search

foss-for-synopsys-dwc-arc-processors / linux

Helpful resources for users & developers of Linux kernel for ARC
22 stars 13 forks source link

CONFIG_HARDENED_USERCOPY detects kernel memory overwrite attempt to kernel text #15

Closed EvgeniiDidin closed 3 years ago

EvgeniiDidin commented 4 years ago

Starting Linux kernel v5.4.22 on both HSDK & nSIM with ARC HS with enabled CONFIG_HARDENED_USERCOPY option ends up with hang with the next message:

usercopy: Kernel memory overwrite attempt detected to kernel text (offset 155633, size 11)!
usercopy: BUG: failure at mm/usercopy.c:99/usercopy_abort()!

gcc generated __builtin_trap
Path: /bin/busybox
CPU: 0 PID: 84 Comm: init Not tainted 5.4.22 

[ECR ]: 0x00090005 => gcc generated __builtin_trap
[EFA ]: 0x9024fcaa
[BLINK ]: usercopy_abort+0x8a/0x8c
[ERET ]: memfd_fcntl+0x0/0x470
[STAT32]: 0x80080802 : IE K  
BTA: 0x901ba38c SP: 0xbe161ecc FP: 0xbf9fe950
LPS: 0x90677408 LPE: 0x9067740c LPC: 0x00000000
r00: 0x0000003c r01: 0xbf0ed280 r02: 0x00000000
r03: 0xbe15fa30 r04: 0x00d2803e r05: 0x00000000
r06: 0x675d7000 r07: 0x00000000 r08: 0x675d9c00
r09: 0x00000000 r10: 0x0000035c r11: 0x61206572
r12: 0x9024fcaa r13: 0x0000000b r14: 0x0000000b
r15: 0x00000000 r16: 0x90169ffc r17: 0x90168000
r18: 0x00000000 r19: 0xbf092010 r20: 0x00000001
r21: 0x00000011 r22: 0x5ffffff1 r23: 0x90169ff1
r24: 0xbe196c00 r25: 0xbf0ed280

Stack Trace:
 memfd_fcntl+0x0/0x470
 usercopy_abort+0x8a/0x8c
 __check_object_size+0x10e/0x138
 copy_strings+0x1f4/0x38c
 __do_execve_file+0x352/0x848
 EV_Trap+0xcc/0xd0
vineetgarc commented 4 years ago

@Palmyr3 care to take a look at this one ? Adding @abrodkin to mix as well

abrodkin commented 4 years ago

@EvgeniiDidin could you please elaborate a bit on how important is that one for us? I.e. is it required by some project like OpenWrt etc? That will help us to prioritize it properly.

EvgeniiDidin commented 4 years ago

In OpenWrt CONFIG_HARDENED_USERCOPY=y option was added for all targets in generic Linux configuration files, see: https://github.com/openwrt/openwrt/commit/9b1239451d6598f39b3689c8c6e0d6147965e601

Disabling this option in target/linux/archs38/config-* file we can work-around this issue (specific target config is of higher priority).

vineetgarc commented 3 years ago

Fix posted: http://lists.infradead.org/pipermail/linux-snps-arc/2021-June/005203.html

vineetgarc commented 3 years ago

Merged upstream for 5.13-rc7 inclusion. 2021-02-26 110febc0148f ARC: fix CONFIG_HARDENED_USERCOPY