBaq690B8tIBreeZGMetZQzhO8Ez0zVC97htRJWSw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=zxNtm9gAUcU/benW0zdQ3UnutO1bdXMPyHB3RmH7zG0=; b=TYqYzP4R yKziVmvD6quxjkXWqKKh/Yzi9rEY9/p4JTJTUz2HiA5s6TevrJhe0qPgvtk9Viot mm+whR8S67QK40KnYsQpu0YNAXHbpyNJRaktXXj+hvfcRGsOIbOf1c6so7lL9af6 YhuezxukuSQFJRCuACXHRmCP4TTYLtp7La2UlgPvP4mluUtkUbDfm4YUuIhzJuLG cmFh4yle5N7I6KBxV3CMuYxkg07qLsNUyIRdQCYeFeTeMmodfF8d5eq8si8nvcP7 13AOw6y/dVKIXCA6Tm+df4WqBclWi9auaJHN4rxT78SEenNh0TAU4bI4b9O+DgZo cO9HP98THw7How== X-ME-Sender: Received: from localhost (unknown [124.170.221.129]) by mail.messagingengine.com (Postfix) with ESMTPA id 00D0124217; Sun, 17 Dec 2017 18:53:56 -0500 (EST) From: "Tobin C. Harding" To: kernel-hardening@lists.openwall.com Cc: "Tobin C. Harding" , Steven Rostedt , Tycho Andersen , Linus Torvalds , Kees Cook , Andrew Morton , Daniel Borkmann , Masahiro Yamada , Alexei Starovoitov , linux-kernel@vger.kernel.org, Network Development Subject: [PATCH 3/3] trace: print address if symbol not found Date: Mon, 18 Dec 2017 10:53:32 +1100 Message-Id: <1513554812-13014-4-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1513554812-13014-1-git-send-email-me@tobin.cc> References: <1513554812-13014-1-git-send-email-me@tobin.cc> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Fixes behaviour modified by: commit bd6b239cdbb2 ("kallsyms: don't leak address when symbol not found") Previous patch changed behaviour of kallsyms function sprint_symbol() to return an error code instead of printing the address if a symbol was not found. Ftrace relies on the original behaviour. We should not break tracing when applying the previous patch. We can maintain the original behaviour by checking the return code on calls to sprint_symbol() and friends. Check return code and print actual address on error (i.e symbol not found). Signed-off-by: Tobin C. Harding --- kernel/trace/trace.h | 24 ++++++++++++++++++++++++ kernel/trace/trace_events_hist.c | 6 +++--- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h index 2a6d0325a761..881b1a577d75 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h @@ -1814,4 +1814,28 @@ static inline void trace_event_eval_update(struct trace_eval_map **map, int len) extern struct trace_iterator *tracepoint_print_iter; +static inline int +trace_sprint_symbol(char *buffer, unsigned long address) +{ + int ret; + + ret = sprint_symbol(buffer, address); + if (ret == -1) + ret = sprintf(buffer, "0x%lx", address); + + return ret; +} + +static inline int +trace_sprint_symbol_no_offset(char *buffer, unsigned long address) +{ + int ret; + + ret = sprint_symbol_no_offset(buffer, address); + if (ret == -1) + ret = sprintf(buffer, "0x%lx", address); + + return ret; +} + #endif /* _LINUX_KERNEL_TRACE_H */ diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 1e1558c99d56..3e28522a76f4 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -982,7 +982,7 @@ static void hist_trigger_stacktrace_print(struct seq_file *m, return; seq_printf(m, "%*c", 1 + spaces, ' '); - sprint_symbol(str, stacktrace_entries[i]); + trace_sprint_symbol_addr(str, stacktrace_entries[i]); seq_printf(m, "%s\n", str); } } @@ -1014,12 +1014,12 @@ hist_trigger_entry_print(struct seq_file *m, seq_printf(m, "%s: %llx", field_name, uval); } else if (key_field->flags & HIST_FIELD_FL_SYM) { uval = *(u64 *)(key + key_field->offset); - sprint_symbol_no_offset(str, uval); + trace_sprint_symbol_no_offset(str, uval); seq_printf(m, "%s: [%llx] %-45s", field_name, uval, str); } else if (key_field->flags & HIST_FIELD_FL_SYM_OFFSET) { uval = *(u64 *)(key + key_field->offset); - sprint_symbol(str, uval); + trace_sprint_symbol(str, uval); seq_printf(m, "%s: [%llx] %-55s", field_name, uval, str); } else if (key_field->flags & HIST_FIELD_FL_EXECNAME) {