| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Sep 2006 15:43:48 -0400 From: Karim Yaghmour <karim@...rsys.com> To: Martin Bligh <mbligh@...gle.com> CC: "Frank Ch. Eigler" <fche@...hat.com>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, prasanna@...ibm.com, Andrew Morton <akpm@...l.org>, Ingo Molnar <mingo@...e.hu>, Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>, Paul Mundt <lethal@...ux-sh.org>, linux-kernel <linux-kernel@...r.kernel.org>, Jes Sorensen <jes@....com>, Tom Zanussi <zanussi@...ibm.com>, Richard J Moore <richardj_moore@...ibm.com>, Michel Dagenais <michel.dagenais@...ymtl.ca>, Christoph Hellwig <hch@...radead.org>, Greg Kroah-Hartman <gregkh@...e.de>, Thomas Gleixner <tglx@...utronix.de>, William Cohen <wcohen@...hat.com>, ltt-dev@...fik.org, systemtap@...rces.redhat.com, Alan Cox <alan@...rguk.ukuu.org.uk> Subject: Re: [PATCH] Linux Kernel Markers Martin Bligh wrote: > Do we even need the filler padding? I thought we could insert kprobes > at the beginning of any function without that ... it was only a > requirement for mid-function (sometimes). If we copy the whole function, > we don't even need that any more ... > > if kprobes can do it, I don't see why djprobes can't ... after all, it > just seems to use kprobes to insert a jump, AFAICS. I guess I must not be explaining myself properly. The padding is for one purpose and one purpose only: having a know-to-be-good location at the beginning of the uninstrumented function for later using djprobes on. Once you've got that, then you can indeed copy the entire function and do whatever you want *without* using djprobes or kprobes, but using direct calls. If you don't have the padding, then you might yourself in a case where you're replacing bytes from multiple instructions where something somewhere may have an IP within the replaced range. And to get around that you have to pull a few magic tricks *and* make a few assumptions. But if you replace a 5 bytes instruction (or the equivalent as in Hiramatsu-san's proposla) with another 5 bytes instruction, none of that is needed and djprobes can be used *today* to do that. Using this, you've got an arguably non-existent penalty for the function with the filler and a very fast jump to the instrumented function. The best of both worlds actually. Let me know if I'm still not being clear. Karim - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists