Add helpers to find the stack canary or a local variable addr and len for the probed function based on ksw_get_config(). For canary search, limits search to a fixed number of steps to avoid scanning the entire stack. Validates that the computed address and length are within the kernel stack.
Signed-off-by: Jinchao Wang <[email protected]> --- mm/kstackwatch/stack.c | 88 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 84 insertions(+), 4 deletions(-) diff --git a/mm/kstackwatch/stack.c b/mm/kstackwatch/stack.c index ac52a9f81486..65a97309e028 100644 --- a/mm/kstackwatch/stack.c +++ b/mm/kstackwatch/stack.c @@ -9,18 +9,98 @@ #include "kstackwatch.h" +#define INVALID_PID -1 +#define MAX_CANARY_SEARCH_STEPS 128 static struct kprobe entry_probe; static struct fprobe exit_probe; -#define INVALID_PID -1 static atomic_t ksw_stack_pid = ATOMIC_INIT(INVALID_PID); +static unsigned long ksw_find_stack_canary_addr(struct pt_regs *regs) +{ + unsigned long *stack_ptr, *stack_end, *stack_base; + unsigned long expected_canary; + unsigned int i; + + stack_ptr = (unsigned long *)kernel_stack_pointer(regs); + + stack_base = (unsigned long *)(current->stack); + + // TODO: limit it to the current frame + stack_end = (unsigned long *)((char *)current->stack + THREAD_SIZE); + + expected_canary = current->stack_canary; + + if (stack_ptr < stack_base || stack_ptr >= stack_end) { + pr_err("Stack pointer 0x%lx out of bounds [0x%lx, 0x%lx)\n", + (unsigned long)stack_ptr, (unsigned long)stack_base, + (unsigned long)stack_end); + return 0; + } + + for (i = 0; i < MAX_CANARY_SEARCH_STEPS; i++) { + if (&stack_ptr[i] >= stack_end) + break; + + if (stack_ptr[i] == expected_canary) { + pr_debug("canary found i:%d 0x%lx\n", i, + (unsigned long)&stack_ptr[i]); + return (unsigned long)&stack_ptr[i]; + } + } + + pr_debug("canary not found in first %d steps\n", + MAX_CANARY_SEARCH_STEPS); + return 0; +} + +static int ksw_stack_validate_addr(unsigned long addr, size_t size) +{ + unsigned long stack_start, stack_end; + + if (!addr || !size) + return -EINVAL; + + stack_start = (unsigned long)current->stack; + stack_end = stack_start + THREAD_SIZE; + + if (addr < stack_start || (addr + size) > stack_end) + return -ERANGE; + + return 0; +} + static int ksw_stack_prepare_watch(struct pt_regs *regs, const struct ksw_config *config, ulong *watch_addr, u16 *watch_len) { - /* implement logic will be added in following patches */ - *watch_addr = 0; - *watch_len = 0; + ulong addr; + u16 len; + + /* Resolve addresses for all active watches */ + switch (ksw_get_config()->type) { + case WATCH_CANARY: + addr = ksw_find_stack_canary_addr(regs); + len = sizeof(unsigned long); + break; + + case WATCH_LOCAL_VAR: + addr = kernel_stack_pointer(regs) + + ksw_get_config()->local_var_offset; + len = ksw_get_config()->local_var_len; + break; + + default: + pr_err("Unknown watch type %d\n", ksw_get_config()->type); + return -EINVAL; + } + + if (ksw_stack_validate_addr(addr, len)) { + pr_err("invalid stack addr:0x%lx len :%u\n", addr, len); + return -EINVAL; + } + + *watch_addr = addr; + *watch_len = len; return 0; } -- 2.43.0
