Add helpers to find the stack canary or a local variable addr and len for the probed function based on ksw_get_config(). For canary search, limits search to a fixed number of steps to avoid scanning the entire stack. Validates that the computed address and length are within the kernel stack.
Signed-off-by: Jinchao Wang <[email protected]> --- mm/kstackwatch/stack.c | 80 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 77 insertions(+), 3 deletions(-) diff --git a/mm/kstackwatch/stack.c b/mm/kstackwatch/stack.c index 96014eb4cb12..60371b292915 100644 --- a/mm/kstackwatch/stack.c +++ b/mm/kstackwatch/stack.c @@ -8,6 +8,7 @@ #include <linux/kstackwatch_types.h> #include <linux/printk.h> +#define MAX_CANARY_SEARCH_STEPS 128 static struct kprobe entry_probe; static struct fprobe exit_probe; @@ -58,13 +59,86 @@ static bool ksw_stack_check_ctx(bool entry) return false; } +static unsigned long ksw_find_stack_canary_addr(struct pt_regs *regs) +{ + unsigned long *stack_ptr, *stack_end, *stack_base; + unsigned long expected_canary; + unsigned int i; + + stack_ptr = (unsigned long *)kernel_stack_pointer(regs); + + stack_base = (unsigned long *)(current->stack); + + // TODO: limit it to the current frame + stack_end = (unsigned long *)((char *)current->stack + THREAD_SIZE); + + expected_canary = current->stack_canary; + + if (stack_ptr < stack_base || stack_ptr >= stack_end) { + pr_err("Stack pointer 0x%lx out of bounds [0x%lx, 0x%lx)\n", + (unsigned long)stack_ptr, (unsigned long)stack_base, + (unsigned long)stack_end); + return 0; + } + + for (i = 0; i < MAX_CANARY_SEARCH_STEPS; i++) { + if (&stack_ptr[i] >= stack_end) + break; + + if (stack_ptr[i] == expected_canary) { + pr_debug("canary found i:%d 0x%lx\n", i, + (unsigned long)&stack_ptr[i]); + return (unsigned long)&stack_ptr[i]; + } + } + + pr_debug("canary not found in first %d steps\n", + MAX_CANARY_SEARCH_STEPS); + return 0; +} + +static int ksw_stack_validate_addr(unsigned long addr, size_t size) +{ + unsigned long stack_start, stack_end; + + if (!addr || !size) + return -EINVAL; + + stack_start = (unsigned long)current->stack; + stack_end = stack_start + THREAD_SIZE; + + if (addr < stack_start || (addr + size) > stack_end) + return -ERANGE; + + return 0; +} + static int ksw_stack_prepare_watch(struct pt_regs *regs, const struct ksw_config *config, ulong *watch_addr, u16 *watch_len) { - /* implement logic will be added in following patches */ - *watch_addr = 0; - *watch_len = 0; + ulong addr; + u16 len; + + if (ksw_get_config()->auto_canary) { + addr = ksw_find_stack_canary_addr(regs); + if (!addr) + return -EINVAL; + len = sizeof(ulong); + } else { + addr = kernel_stack_pointer(regs) + ksw_get_config()->sp_offset; + len = ksw_get_config()->watch_len; + if (!len) + len = sizeof(ulong); + } + + if (ksw_stack_validate_addr(addr, len)) { + pr_err("invalid stack addr:0x%lx len :%u\n", addr, len); + return -EINVAL; + } + + *watch_addr = addr; + *watch_len = len; return 0; } -- 2.43.0
