CVE-2023-52978 Information

Description

In the Linux kernel the following vulnerability has been resolved:

riscv: kprobe: Fixup kernel panic when probing an illegal position

The kernel would panic when probed for an illegal position. eg:

(CONFIG_RISCV_ISA_C=n)

echo ‘p:hello kernel_clone+0x16 a0=%a0’ » kprobe_events echo 1 > events/kprobes/hello/enable cat trace

Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __do_sys_newfstatat+0xb8/0xb8 CPU: 0 PID: 111 Comm: sh Not tainted 6.2.0-rc1-00027-g2d398fe49a4d 490 Hardware name: riscv-virtioqemu (DT) Call Trace: [] dump_backtrace+0x38/0x48 [] show_stack+0x50/0x68 [] dump_stack_lvl+0x60/0x84 [] dump_stack+0x20/0x30 [] panic+0x160/0x374 [] generic_handle_arch_irq+0x0/0xa8 [] sys_newstat+0x0/0x30 [] sys_clone+0x20/0x30 [] ret_from_syscall+0x0/0x4 —[ end Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __do_sys_newfstatat+0xb8/0xb8 ]—

That is because the kprobe’s ebreak instruction broke the kernel’s original code. The user should guarantee the correction of the probe position but it couldn’t make the kernel panic.

This patch adds arch_check_kprobe in arch_prepare_kprobe to prevent an illegal position (Such as the middle of an instruction).

Reference

https://git.kernel.org/stable/c/04a73558209554da17f46490ec4faaaf1b2bab68 https://git.kernel.org/stable/c/12316538b1d193064109ce1a28fc9bacd43950de https://git.kernel.org/stable/c/87f48c7ccc73afc78630530d9af51f458f58cab8