lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 7 Jun 2007 11:12:32 +1200
From:	"Ian McDonald" <ian.mcdonald@...di.co.nz>
To:	"Chuck Ebbert" <cebbert@...hat.com>
Cc:	"Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>,
	prasanna@...ibm.com, ananth@...ibm.com,
	anil.s.keshavamurthy@...el.com,
	"David S. Miller" <davem@...emloft.net>,
	"Patrick Andrieux" <patrick.andrieux@...il.com>,
	"DCCP Mailing List" <dccp@...r.kernel.org>, jbeulich@...ell.com
Subject: Re: [BUG] Fwd: segfault : modprobe dccp_probe/tcp_probe

On 6/7/07, Chuck Ebbert <cebbert@...hat.com> wrote:
> On 06/06/2007 04:47 PM, Ian McDonald wrote:
> > Hi there,
> >
> > We've seen a report of a problem with dccp_probe as shown below. The
> > user has also verified that it occurs in tcp_probe as well. This is on
> > Dave Miller's tree but that currently tracks Linus' tree quite
> > closely. I do note that it is around 2.6.22-rc2 timeframe so there is
> > a possibility fixes may have gone in since.
> >
>
> It faulted when it tried to write the breakpoint instruction into the
> running kernel's executable code. Apparently the kernel code is now marked
> read-only?
>
>
Yes it would appear to be the case as user has CONFIG_DEBUG_RODATA
set. Patrick - can you turn this off and retest? It's under Kernel
Hacking, Write protect kernel read only data structures.

The list of commits that I see around this are at:
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git&a=search&h=HEAD&st=commit&s=DEBUG_RODATA

I suspect it's probably one of the latter ones giving the timing.

I guess there are a couple of solutions here - either make kprobes
conflict with CONFIG_DEBUG_RODATA so you can do one or the other, or
look into more detail what access kprobes need.

Ian
-- 
Web: http://wand.net.nz/~iam4/
Blog: http://iansblog.jandi.co.nz
WAND Network Research Group
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ