lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1216325546.5515.63.camel@localhost.localdomain>
Date:	Thu, 17 Jul 2008 15:12:26 -0500
From:	James Bottomley <James.Bottomley@...senPartnership.com>
To:	"Frank Ch. Eigler" <fche@...hat.com>
Cc:	Masami Hiramatsu <mhiramat@...hat.com>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	systemtap@...rceware.org
Subject: Re: [RFC] systemtap: begin the process of using proper kernel APIs
	(part1: use kprobe symbol_name/offset instead of address)

On Thu, 2008-07-17 at 14:30 -0400, Frank Ch. Eigler wrote:
> James Bottomley <James.Bottomley@...senPartnership.com> writes:
> 
> > [...]
> > Just by way of illustration, this is systemtap fixed up according to
> > suggestion number 1.  You can see now using your test case that we get:
> >
> > # probes
> > kernel.function("do_open@...block_dev.c:929") /* pc=<lookup_bdev+0x90> */ /* <- kernel.function("do_open") */
> > kernel.function("do_open@...nfsctl.c:24") /* pc=<sys_nfsservctl+0x6a> */ /* <- kernel.function("do_open") */
> > kernel.function("do_open@.../mqueue.c:642") /* pc=<sys_mq_unlink+0x130> */ /* <- kernel.function("do_open") */
> > [...]
> 
> Can you explain in detail how you believe this is materially
> different from offsetting from _stext?

Basically because _stext is an incredibly dangerous symbol; being linker
generated it doesn't actually get put in the right place if you look:

jejb@...rkweed> nm vmlinux |egrep -w '_stext|_text'
ffffffff80209000 T _stext
ffffffff80200000 A _text

Since we can't do negative offsets, you've lost access to the symbols in
the sections that start before _stext.  Assuming you meant _text (which
is dangerous because it's a define in the kernel linker script and could
change).  Then you can't offset into other sections, like init sections
or modules.

James


James


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ