From: Michael Ellerman <mpe@ellerman.id.au>
To: Jann Horn <jannh@google.com>
Cc: linuxppc-dev@ozlabs.org, muriloo@linux.ibm.com
Subject: Re: [PATCH] powerpc: Don't print kernel instructions in show_user_instructions()
Date: Mon, 08 Oct 2018 19:23:02 +1100 [thread overview]
Message-ID: <87y3b826ft.fsf@concordia.ellerman.id.au> (raw)
In-Reply-To: <CAG48ez3OZ5iquQeeqsy_SaLQF04hf6kphTSuP=OfsWC35G+TbA@mail.gmail.com>
Jann Horn <jannh@google.com> writes:
> On Fri, Oct 5, 2018 at 3:21 PM Michael Ellerman <mpe@ellerman.id.au> wrote:
>> Recently we implemented show_user_instructions() which dumps the code
>> around the NIP when a user space process dies with an unhandled
>> signal. This was modelled on the x86 code, and we even went so far as
>> to implement the exact same bug, namely that if the user process
>> crashed with its NIP pointing into the kernel we will dump kernel text
>> to dmesg. eg:
>>
>> bad-bctr[2996]: segfault (11) at c000000000010000 nip c000000000010000 lr 12d0b0894 code 1
>> bad-bctr[2996]: code: fbe10068 7cbe2b78 7c7f1b78 fb610048 38a10028 38810020 fb810050 7f8802a6
>> bad-bctr[2996]: code: 3860001c f8010080 48242371 60000000 <7c7b1b79> 4082002c e8010080 eb610048
>>
>> This was discovered on x86 by Jann Horn and fixed in commit
>> 342db04ae712 ("x86/dumpstack: Don't dump kernel memory based on usermode RIP").
>>
>> Fix it by checking the adjusted NIP value (pc) and number of
>> instructions against USER_DS, and bail if we fail the check, eg:
>
> This fix looks good to me.
Thanks.
> In the long term, I think it is somewhat awkward to use
> probe_kernel_address(), which uses set_fs(KERNEL_DS), when you
> actually just want to access userspace memory. It might make sense to
> provide a better helper for explicitly accessing memory with USER_DS.
Yes I agree, it's a bit messy. A probe_user_read() that sets USER_DS and
does the access_ok() check would be less error prone I think.
cheers
next prev parent reply other threads:[~2018-10-08 8:24 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-05 13:21 [PATCH] powerpc: Don't print kernel instructions in show_user_instructions() Michael Ellerman
2018-10-05 13:52 ` Christophe LEROY
2018-10-08 8:12 ` Michael Ellerman
2018-10-05 14:02 ` Jann Horn
2018-10-08 8:23 ` Michael Ellerman [this message]
2018-10-05 17:29 ` Murilo Opsfelder Araujo
2018-10-06 12:14 ` Michael Ellerman
2018-10-18 9:28 ` [PATCH] " Christophe LEROY
2018-10-18 11:12 ` Jann Horn
2018-10-18 11:18 ` Christophe LEROY
2018-10-18 11:31 ` Jann Horn
2018-10-21 12:50 ` Michael Ellerman
2018-10-18 13:16 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y3b826ft.fsf@concordia.ellerman.id.au \
--to=mpe@ellerman.id.au \
--cc=jannh@google.com \
--cc=linuxppc-dev@ozlabs.org \
--cc=muriloo@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.