CONFIG_HARDENED_USERCOPY detects kernel memory overwrite attempt to kernel text
EvgeniiDidin opened this issue · 5 comments
Starting Linux kernel v5.4.22 on both HSDK & nSIM with ARC HS with enabled CONFIG_HARDENED_USERCOPY option ends up with hang with the next message:
usercopy: Kernel memory overwrite attempt detected to kernel text (offset 155633, size 11)!
usercopy: BUG: failure at mm/usercopy.c:99/usercopy_abort()!
gcc generated __builtin_trap
Path: /bin/busybox
CPU: 0 PID: 84 Comm: init Not tainted 5.4.22
[ECR ]: 0x00090005 => gcc generated __builtin_trap
[EFA ]: 0x9024fcaa
[BLINK ]: usercopy_abort+0x8a/0x8c
[ERET ]: memfd_fcntl+0x0/0x470
[STAT32]: 0x80080802 : IE K
BTA: 0x901ba38c SP: 0xbe161ecc FP: 0xbf9fe950
LPS: 0x90677408 LPE: 0x9067740c LPC: 0x00000000
r00: 0x0000003c r01: 0xbf0ed280 r02: 0x00000000
r03: 0xbe15fa30 r04: 0x00d2803e r05: 0x00000000
r06: 0x675d7000 r07: 0x00000000 r08: 0x675d9c00
r09: 0x00000000 r10: 0x0000035c r11: 0x61206572
r12: 0x9024fcaa r13: 0x0000000b r14: 0x0000000b
r15: 0x00000000 r16: 0x90169ffc r17: 0x90168000
r18: 0x00000000 r19: 0xbf092010 r20: 0x00000001
r21: 0x00000011 r22: 0x5ffffff1 r23: 0x90169ff1
r24: 0xbe196c00 r25: 0xbf0ed280
Stack Trace:
memfd_fcntl+0x0/0x470
usercopy_abort+0x8a/0x8c
__check_object_size+0x10e/0x138
copy_strings+0x1f4/0x38c
__do_execve_file+0x352/0x848
EV_Trap+0xcc/0xd0
@Palmyr3 care to take a look at this one ?
Adding @abrodkin to mix as well
@EvgeniiDidin could you please elaborate a bit on how important is that one for us? I.e. is it required by some project like OpenWrt etc? That will help us to prioritize it properly.
In OpenWrt CONFIG_HARDENED_USERCOPY=y option was added for all targets in generic Linux configuration files, see: openwrt/openwrt@9b12394
Disabling this option in target/linux/archs38/config-* file we can work-around this issue (specific target config is of higher priority).
Merged upstream for 5.13-rc7 inclusion.
2021-02-26 110febc ARC: fix CONFIG_HARDENED_USERCOPY