ACK/cmnt: [PATCH] x86/kprobes: Fix optprobe to detect INT3 padding correctly
Tim Gardner
tim.gardner at canonical.com
Wed Mar 10 12:52:04 UTC 2021
On 3/10/21 4:25 AM, Kleber Souza wrote:
> On 08.03.21 21:49, Tim Gardner wrote:
>> From: Masami Hiramatsu <mhiramat at kernel.org>
>>
>> CVE-2021-3411
>>
>> commit 0d07c0ec4381f630c801539c79ad8dcc627f6e4a upstream.
>>
>> Commit
>>
>> 7705dc855797 ("x86/vmlinux: Use INT3 instead of NOP for linker fill
>> bytes")
>>
>> changed the padding bytes between functions from NOP to INT3. However,
>> when optprobe decodes a target function it finds INT3 and gives up the
>> jump optimization.
>>
>> Instead of giving up any INT3 detection, check whether the rest of the
>> bytes to the end of the function are INT3. If all of them are INT3,
>> those come from the linker. In that case, continue the optprobe jump
>> optimization.
>>
>> [ bp: Massage commit message. ]
>>
>> Fixes: 7705dc855797 ("x86/vmlinux: Use INT3 instead of NOP for linker
>> fill bytes")
>> Reported-by: Adam Zabrocki <pi3 at pi3.com.pl>
>> Signed-off-by: Masami Hiramatsu <mhiramat at kernel.org>
>> Signed-off-by: Borislav Petkov <bp at suse.de>
>> Reviewed-by: Steven Rostedt (VMware) <rostedt at goodmis.org>
>> Reviewed-by: Kees Cook <keescook at chromium.org>
>> Cc: stable at vger.kernel.org
>> Link:
>> https://lkml.kernel.org/r/160767025681.3880685.16021570341428835411.stgit@devnote2
>>
>> Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
>>
>> (backported from commit d4f949439d2748209b004b4003e21285e580909d)
>
> This sha1 seems to come from the linux-5.9.y linux-stable branch, so we
> should add the
> "linux-5.9.y" prefix to the line above.
>
Whoops. Indeed it came from v5.9.14.
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list