| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Feb 2011 17:54:43 +0100 From: Jiri Olsa <jolsa@...hat.com> To: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> Cc: linux-kernel@...r.kernel.org Subject: Re: [RFC,PATCH] kprobes - optimized kprobes might crash before setting kernel stack On Wed, Feb 16, 2011 at 12:55:53AM +0900, Masami Hiramatsu wrote: > (2011/02/15 21:30), Jiri Olsa wrote: > > On Tue, Feb 15, 2011 at 06:41:58PM +0900, Masami Hiramatsu wrote: > >> (2011/02/15 0:12), Jiri Olsa wrote: > >>> hi, > >>> > >>> you can crash the kernel using kprobe tracer via: > >>> > >>> echo "p system_call_after_swapgs" > ./kprobe_events > >>> echo 1 > ./events/kprobes/enable > >> > >> Ah, thank you very much! > >> > >>> The reason is that at the system_call_after_swapgs label, > >>> the kernel stack is not set up. If optimized kprobes are > >>> enabled, the user space stack is being used in this case > >>> (see optimized kprobe template) and this might result in a crash. > >> > >> Verified here, and also it didn't occur when turning optimization > >> off by sysctl. So this is a bug of kprobe jump optimization, not > >> kprobes itself. > >> > >>> Looks like there are several places like this over the entry_$(BIT) > >>> code. First I thought it'd be ok to localize those places, but > >>> I haven't found any reasonable/maintainable way to disable only those > >>> places. > >> > >> Hmm, agreed. > >> > >>> So I switched off the whole entry code from optimizing, but this > >>> also switch many safe places (attached patch - tested on x86_64). > >> > >> I'm OK for this solution. I think possible another solution is using > >> interrupt stack in optprobe template too. Anyway in short term, this > >> solution will be good. > > > > ok, I'll test on 32 bits and resend to Ingo > > Thanks! > And also, with deeply thinking about this problem, it seems that > your idea could be the best way to fix, because kprobes can not > know where the kernel stack is ready without those text section. > > > >>> Also not sure this crash falls in to the area of that once such > >>> probe is used, user should know consequences.. > >> > >> User can see that those probe is not optimized via sysfs. > > > > I cannot find this, where can I see this info? > > Ah, actually, that is under debugfs, which is usually mounted on > /sys/kernel/debug. You can read "/sys/kernel/debug/kprobes/list" > for getting a list of currently registered probes. I see, thanks jirka > > Thank you, > -- > Masami HIRAMATSU > 2nd Dept. Linux Technology Center > Hitachi, Ltd., Systems Development Laboratory > E-mail: masami.hiramatsu.pt@...achi.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists