lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1287719918.16971.615.camel@gandalf.stny.rr.com>
Date:	Thu, 21 Oct 2010 23:58:38 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	LKML <linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...e.hu>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH v2][GIT PULL] tracing: Prevent unloadable modules from
 using trace_bprintk()

On Fri, 2010-10-22 at 14:13 +1030, Rusty Russell wrote:

> > > 
> > > I think disabling use in modules is lazy,
> > 
> > and safer.
> 
> Well then just delete trace_bprintk altogether.  Even safer!

Reminds me of the argument against lowering the speed limit to 55. "it's
safer"... "Then lower it to zero, even safer!"


> 
> > > Can't you detect this on module unload and fix it up?  Or delay freeing the
> > > module until the trace ring is emptied?
> > 
> > One possibility is to magically make all string formats used in
> > trace_printk into its own section, and keep it allocated until the ring
> > buffer is empty. Or, we can just do that with the module's entire string
> > section, since we know whether or not that module has a trace_printk in
> > it or not.
> 
> Exactly.  Set a flag in the module if it resolves trace_printk, and defer freeing
> the module in that case.  This shouldn't be that hard...

Here's my worry.

1) Some module with tracepoints is loaded at boot up.
2) The user does tracing and forgets about it (ring buffer filled)
3) Unloads module (don't free)
4) loads module with trace points
5) unloads module (don't free)
etc, etc

memory leak.

Thus this is not that trivial. We probably need to have a way to lock a
module when its tracepoint is activated, and only unlock it when the
ring buffer is emptied.

Do we want to prevent the module from being unloaded while the ring
buffer is full (after that module has been traced?), or do we let the
module be unloaded, but just prevent this one section from being freed?

-- Steve


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ