Patch "kprobes: Prohibit probing on CFI preamble symbol" has been added to the 5.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 4 Sep 2023 18:41:16 -0400

This is a note to let you know that I've just added the patch titled

    kprobes: Prohibit probing on CFI preamble symbol

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kprobes-prohibit-probing-on-cfi-preamble-symbol.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 401290221679ef9f7b516fba976faf146390229f
Author: Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>
Date:   Tue Jul 11 10:50:47 2023 +0900

    kprobes: Prohibit probing on CFI preamble symbol
    
    [ Upstream commit de02f2ac5d8cfb311f44f2bf144cc20002f1fbbd ]
    
    Do not allow to probe on "__cfi_" or "__pfx_" started symbol, because those
    are used for CFI and not executed. Probing it will break the CFI.
    
    Link: https://lore.kernel.org/all/168904024679.116016.18089228029322008512.stgit@devnote2/
    
    Signed-off-by: Masami Hiramatsu (Google) <mhiramat@xxxxxxxxxx>
    Reviewed-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 86d71c49b4957..f1ea3123f3832 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1628,6 +1628,17 @@ int __weak arch_check_ftrace_location(struct kprobe *p)
 	return 0;
 }
 
+static bool is_cfi_preamble_symbol(unsigned long addr)
+{
+	char symbuf[KSYM_NAME_LEN];
+
+	if (lookup_symbol_name(addr, symbuf))
+		return false;
+
+	return str_has_prefix("__cfi_", symbuf) ||
+		str_has_prefix("__pfx_", symbuf);
+}
+
 static int check_kprobe_address_safe(struct kprobe *p,
 				     struct module **probed_mod)
 {
@@ -1646,7 +1657,8 @@ static int check_kprobe_address_safe(struct kprobe *p,
 	    within_kprobe_blacklist((unsigned long) p->addr) ||
 	    jump_label_text_reserved(p->addr, p->addr) ||
 	    static_call_text_reserved(p->addr, p->addr) ||
-	    find_bug((unsigned long)p->addr)) {
+	    find_bug((unsigned long)p->addr) ||
+	    is_cfi_preamble_symbol((unsigned long)p->addr)) {
 		ret = -EINVAL;
 		goto out;
 	}






