| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Aug 2009 16:27:34 +0200 From: Frederic Weisbecker <fweisbec@...il.com> To: Heiko Carstens <heiko.carstens@...ibm.com> Cc: Hendrik Brueckner <brueckner@...ux.vnet.ibm.com>, Jason Baron <jbaron@...hat.com>, linux-kernel@...r.kernel.org, mingo@...e.hu, laijs@...fujitsu.com, rostedt@...dmis.org, peterz@...radead.org, mathieu.desnoyers@...ymtl.ca, jiayingz@...gle.com, mbligh@...gle.com, lizf@...fujitsu.com, Martin Schwidefsky <schwidefsky@...ibm.com> Subject: Re: [PATCH 08/12] add trace events for each syscall entry/exit On Wed, Aug 26, 2009 at 04:10:52PM +0200, Heiko Carstens wrote: > On Wed, Aug 26, 2009 at 03:30:22PM +0200, Frederic Weisbecker wrote: > > On Wed, Aug 26, 2009 at 02:59:43PM +0200, Heiko Carstens wrote: > > > > Yeah, and as told before, syscalls tracing from kernel thread is > > > > an interesting point but we can't do it that way. > > > > > > > > I'm queuing this patch for .32, but I need you Signed-off-by to apply it :) > > > > > > That won't always work as pointed out in the other example: > > > - Process doing sys_init_module then scheduled away > > > - User enables syscall tracing -> TIF_SYSCALL_FTRACE gets set > > > - init function of the module gets called and is doing kernel_thread() > > > (old API) -> kernel thread inherits TIF_SYSCALL_FTRACE. > > > > > > I don't think that's what you want. You might want to clear the flag for > > > new processes during fork (only for kernel threads I would guess). > > > > > > At least the current patch leaves a hole. > > > > Ah, there are callsites that use kernel_thread() directly? > > Does it means that t->mm could be non NULL for such resulting > > kernel threads, in that case it would be hard to hook on > > do_fork() to check that. > > Oh yes, you are right. kernel threads created with kernel_thread() > have t->mm != NULL if the forking process has an mm too. > > There are very few callsites left which still use kernel_thread(). > (the last one in s390 driver code will be gone after the next > merge window). > > As far as I can there are only four callsites left > (excluding staging): jffs2 and three in net/bluetooth/* In that case, I'd suggest to pick the patch that checks for kernel threads while setting the TIF_FLAGS. The check for invalid syscall numbers in another patch should be sufficient to not crash. We might have rare inaccurate result because of the remaining buggy callsites but instead of working around on it, these should be fixed. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists