| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 06 Dec 2013 15:23:05 +0900 From: Masami Hiramatsu <masami.hiramatsu.pt@...achi.com> To: Sandeepa Prabhu <sandeepa.prabhu@...aro.org> Cc: Ingo Molnar <mingo@...nel.org>, Ananth N Mavinakayanahalli <ananth@...ibm.com>, x86@...nel.org, lkml <linux-kernel@...r.kernel.org>, "Steven Rostedt (Red Hat)" <rostedt@...dmis.org>, systemtap@...rceware.org, "David S. Miller" <davem@...emloft.net> Subject: Re: [PATCH -tip v4 0/6] kprobes: introduce NOKPROBE_SYMBOL() and fixes crash bugs (2013/12/05 22:08), Sandeepa Prabhu wrote: >> OK, I think the kprobe is like a strong medicine, not a toy, >> since it can intercept most of the kernel functions which >> may process a sensitive user private data. Thus even if we >> fix all bugs and make it safe, I don't think we can open >> it for all users (of course, there should be a knob to open >> for any or restricted users.) >> >>> So we need both a maintainable and a sane/safe solution, and I'd like >>> to apply the whole thing at once and be at ease that the solution is >>> round. We should have done this years ago. >> >> For the safeness of kprobes, I have an idea; introduce a whitelist >> for dynamic events. AFAICS, the biggest unstable issue of kprobes >> comes from putting *many* probes on the functions called from tracers. >> >> It doesn't crash the kernel but slows down so much, because every >> probes hit many other nested miss-hit probes. This gives us a big >> performance impact. However, on the other side, this kind of feature >> can be used *for debugging* static trace events by dynamic one if we >> carefully use a small number of probes on such functions. :) >> >> Thus, I think we can restrict users from probing such functions by >> using a whitelist which ftrace does already have; >> available_filter_functions :) > I am not sure if this question is related, uprobes or ftrace code does > not define __kprobes, so is it safe to place kprobe on uprobes or > ftrace code? Yes, it is "safe" in qualitative meaning. But for ftrace code, it could give a performance impact by miss-hitting. Since uprobe is independent from kprobe, it should work. > Is it expected from arch code to support such cases? Yes, the arch dependent implementation is the key. If it shares some code which can be called from miss-hit path, it should be blacklisted. Thank you, -- Masami HIRAMATSU IT Management Research Dept. Linux Technology Center Hitachi, Ltd., Yokohama Research Laboratory E-mail: masami.hiramatsu.pt@...achi.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists