Re: [PATCH] x86/optprobe: Fix OPTPROBE vs UACCESS

From: Peter Zijlstra
Date: Thu Mar 05 2020 - 06:59:23 EST

Next message: Jakub Sitnicki: "Re: [PATCH bpf-next v3 01/12] bpf: sockmap: only check ULP for TCP sockets"
Previous message: afzal mohammed: "[PATCH v4] MIPS: Replace setup_irq() by request_irq()"
In reply to: Masami Hiramatsu: "Re: [PATCH] x86/optprobe: Fix OPTPROBE vs UACCESS"
Next in thread: kbuild test robot: "Re: [PATCH] x86/optprobe: Fix OPTPROBE vs UACCESS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 05, 2020 at 07:40:06PM +0900, Masami Hiramatsu wrote:
> Hi Peter,
>
> On Thu, 5 Mar 2020 10:21:30 +0100
> Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> >
> > While looking at an objtool UACCESS warning, it suddenly occurred to me
> > that it is entirely possible to have an OPTPROBE right in the middle of
> > an UACCESS region.
> >
> > In this case we must of course clear FLAGS.AC while running the KPROBE.
> > Luckily the trampoline already saves/restores [ER]FLAGS, so all we need
> > to do is inject a CLAC. Unfortunately we cannot use ALTERNATIVE() in the
> > trampoline text, so we have to frob that manually.
>
> Good catch! so this prevents optprobe handler to access user space
> avoiding SMAP feature.

Yes that, but also worse, since the patch referenced by Fixes, x86_64 no
longer saves/restores FLAGS on context switch, and if the OPTPROBE were
to (accidentally) call into schedule() (say through preempt_enable()),
the next task could also run without SMAP for a while.

> Acked-by: Masami Hiramatsu <mhiramat@xxxxxxxxxx>

Thanks!

Next message: Jakub Sitnicki: "Re: [PATCH bpf-next v3 01/12] bpf: sockmap: only check ULP for TCP sockets"
Previous message: afzal mohammed: "[PATCH v4] MIPS: Replace setup_irq() by request_irq()"
In reply to: Masami Hiramatsu: "Re: [PATCH] x86/optprobe: Fix OPTPROBE vs UACCESS"
Next in thread: kbuild test robot: "Re: [PATCH] x86/optprobe: Fix OPTPROBE vs UACCESS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]