Bug 1639397
Summary: | 32-bit arm kernel arch_prepare_optimized_kprobe panics due to FORTIFY_SOURCE check for memcpy | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | William Cohen <wcohen> |
Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 28 | CC: | airlied, bskeggs, ewk, hdegoede, hongzhi.song, ichavero, itamar, jarodwilson, jglisse, john.j5live, jonathan, josef, kees, kernel-maint, linville, mchehab, mjg59, steved |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | arm | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-02-21 21:13:39 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
William Cohen
2018-10-15 15:40:37 UTC
This can be replicated without systemtap by running the following perf command as root: perf probe -a kernel_vfs_write_return=vfs_write%return This appears to be a false positive, due to the arm compiler treating inline-asm global labels as unsigned long _values_ instead of an unsigned char *. This fixes it for me: diff --git a/arch/arm/probes/kprobes/opt-arm.c b/arch/arm/probes/kprobes/opt-arm.c index b2aa9b32bff2..2c118a6ab358 100644 --- a/arch/arm/probes/kprobes/opt-arm.c +++ b/arch/arm/probes/kprobes/opt-arm.c @@ -247,7 +247,7 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op, struct kprobe *or } /* Copy arch-dep-instance from template. */ - memcpy(code, &optprobe_template_entry, + memcpy(code, (unsigned char *)optprobe_template_entry, TMPL_END_IDX * sizeof(kprobe_opcode_t)); /* Adjust buffer according to instruction. */ (In reply to Kees Cook from comment #2) > This appears to be a false positive, due to the arm compiler treating > inline-asm global labels as unsigned long _values_ instead of an unsigned > char *. This fixes it for me: > > diff --git a/arch/arm/probes/kprobes/opt-arm.c > b/arch/arm/probes/kprobes/opt-arm.c > index b2aa9b32bff2..2c118a6ab358 100644 > --- a/arch/arm/probes/kprobes/opt-arm.c > +++ b/arch/arm/probes/kprobes/opt-arm.c > @@ -247,7 +247,7 @@ int arch_prepare_optimized_kprobe(struct > optimized_kprobe *op, struct kprobe *or > } > > /* Copy arch-dep-instance from template. */ > - memcpy(code, &optprobe_template_entry, > + memcpy(code, (unsigned char *)optprobe_template_entry, > TMPL_END_IDX * sizeof(kprobe_opcode_t)); > > /* Adjust buffer according to instruction. */ I find a new problem introduced by this way. Issue: register_kprobe() will fail on arm. Reproduce: 1. Machine: ARM 2. CONFIG_SAMPLES=y CONFIG_SAMPLE_KPROBES=m build an arm kernel image with above patch make ARCH=arm CROSS_COMPILE=arm-gcc 3. build kprobe_example.c under kernel-source/samples/kprobe/ make modules 4. run arm kernel with qemu 5. modprobe kprobe_example Then the console will prompt: Unable to handle kernel paging request at virtual address e24dd0fc [ 102.687559] pgd = 109ab7a1 [ 102.688274] [e24dd0fc] *pgd=00000000 [ 102.690136] Internal error: Oops: 5 [#1] PREEMPT ARM [ 102.691848] Modules linked in: kprobe_example(+) ... [ 103.075173] Backtrace: [ 103.081256] [<c001eaf8>] (arch_prepare_optimized_kprobe) from [<c00b0ad8>] (alloc_aggr_kprobe+0x5c/0x6c) [ 103.092807] r9:00000002 r8:bf0001e0 r7:00000000 r6:00000000 r5:bf0001d8 r4:ce8c3a80 [ 103.104176] [<c00b0a7c>] (alloc_aggr_kprobe) from [<c00b058c>] (register_kprobe+0x4a0/0x53c) [ 103.115408] r5:00000000 r4:bf0001d8 [ 103.121722] [<c00b00ec>] (register_kprobe) from [<bf002038>] (kprobe_init+0x38/0xc0 [kprobe_example]) [ 103.132876] r9:00000002 r8:c0b50920 r7:00000000 r6:bf002000 r5:c0abf048 r4:bf0001d8 [ 103.143766] [<bf002000>] (kprobe_init [kprobe_example]) from [<c000b5b4>] (do_one_initcall+0xc8/0x20c) [ 103.154720] r5:c0abf048 r4:ffffe000 *********** MASS BUG UPDATE ************** We apologize for the inconvenience. There are a large number of bugs to go through and several of them have gone stale. Due to this, we are doing a mass bug update across all of the Fedora 28 kernel bugs. Fedora 28 has now been rebased to 4.20.5-100.fc28. Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel. If you have moved on to Fedora 29, and are still experiencing this issue, please change the version to Fedora 29. If you experience different issues, please open a new bug report for those. *********** MASS BUG UPDATE ************** This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 3 weeks. If you are still experiencing this issue, please reopen and attach the relevant data from the latest kernel you are running and any data that might have been requested previously. |