From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, huangshaobo <huangshaobo6@huawei.com>,
Ard Biesheuvel <ardb@kernel.org>,
"Russell King (Oracle)" <rmk+kernel@armlinux.org.uk>
Subject: [PATCH 5.10 052/100] ARM: 9170/1: fix panic when kasan and kprobe are enabled
Date: Mon, 31 Jan 2022 11:56:13 +0100 [thread overview]
Message-ID: <20220131105222.189561789@linuxfoundation.org> (raw)
In-Reply-To: <20220131105220.424085452@linuxfoundation.org>
From: sparkhuang <huangshaobo6@huawei.com>
commit 8b59b0a53c840921b625378f137e88adfa87647e upstream.
arm32 uses software to simulate the instruction replaced
by kprobe. some instructions may be simulated by constructing
assembly functions. therefore, before executing instruction
simulation, it is necessary to construct assembly function
execution environment in C language through binding registers.
after kasan is enabled, the register binding relationship will
be destroyed, resulting in instruction simulation errors and
causing kernel panic.
the kprobe emulate instruction function is distributed in three
files: actions-common.c actions-arm.c actions-thumb.c, so disable
KASAN when compiling these files.
for example, use kprobe insert on cap_capable+20 after kasan
enabled, the cap_capable assembly code is as follows:
<cap_capable>:
e92d47f0 push {r4, r5, r6, r7, r8, r9, sl, lr}
e1a05000 mov r5, r0
e280006c add r0, r0, #108 ; 0x6c
e1a04001 mov r4, r1
e1a06002 mov r6, r2
e59fa090 ldr sl, [pc, #144] ;
ebfc7bf8 bl c03aa4b4 <__asan_load4>
e595706c ldr r7, [r5, #108] ; 0x6c
e2859014 add r9, r5, #20
......
The emulate_ldr assembly code after enabling kasan is as follows:
c06f1384 <emulate_ldr>:
e92d47f0 push {r4, r5, r6, r7, r8, r9, sl, lr}
e282803c add r8, r2, #60 ; 0x3c
e1a05000 mov r5, r0
e7e37855 ubfx r7, r5, #16, #4
e1a00008 mov r0, r8
e1a09001 mov r9, r1
e1a04002 mov r4, r2
ebf35462 bl c03c6530 <__asan_load4>
e357000f cmp r7, #15
e7e36655 ubfx r6, r5, #12, #4
e205a00f and sl, r5, #15
0a000001 beq c06f13bc <emulate_ldr+0x38>
e0840107 add r0, r4, r7, lsl #2
ebf3545c bl c03c6530 <__asan_load4>
e084010a add r0, r4, sl, lsl #2
ebf3545a bl c03c6530 <__asan_load4>
e2890010 add r0, r9, #16
ebf35458 bl c03c6530 <__asan_load4>
e5990010 ldr r0, [r9, #16]
e12fff30 blx r0
e356000f cm r6, #15
1a000014 bne c06f1430 <emulate_ldr+0xac>
e1a06000 mov r6, r0
e2840040 add r0, r4, #64 ; 0x40
......
when running in emulate_ldr to simulate the ldr instruction, panic
occurred, and the log is as follows:
Unable to handle kernel NULL pointer dereference at virtual address
00000090
pgd = ecb46400
[00000090] *pgd=2e0fa003, *pmd=00000000
Internal error: Oops: 206 [#1] SMP ARM
PC is at cap_capable+0x14/0xb0
LR is at emulate_ldr+0x50/0xc0
psr: 600d0293 sp : ecd63af8 ip : 00000004 fp : c0a7c30c
r10: 00000000 r9 : c30897f4 r8 : ecd63cd4
r7 : 0000000f r6 : 0000000a r5 : e59fa090 r4 : ecd63c98
r3 : c06ae294 r2 : 00000000 r1 : b7611300 r0 : bf4ec008
Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
Control: 32c5387d Table: 2d546400 DAC: 55555555
Process bash (pid: 1643, stack limit = 0xecd60190)
(cap_capable) from (kprobe_handler+0x218/0x340)
(kprobe_handler) from (kprobe_trap_handler+0x24/0x48)
(kprobe_trap_handler) from (do_undefinstr+0x13c/0x364)
(do_undefinstr) from (__und_svc_finish+0x0/0x30)
(__und_svc_finish) from (cap_capable+0x18/0xb0)
(cap_capable) from (cap_vm_enough_memory+0x38/0x48)
(cap_vm_enough_memory) from
(security_vm_enough_memory_mm+0x48/0x6c)
(security_vm_enough_memory_mm) from
(copy_process.constprop.5+0x16b4/0x25c8)
(copy_process.constprop.5) from (_do_fork+0xe8/0x55c)
(_do_fork) from (SyS_clone+0x1c/0x24)
(SyS_clone) from (__sys_trace_return+0x0/0x10)
Code: 0050a0e1 6c0080e2 0140a0e1 0260a0e1 (f801f0e7)
Fixes: 35aa1df43283 ("ARM kprobes: instruction single-stepping support")
Fixes: 421015713b30 ("ARM: 9017/2: Enable KASan for ARM")
Signed-off-by: huangshaobo <huangshaobo6@huawei.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/probes/kprobes/Makefile | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/arm/probes/kprobes/Makefile
+++ b/arch/arm/probes/kprobes/Makefile
@@ -1,4 +1,7 @@
# SPDX-License-Identifier: GPL-2.0
+KASAN_SANITIZE_actions-common.o := n
+KASAN_SANITIZE_actions-arm.o := n
+KASAN_SANITIZE_actions-thumb.o := n
obj-$(CONFIG_KPROBES) += core.o actions-common.o checkers-common.o
obj-$(CONFIG_ARM_KPROBES_TEST) += test-kprobes.o
test-kprobes-objs := test-core.o
next prev parent reply other threads:[~2022-01-31 11:07 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-31 10:55 [PATCH 5.10 000/100] 5.10.96-rc1 review Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 001/100] Bluetooth: refactor malicious adv data check Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 002/100] media: venus: core: Drop second v4l2 device unregister Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 003/100] net: sfp: ignore disabled SFP node Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 004/100] net: stmmac: skip only stmmac_ptp_register when resume from suspend Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 005/100] s390/module: fix loading modules with a lot of relocations Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 006/100] s390/hypfs: include z/VM guests with access control group set Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 007/100] bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack() Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 008/100] scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 009/100] udf: Restore i_lenAlloc when inode expansion fails Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 010/100] udf: Fix NULL ptr deref when converting from inline format Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 011/100] efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Greg Kroah-Hartman
2022-02-03 20:52 ` Pavel Machek
2022-02-03 20:59 ` Matthew Garrett
2022-01-31 10:55 ` [PATCH 5.10 012/100] PM: wakeup: simplify the output logic of pm_show_wakelocks() Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 013/100] tracing/histogram: Fix a potential memory leak for kstrdup() Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 014/100] tracing: Dont inc err_log entry count if entry allocation fails Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 015/100] ceph: properly put ceph_string reference after async create attempt Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 016/100] ceph: set pool_ns in new inode layout for async creates Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 017/100] fsnotify: fix fsnotify hooks in pseudo filesystems Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 018/100] Revert "KVM: SVM: avoid infinite loop on NPF from bad address" Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 019/100] perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 020/100] drm/etnaviv: relax submit size limits Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 021/100] KVM: x86: Update vCPUs runtime CPUID on write to MSR_IA32_XSS Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 022/100] arm64: errata: Fix exec handling in erratum 1418040 workaround Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 023/100] netfilter: nft_payload: do not update layer 4 checksum when mangling fragments Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 024/100] serial: 8250: of: Fix mapped region size when using reg-offset property Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 025/100] serial: stm32: fix software flow control transfer Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 026/100] tty: n_gsm: fix SW flow control encoding/handling Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 027/100] tty: Add support for Brainboxes UC cards Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 028/100] usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 029/100] usb: xhci-plat: fix crash when suspend if remote wake enable Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 030/100] usb: common: ulpi: Fix crash in ulpi_match() Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 031/100] usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 032/100] USB: core: Fix hang in usb_kill_urb by adding memory barriers Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 033/100] usb: typec: tcpm: Do not disconnect while receiving VBUS off Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 034/100] ucsi_ccg: Check DEV_INT bit only when starting CCG4 Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 035/100] jbd2: export jbd2_journal_[grab|put]_journal_head Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 036/100] ocfs2: fix a deadlock when commit trans Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 037/100] sched/membarrier: Fix membarrier-rseq fence command missing from query bitmask Greg Kroah-Hartman
2022-01-31 10:55 ` [PATCH 5.10 038/100] x86/MCE/AMD: Allow thresholding interface updates after init Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 039/100] powerpc/32s: Allocate one 256k IBAT instead of two consecutives 128k IBATs Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 040/100] powerpc/32s: Fix kasan_init_region() for KASAN Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 041/100] powerpc/32: Fix boot failure with GCC latent entropy plugin Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 042/100] i40e: Increase delay to 1 s after global EMP reset Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 043/100] i40e: Fix issue when maximum queues is exceeded Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 044/100] i40e: Fix queues reservation for XDP Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 045/100] i40e: Fix for failed to init adminq while VF reset Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 046/100] i40e: fix unsigned stat widths Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 047/100] usb: roles: fix include/linux/usb/role.h compile issue Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 048/100] rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 049/100] rpmsg: char: Fix race between the release of rpmsg_eptdev " Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 050/100] scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 051/100] ipv6_tunnel: Rate limit warning messages Greg Kroah-Hartman
2022-01-31 10:56 ` Greg Kroah-Hartman [this message]
2022-01-31 10:56 ` [PATCH 5.10 053/100] net: fix information leakage in /proc/net/ptype Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 054/100] hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 055/100] hwmon: (lm90) Mark alert as broken for MAX6680 Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 056/100] ping: fix the sk_bound_dev_if match in ping_lookup Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 057/100] ipv4: avoid using shared IP generator for connected sockets Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 058/100] hwmon: (lm90) Reduce maximum conversion rate for G781 Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 059/100] NFSv4: Handle case where the lookup of a directory fails Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 060/100] NFSv4: nfs_atomic_open() can race when looking up a non-regular file Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 061/100] net-procfs: show net devices bound packet types Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 062/100] drm/msm: Fix wrong size calculation Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 063/100] drm/msm/dsi: Fix missing put_device() call in dsi_get_phy Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 064/100] drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 065/100] ipv6: annotate accesses to fn->fn_sernum Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 066/100] NFS: Ensure the server has an up to date ctime before hardlinking Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 067/100] NFS: Ensure the server has an up to date ctime before renaming Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 068/100] powerpc64/bpf: Limit ldbrx to processors compliant with ISA v2.06 Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 069/100] netfilter: conntrack: dont increment invalid counter on NF_REPEAT Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 070/100] kernel: delete repeated words in comments Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 071/100] perf: Fix perf_event_read_local() time Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 072/100] sched/pelt: Relax the sync of util_sum with util_avg Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 073/100] net: phy: broadcom: hook up soft_reset for BCM54616S Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 074/100] phylib: fix potential use-after-free Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 075/100] octeontx2-pf: Forward error codes to VF Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 076/100] rxrpc: Adjust retransmission backoff Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 077/100] efi/libstub: arm64: Fix image check alignment at entry Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 078/100] hwmon: (lm90) Mark alert as broken for MAX6654 Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 079/100] powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 080/100] net: ipv4: Move ip_options_fragment() out of loop Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 081/100] net: ipv4: Fix the warning for dereference Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 082/100] ipv4: fix ip option filtering for locally generated fragments Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 083/100] ibmvnic: init ->running_cap_crqs early Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 084/100] ibmvnic: dont spin in tasklet Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 085/100] video: hyperv_fb: Fix validation of screen resolution Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 086/100] drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 087/100] drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 088/100] yam: fix a memory leak in yam_siocdevprivate() Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 089/100] net: cpsw: Properly initialise struct page_pool_params Greg Kroah-Hartman
2022-01-31 20:19 ` Colin Foster
2022-02-01 10:37 ` Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 090/100] net: hns3: handle empty unknown interrupt for VF Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 091/100] Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values" Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 092/100] net: bridge: vlan: fix single net device option dumping Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 093/100] ipv4: raw: lock the socket in raw_bind() Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 094/100] ipv4: tcp: send zero IPID in SYNACK messages Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 095/100] ipv4: remove sparse error in ip_neigh_gw4() Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 096/100] net: bridge: vlan: fix memory leak in __allowed_ingress Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 097/100] dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config Greg Kroah-Hartman
2022-01-31 10:56 ` [PATCH 5.10 098/100] usr/include/Makefile: add linux/nfc.h to the compile-test coverage Greg Kroah-Hartman
2022-01-31 10:57 ` [PATCH 5.10 099/100] fsnotify: invalidate dcache before IN_DELETE event Greg Kroah-Hartman
2022-01-31 10:57 ` [PATCH 5.10 100/100] block: Fix wrong offset in bio_truncate() Greg Kroah-Hartman
2022-01-31 20:04 ` [PATCH 5.10 000/100] 5.10.96-rc1 review Florian Fainelli
2022-01-31 22:17 ` Shuah Khan
2022-02-01 4:24 ` Guenter Roeck
2022-02-01 7:49 ` Naresh Kamboju
2022-02-01 12:05 ` Pavel Machek
2022-02-01 12:45 ` Pavel Machek
2022-02-01 15:41 ` Sudip Mukherjee
2022-02-02 2:34 ` Fox Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220131105222.189561789@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ardb@kernel.org \
--cc=huangshaobo6@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rmk+kernel@armlinux.org.uk \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).